PHP Malware Analysis
config-sample.php
md5: 9403aec507565d042c479d1842a8dce2
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
URLs
- http://example.com/favicon.png (Deobfuscated, Original)
- http://php.net/manual/en/timezones.php (Deobfuscated, Original)
- https://ace.c9.io/ (Deobfuscated, Original)
- https://highlightjs.org/ (Deobfuscated, Original)
- https://tinyfilemanager.github.io/docs/pwd.html (Deobfuscated, Original)
- https://www.php.net/manual/en/datetime.format.php (Deobfuscated, Original)
Deobfuscated PHP code
<?php
/*
#################################################################################################################
This is an OPTIONAL configuration file. rename this file into config.php to use this configuration
The role of this file is to make updating of "tinyfilemanager.php" easier.
So you can:
-Feel free to remove completely this file and configure "tinyfilemanager.php" as a single file application.
or
-Put inside this file all the static configuration you want and forgot to configure "tinyfilemanager.php".
#################################################################################################################
*/
// Auth with login/password
// set true/false to enable/disable it
// Is independent from IP white- and blacklisting
$use_auth = true;
// Login user name and password
// Users: array('Username' => 'Password', 'Username2' => 'Password2', ...)
// Generate secure password hash - https://tinyfilemanager.github.io/docs/pwd.html
$auth_users = array(
'admin' => '$2y$10$/K.hjNr84lLNDt8fTXjoI.DBp6PpeyoJ.mGwrrLuCZfAwfSAGqhOW',
//admin@123
'user' => '$2y$10$Fg6Dz8oH9fPoZ2jJan5tZuv6Z4Kp7avtQ9bDfrdRntXtPeiMAZyGO',
);
// Readonly users
// e.g. array('users', 'guest', ...)
$readonly_users = array('user');
// Enable highlight.js (https://highlightjs.org/) on view's page
$use_highlightjs = true;
// highlight.js style
// for dark theme use 'ir-black'
$highlightjs_style = 'vs';
// Enable ace.js (https://ace.c9.io/) on view's page
$edit_files = true;
// Default timezone for date() and time()
// Doc - http://php.net/manual/en/timezones.php
$default_timezone = 'Etc/UTC';
// UTC
// Root path for file manager
// use absolute path of directory i.e: '/var/www/folder' or $_SERVER['DOCUMENT_ROOT'].'/folder'
$root_path = $_SERVER['DOCUMENT_ROOT'];
// Root url for links in file manager.Relative to $http_host. Variants: '', 'path/to/subfolder'
// Will not working if $root_path will be outside of server document root
$root_url = '';
// Server hostname. Can set manually if wrong
$http_host = $_SERVER['HTTP_HOST'];
// user specific directories
// array('Username' => 'Directory path', 'Username2' => 'Directory path', ...)
$directories_users = array();
// input encoding for iconv
$iconv_input_encoding = 'UTF-8';
// date() format for file modification date
// Doc - https://www.php.net/manual/en/datetime.format.php
$datetime_format = 'd.m.y H:i:s';
// Allowed file extensions for create and rename files
// e.g. 'txt,html,css,js'
$allowed_file_extensions = '';
// Allowed file extensions for upload files
// e.g. 'gif,png,jpg,html,txt'
$allowed_upload_extensions = '';
// Favicon path. This can be either a full url to an .PNG image, or a path based on the document root.
// full path, e.g http://example.com/favicon.png
// local path, e.g images/icons/favicon.png
$favicon_path = '';
// Files and folders to excluded from listing
// e.g. array('myfile.html', 'personal-folder', '*.php', ...)
$exclude_items = array('');
// Online office Docs Viewer
// Availabe rules are 'google', 'microsoft' or false
// google => View documents using Google Docs Viewer
// microsoft => View documents using Microsoft Web Apps Viewer
// false => disable online doc viewer
$online_viewer = 'google';
// Sticky Nav bar
// true => enable sticky header
// false => disable sticky header
$sticky_navbar = true;
// max upload file size
$max_upload_size_bytes = 5000;
// Possible rules are 'OFF', 'AND' or 'OR'
// OFF => Don't check connection IP, defaults to OFF
// AND => Connection must be on the whitelist, and not on the blacklist
// OR => Connection must be on the whitelist, or not on the blacklist
$ip_ruleset = 'OFF';
// Should users be notified of their block?
$ip_silent = true;
// IP-addresses, both ipv4 and ipv6
$ip_whitelist = array(
'127.0.0.1',
// local ipv4
'::1',
);
// IP-addresses, both ipv4 and ipv6
$ip_blacklist = array(
'0.0.0.0',
// non-routable meta ipv4
'::',
);Execution traces
data/traces/9403aec507565d042c479d1842a8dce2_trace-1676259796.7717.xtVersion: 3.1.0beta2
File format: 4
TRACE START [2023-02-13 01:43:42.669573]
1 0 1 0.000137 393576
1 3 0 0.000214 399808 {main} 1 /var/www/html/uploads/config-sample.php 0 0
1 A /var/www/html/uploads/config-sample.php 17 $use_auth = TRUE
1 A /var/www/html/uploads/config-sample.php 23 $auth_users = ['admin' => '$2y$10$/K.hjNr84lLNDt8fTXjoI.DBp6PpeyoJ.mGwrrLuCZfAwfSAGqhOW', 'user' => '$2y$10$Fg6Dz8oH9fPoZ2jJan5tZuv6Z4Kp7avtQ9bDfrdRntXtPeiMAZyGO']
1 A /var/www/html/uploads/config-sample.php 30 $readonly_users = [0 => 'user']
1 A /var/www/html/uploads/config-sample.php 34 $use_highlightjs = TRUE
1 A /var/www/html/uploads/config-sample.php 38 $highlightjs_style = 'vs'
1 A /var/www/html/uploads/config-sample.php 41 $edit_files = TRUE
1 A /var/www/html/uploads/config-sample.php 45 $default_timezone = 'Etc/UTC'
1 A /var/www/html/uploads/config-sample.php 49 $root_path = '/var/www/html'
1 A /var/www/html/uploads/config-sample.php 53 $root_url = ''
1 A /var/www/html/uploads/config-sample.php 56 $http_host = 'localhost'
1 A /var/www/html/uploads/config-sample.php 60 $directories_users = []
1 A /var/www/html/uploads/config-sample.php 63 $iconv_input_encoding = 'UTF-8'
1 A /var/www/html/uploads/config-sample.php 67 $datetime_format = 'd.m.y H:i:s'
1 A /var/www/html/uploads/config-sample.php 71 $allowed_file_extensions = ''
1 A /var/www/html/uploads/config-sample.php 75 $allowed_upload_extensions = ''
1 A /var/www/html/uploads/config-sample.php 80 $favicon_path = ''
1 A /var/www/html/uploads/config-sample.php 84 $exclude_items = [0 => '']
1 A /var/www/html/uploads/config-sample.php 91 $online_viewer = 'google'
1 A /var/www/html/uploads/config-sample.php 96 $sticky_navbar = TRUE
1 A /var/www/html/uploads/config-sample.php 100 $max_upload_size_bytes = 5000
1 A /var/www/html/uploads/config-sample.php 106 $ip_ruleset = 'OFF'
1 A /var/www/html/uploads/config-sample.php 109 $ip_silent = TRUE
1 A /var/www/html/uploads/config-sample.php 113 $ip_whitelist = [0 => '127.0.0.1', 1 => '::1']
1 A /var/www/html/uploads/config-sample.php 119 $ip_blacklist = [0 => '0.0.0.0', 1 => '::']
1 3 1 0.000519 399808
0.000545 318008
TRACE END [2023-02-13 01:43:42.670009]
Generated HTML code
<html><head></head><body></body></html>Original PHP code
<?php
/*
#################################################################################################################
This is an OPTIONAL configuration file. rename this file into config.php to use this configuration
The role of this file is to make updating of "tinyfilemanager.php" easier.
So you can:
-Feel free to remove completely this file and configure "tinyfilemanager.php" as a single file application.
or
-Put inside this file all the static configuration you want and forgot to configure "tinyfilemanager.php".
#################################################################################################################
*/
// Auth with login/password
// set true/false to enable/disable it
// Is independent from IP white- and blacklisting
$use_auth = true;
// Login user name and password
// Users: array('Username' => 'Password', 'Username2' => 'Password2', ...)
// Generate secure password hash - https://tinyfilemanager.github.io/docs/pwd.html
$auth_users = array(
'admin' => '$2y$10$/K.hjNr84lLNDt8fTXjoI.DBp6PpeyoJ.mGwrrLuCZfAwfSAGqhOW', //admin@123
'user' => '$2y$10$Fg6Dz8oH9fPoZ2jJan5tZuv6Z4Kp7avtQ9bDfrdRntXtPeiMAZyGO' //12345
);
// Readonly users
// e.g. array('users', 'guest', ...)
$readonly_users = array(
'user'
);
// Enable highlight.js (https://highlightjs.org/) on view's page
$use_highlightjs = true;
// highlight.js style
// for dark theme use 'ir-black'
$highlightjs_style = 'vs';
// Enable ace.js (https://ace.c9.io/) on view's page
$edit_files = true;
// Default timezone for date() and time()
// Doc - http://php.net/manual/en/timezones.php
$default_timezone = 'Etc/UTC'; // UTC
// Root path for file manager
// use absolute path of directory i.e: '/var/www/folder' or $_SERVER['DOCUMENT_ROOT'].'/folder'
$root_path = $_SERVER['DOCUMENT_ROOT'];
// Root url for links in file manager.Relative to $http_host. Variants: '', 'path/to/subfolder'
// Will not working if $root_path will be outside of server document root
$root_url = '';
// Server hostname. Can set manually if wrong
$http_host = $_SERVER['HTTP_HOST'];
// user specific directories
// array('Username' => 'Directory path', 'Username2' => 'Directory path', ...)
$directories_users = array();
// input encoding for iconv
$iconv_input_encoding = 'UTF-8';
// date() format for file modification date
// Doc - https://www.php.net/manual/en/datetime.format.php
$datetime_format = 'd.m.y H:i:s';
// Allowed file extensions for create and rename files
// e.g. 'txt,html,css,js'
$allowed_file_extensions = '';
// Allowed file extensions for upload files
// e.g. 'gif,png,jpg,html,txt'
$allowed_upload_extensions = '';
// Favicon path. This can be either a full url to an .PNG image, or a path based on the document root.
// full path, e.g http://example.com/favicon.png
// local path, e.g images/icons/favicon.png
$favicon_path = '';
// Files and folders to excluded from listing
// e.g. array('myfile.html', 'personal-folder', '*.php', ...)
$exclude_items = array('');
// Online office Docs Viewer
// Availabe rules are 'google', 'microsoft' or false
// google => View documents using Google Docs Viewer
// microsoft => View documents using Microsoft Web Apps Viewer
// false => disable online doc viewer
$online_viewer = 'google';
// Sticky Nav bar
// true => enable sticky header
// false => disable sticky header
$sticky_navbar = true;
// max upload file size
$max_upload_size_bytes = 5000;
// Possible rules are 'OFF', 'AND' or 'OR'
// OFF => Don't check connection IP, defaults to OFF
// AND => Connection must be on the whitelist, and not on the blacklist
// OR => Connection must be on the whitelist, or not on the blacklist
$ip_ruleset = 'OFF';
// Should users be notified of their block?
$ip_silent = true;
// IP-addresses, both ipv4 and ipv6
$ip_whitelist = array(
'127.0.0.1', // local ipv4
'::1' // local ipv6
);
// IP-addresses, both ipv4 and ipv6
$ip_blacklist = array(
'0.0.0.0', // non-routable meta ipv4
'::' // non-routable meta ipv6
);
?>