PHP Malware Analysis
ups.php
md5: b9381d57e4c1ba4972910a7c251af390
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
Files
- move_uploaded_file (Deobfuscated, Original)
Input
- _FILES (Deobfuscated, Original)
Title
- Upload your files (Deobfuscated, HTML, Original)
Deobfuscated PHP code
<!DOCTYPE html>
<html>
<head>
<title>Upload your files</title>
</head>
<body>
<form enctype="multipart/form-data" action="upload.php" method="POST">
<p>Upload your file</p>
<input type="file" name="uploaded_file"></input><br />
<input type="submit" value="Upload"></input>
</form>
</body>
</html>
<?php
if (!empty($_FILES['uploaded_file'])) {
$path = "uploads/";
$path .= basename($_FILES['uploaded_file']['name']);
if (move_uploaded_file($_FILES['uploaded_file']['tmp_name'], $path)) {
echo "The file " . basename($_FILES['uploaded_file']['name']) . " has been uploaded";
} else {
echo "There was an error uploading the file, please try again!";
}
}Execution traces
data/traces/b9381d57e4c1ba4972910a7c251af390_trace-1676262192.0669.xtVersion: 3.1.0beta2
File format: 4
TRACE START [2023-02-13 02:23:37.964779]
1 0 1 0.000193 393512
1 3 0 0.000260 396456 {main} 1 /var/www/html/uploads/ups.php 0 0
1 3 1 0.000278 396456
0.000306 314224
TRACE END [2023-02-13 02:23:37.964931]
Generated HTML code
<html><head>
<title>Upload your files</title>
</head>
<body>
<form enctype="multipart/form-data" action="upload.php" method="POST">
<p>Upload your file</p>
<input type="file" name="uploaded_file"><br>
<input type="submit" value="Upload">
</form>
</body></html>Original PHP code
<!DOCTYPE html>
<html>
<head>
<title>Upload your files</title>
</head>
<body>
<form enctype="multipart/form-data" action="upload.php" method="POST">
<p>Upload your file</p>
<input type="file" name="uploaded_file"></input><br />
<input type="submit" value="Upload"></input>
</form>
</body>
</html>
<?PHP
if(!empty($_FILES['uploaded_file']))
{
$path = "uploads/";
$path = $path . basename( $_FILES['uploaded_file']['name']);
if(move_uploaded_file($_FILES['uploaded_file']['tmp_name'], $path)) {
echo "The file ". basename( $_FILES['uploaded_file']['name']).
" has been uploaded";
} else{
echo "There was an error uploading the file, please try again!";
}
}
?>