unzip.php

md5: ff35ca352f93d3e0cac5be9dbd2047ff

Jump to:
Deobfuscated code (Read more)
Execution traces (Read more)
Generated HTML (Read more)
Original Code (Read more)
Screenshot
Attributes
Deobfuscated PHP code
<?php

$archive_path = 'auto.zip';
$extract_path = './';
// ������������� zip �����, ��� ���� ���� ��������� ��������� ����������� ������ (�����) � ���� ������������ ����������.
// ����� ����� ���� � ����� �� ��������� ���� ����� ��, ��� � ������ unzip.php
// ����� �� ���� � ����� ��������� ������ ���� ����������� ��� �����, � ������� ��������� ��� unzip.php
if (!file_exists($archive_path)) {
    echo "file not found auto.zip";
    exit;
}
$zip = new ZipArchive();
$zip->open($archive_path);
echo "extracting " . $zip->numFiles . " files...\n";
$zip->extractTo($extract_path);
$dirs = array();
echo "\nFiles:\n";
for ($i = 0; $i < $zip->numFiles; $i++) {
    $stat = $zip->statIndex($i);
    echo $stat['name'] . "\n";
    touch($extract_path . $stat['name'], filemtime($archive_path));
    if (!array_search(dirname($stat['name']), $dirs)) {
        array_push($dirs, dirname($stat['name']));
    }
}
$zip->close();
echo "\nFolders:\n";
touch("/var/www/html", filemtime($archive_path));
foreach ($dirs as $key => $value) {
    if ($value != ".") {
        echo $value . "\n";
        touch($extract_path . $value, filemtime($archive_path));
    }
}
echo "Ok!";
Execution traces
data/traces/ff35ca352f93d3e0cac5be9dbd2047ff_trace-1676262794.772.xt
Version: 3.1.0beta2
File format: 4
TRACE START [2023-02-13 02:33:40.669834]
1	0	1	0.000168	393512
1	3	0	0.000272	404536	{main}	1		/var/www/html/uploads/unzip.php	0	0
1		A						/var/www/html/uploads/unzip.php	2	$archive_path = 'auto.zip'
1		A						/var/www/html/uploads/unzip.php	3	$extract_path = './'
2	4	0	0.000316	404536	file_exists	0		/var/www/html/uploads/unzip.php	10	1	'auto.zip'
2	4	1	0.000339	404576
2	4	R			FALSE
			0.000380	325392
TRACE END   [2023-02-13 02:33:40.670084]

Generated HTML code
<html><head></head><body>file not found auto.zip</body></html>
Original PHP code
<?php
$archive_path = 'auto.zip';
$extract_path = './';

// ������������� zip �����, ��� ���� ���� ��������� ��������� ����������� ������ (�����) � ���� ������������ ����������.
// ����� ����� ���� � ����� �� ��������� ���� ����� ��, ��� � ������ unzip.php 
// ����� �� ���� � ����� ��������� ������ ���� ����������� ��� �����, � ������� ��������� ��� unzip.php 


if (!file_exists($archive_path)) {
  echo "file not found " . $archive_path;
  exit;
}

$zip = new ZipArchive;
$zip->open($archive_path);
echo "extracting " . $zip->numFiles . " files...\n";
$zip->extractTo($extract_path);

$dirs = array();

echo"\nFiles:\n";

for( $i = 0; $i < $zip->numFiles; $i++ ){ 
    $stat = $zip->statIndex( $i ); 
    echo  $stat['name']  . "\n"; 
    touch($extract_path . $stat['name'], filemtime($archive_path));

    if (!array_search(dirname($stat['name']), $dirs))
      { array_push($dirs, dirname($stat['name'])); }
}

$zip->close();

echo"\nFolders:\n";

touch( dirname(__FILE__), filemtime($archive_path));

foreach($dirs as $key=>$value) {
  if ($value <>".") {
    echo $value . "\n" ;
    touch( $extract_path . $value, filemtime($archive_path));
    }
}
echo "Ok!";
?>
PHP Malware Analysis

unzip.php

md5: ff35ca352f93d3e0cac5be9dbd2047ff

Screenshot

Attributes

Deobfuscated PHP code

Execution traces

Generated HTML code

Original PHP code
