PHP Malware Analysis
unzipper.php
md5: e7cbcb79a25ff0bf97e37b9a151e2260
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
Input
- _GET (Deobfuscated, Original)
Title
- PHP unzipper (Deobfuscated, HTML, Original)
URLs
- http://yoursiteurl/folderName (Deobfuscated, HTML, Original)
Deobfuscated PHP code
<?php
$message = "";
if (isset($_GET['unzip'])) {
$zip = new ZipArchive();
$file_to_unzip = $_GET['file_to_unzip'];
$destination_directory = $_GET['destination_directory'];
if ($zip->open($file_to_unzip) === TRUE) {
$zip->extractTo($destination_directory);
$zip->close();
$message = "<div id=\"success\">Extraction successful</div>";
} else {
$message = "<div id=\"failure\">Extraction failed</div>";
}
}
?>
<!Doctype html>
<html>
<head>
<title>PHP unzipper</title>
<style>
#success {
border:1px solide green;
color:green;
}
#failure {
color: red;
}
#form {
min-height: 100px;
width: 300px;
margin:40px auto;
border: 1px solid grey;
padding: 15px;
}
form {
width: 100%;
margin:20px 0;
}
input {
width: 100%;
margin-bottom:30px;
}
label {
}
</style>
</head>
<body>
<div id="form">
<?php
echo $message;
?>
<form method="get">
<label for="filetounzip">File to unzip:
<input type="text" name="file_to_unzip" id="filetounzip" placeholder="fileName.zip" value="<?php
echo $file_to_unzip;
?>">
<label for="destinationdirectory">Destination directory:
<input type="text" name="destination_directory" id="destinationdirectory" placeholder="http://yoursiteurl/folderName" value="<?php
echo $destination_directory;
?>">
<input type="submit" name="unzip" value="Unzip Now">
</form>
</div>
</body>
</html>Execution traces
data/traces/e7cbcb79a25ff0bf97e37b9a151e2260_trace-1676258587.2342.xtVersion: 3.1.0beta2
File format: 4
TRACE START [2023-02-13 01:23:33.132000]
1 0 1 0.000292 393528
1 3 0 0.000375 397824 {main} 1 /var/www/html/uploads/unzipper.php 0 0
1 A /var/www/html/uploads/unzipper.php 2 $message = ''
1 3 1 0.000434 397824
0.000465 314304
TRACE END [2023-02-13 01:23:33.132211]
Generated HTML code
<html><head>
<title>PHP unzipper</title>
<style>
#success {
border:1px solide green;
color:green;
}
#failure {
color: red;
}
#form {
min-height: 100px;
width: 300px;
margin:40px auto;
border: 1px solid grey;
padding: 15px;
}
form {
width: 100%;
margin:20px 0;
}
input {
width: 100%;
margin-bottom:30px;
}
label {
}
</style>
</head>
<body>
<div id="form">
<form method="get">
<label for="filetounzip">File to unzip:
<input type="text" name="file_to_unzip" id="filetounzip" placeholder="fileName.zip" value="">
<label for="destinationdirectory">Destination directory:
<input type="text" name="destination_directory" id="destinationdirectory" placeholder="http://yoursiteurl/folderName" value="">
<input type="submit" name="unzip" value="Unzip Now">
</label></label></form></div>
</body></html>Original PHP code
<?php
$message = "";
if(isset($_GET['unzip'])) {
$zip = new ZipArchive;
$file_to_unzip = $_GET['file_to_unzip'];
$destination_directory = $_GET['destination_directory'];
if ($zip->open($file_to_unzip) === TRUE) {
$zip->extractTo($destination_directory);
$zip->close();
$message = "<div id=\"success\">Extraction successful</div>";
} else {
$message = "<div id=\"failure\">Extraction failed</div>";
}
}
?>
<!Doctype html>
<html>
<head>
<title>PHP unzipper</title>
<style>
#success {
border:1px solide green;
color:green;
}
#failure {
color: red;
}
#form {
min-height: 100px;
width: 300px;
margin:40px auto;
border: 1px solid grey;
padding: 15px;
}
form {
width: 100%;
margin:20px 0;
}
input {
width: 100%;
margin-bottom:30px;
}
label {
}
</style>
</head>
<body>
<div id="form">
<?php echo $message; ?>
<form method="get">
<label for="filetounzip">File to unzip:
<input type="text" name="file_to_unzip" id="filetounzip" placeholder="fileName.zip" value="<?php echo $file_to_unzip; ?>">
<label for="destinationdirectory">Destination directory:
<input type="text" name="destination_directory" id="destinationdirectory" placeholder="http://yoursiteurl/folderName" value="<?php echo $destination_directory; ?>">
<input type="submit" name="unzip" value="Unzip Now">
</form>
</div>
</body>
</html>