PHP Malware Analysis
cih.gif
md5: db9faedaf0c6e81330e84efa33b7136d
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
Files
- move_uploaded_file (Deobfuscated, Original)
Input
- _FILES (Deobfuscated, Original)
URLs
- http://coursesweb.net/php-mysql/ (Deobfuscated, Original)
- http://localhost/cih.gif (HTML)
Deobfuscated PHP code
<?php
// Simple PHP Upload Script: http://coursesweb.net/php-mysql/
$uploadpath = 'upload/';
// directory to store the uploaded files
$max_size = 2000;
// maximum file size, in KiloBytes
$alwidth = 900;
// maximum allowed width, in pixels
$alheight = 800;
// maximum allowed height, in pixels
$allowtype = array('bmp', 'gif', 'jpg', 'jpe', 'png');
// allowed extensions
if (isset($_FILES['fileup']) && strlen($_FILES['fileup']['name']) > 1) {
$uploadpath .= basename($_FILES['fileup']['name']);
// gets the file name
$sepext = explode('.', strtolower($_FILES['fileup']['name']));
$type = end($sepext);
// gets extension
list($width, $height) = getimagesize($_FILES['fileup']['tmp_name']);
// gets image width and height
$err = '';
// to store the errors
// Checks if the file has allowed type, size, width and height (for images)
if (!in_array($type, $allowtype)) {
$err .= 'The file: <b>' . $_FILES['fileup']['name'] . '</b> not has the allowed extension type.';
}
if ($_FILES['fileup']['size'] > $max_size * 1000) {
$err .= '<br/>Maximum file size must be: ' . $max_size . ' KB.';
}
if (isset($width) && isset($height) && ($width >= $alwidth || $height >= $alheight)) {
$err .= '<br/>The maximum Width x Height must be: ' . $alwidth . ' x ' . $alheight;
}
// If no errors, upload the image, else, output the errors
if ($err == '') {
if (move_uploaded_file($_FILES['fileup']['tmp_name'], $uploadpath)) {
echo 'File: <b>' . basename($_FILES['fileup']['name']) . '</b> successfully uploaded:';
echo '<br/>File type: <b>' . $_FILES['fileup']['type'] . '</b>';
echo '<br />Size: <b>' . number_format($_FILES['fileup']['size'] / 1024, 3, '.', '') . '</b> KB';
if (isset($width) && isset($height)) {
echo '<br/>Image Width x Height: ' . $width . ' x ' . $height;
}
echo '<br/><br/>Image address: <b>http://' . $_SERVER['HTTP_HOST'] . rtrim(dirname($_SERVER['REQUEST_URI']), '\\/') . '/' . $uploadpath . '</b>';
} else {
echo "<b>Unable to upload the file.</b>";
}
} else {
echo $err;
}
}
?>
<div style="margin:1em auto; width:333px; text-align:center;">
<form action="<?php
echo $_SERVER['PHP_SELF'];
?>" method="POST" enctype="multipart/form-data">
Upload File: <input type="file" name="fileup" /><br/>
<input type="submit" name='submit' value="Upload" />
</form>
</div>
Execution traces
Generated HTML code
<html style="height: 100%;"><head><meta name="viewport" content="width=device-width, minimum-scale=0.1"></head><body style="margin: 0px; background: #0e0e0e; height: 100%"><img style="display: block;-webkit-user-select: none;margin: auto;background-color: hsl(0, 0%, 90%);transition: background-color 300ms;" src="http://localhost/cih.gif"></body></html>Original PHP code
<?php
// Simple PHP Upload Script: http://coursesweb.net/php-mysql/
$uploadpath = 'upload/'; // directory to store the uploaded files
$max_size = 2000; // maximum file size, in KiloBytes
$alwidth = 900; // maximum allowed width, in pixels
$alheight = 800; // maximum allowed height, in pixels
$allowtype = array('bmp', 'gif', 'jpg', 'jpe', 'png'); // allowed extensions
if(isset($_FILES['fileup']) && strlen($_FILES['fileup']['name']) > 1) {
$uploadpath = $uploadpath . basename( $_FILES['fileup']['name']); // gets the file name
$sepext = explode('.', strtolower($_FILES['fileup']['name']));
$type = end($sepext); // gets extension
list($width, $height) = getimagesize($_FILES['fileup']['tmp_name']); // gets image width and height
$err = ''; // to store the errors
// Checks if the file has allowed type, size, width and height (for images)
if(!in_array($type, $allowtype)) $err .= 'The file: <b>'. $_FILES['fileup']['name']. '</b> not has the allowed extension type.';
if($_FILES['fileup']['size'] > $max_size*1000) $err .= '<br/>Maximum file size must be: '. $max_size. ' KB.';
if(isset($width) && isset($height) && ($width >= $alwidth || $height >= $alheight)) $err .= '<br/>The maximum Width x Height must be: '. $alwidth. ' x '. $alheight;
// If no errors, upload the image, else, output the errors
if($err == '') {
if(move_uploaded_file($_FILES['fileup']['tmp_name'], $uploadpath)) {
echo 'File: <b>'. basename( $_FILES['fileup']['name']). '</b> successfully uploaded:';
echo '<br/>File type: <b>'. $_FILES['fileup']['type'] .'</b>';
echo '<br />Size: <b>'. number_format($_FILES['fileup']['size']/1024, 3, '.', '') .'</b> KB';
if(isset($width) && isset($height)) echo '<br/>Image Width x Height: '. $width. ' x '. $height;
echo '<br/><br/>Image address: <b>http://'.$_SERVER['HTTP_HOST'].rtrim(dirname($_SERVER['REQUEST_URI']), '\\/').'/'.$uploadpath.'</b>';
}
else echo '<b>Unable to upload the file.</b>';
}
else echo $err;
}
?>
<div style="margin:1em auto; width:333px; text-align:center;">
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST" enctype="multipart/form-data">
Upload File: <input type="file" name="fileup" /><br/>
<input type="submit" name='submit' value="Upload" />
</form>
</div>