PHP Malware Analysis
Yo_Benji!
md5: 2df868c1b4685fb072d6f4f288cb192a
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
Deobfuscated PHP code
Do my shell next. It's not actually <i>my</i> shell, but I slightly modified it. It's just the qsd-php-backdoor.php from kali, but with some comments and newlines deleted to give it a different hash. And a $_REQUEST check was added to the top as the laziest form of kind of authentication possible. Cool site by the way. I like your /upload/ script. It seems to allow duplicate file names though. This is definitely the most fun thing I've encountered today. I'm probably going to upload some more stuff to see how you're script behaves. In the off chance I find anything, I'll let you know. [thumbs_up_emoji]Execution traces
Generated HTML code
<html><head><meta name="color-scheme" content="light dark"></head><body><pre style="word-wrap: break-word; white-space: pre-wrap;">Do my shell next. It's not actually <i>my</i> shell, but I slightly modified it. It's just the qsd-php-backdoor.php from kali, but with some comments and newlines deleted to give it a different hash. And a $_REQUEST check was added to the top as the laziest form of kind of authentication possible. Cool site by the way. I like your /upload/ script. It seems to allow duplicate file names though. This is definitely the most fun thing I've encountered today. I'm probably going to upload some more stuff to see how you're script behaves. In the off chance I find anything, I'll let you know. [thumbs_up_emoji] </pre></body></html>Original PHP code
Do my shell next. It's not actually <i>my</i> shell, but I slightly modified it. It's just the qsd-php-backdoor.php from kali, but with some comments and newlines deleted to give it a different hash. And a $_REQUEST check was added to the top as the laziest form of kind of authentication possible. Cool site by the way. I like your /upload/ script. It seems to allow duplicate file names though. This is definitely the most fun thing I've encountered today. I'm probably going to upload some more stuff to see how you're script behaves. In the off chance I find anything, I'll let you know. [thumbs_up_emoji]
