External/php-malware-scanner
1
0
Fork 0
mirror of https://github.com/scr34m/php-malware-scanner.git synced 2026-06-16 12:30:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

Pattern update about new infections found

Browse Source
This commit is contained in:
Gabor Gyorvari
2022-07-14 19:59:23 +02:00
parent 18b06fc48b
commit 088c0761b3
2 changed files with 17 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
definitions/patterns_raw.txt
View File

@@ -386,4 +386,10 @@ cGhwOi8vaW5wdXQ=
explode('?>',$shell explode('?>',$shell
# common mobile agent check in SEO poison scripts # common mobile agent check in SEO poison scripts
Array("1207", "3gso", "4thp", "501i", "502i", "503i", "504i", "505i", "506i", Array("1207", "3gso", "4thp", "501i", "502i", "503i", "504i", "505i", "506i",
# eval url decoded string
eval(rawurldecode('
# simple obfuscated gzuncompress
'gz'.'unc'.'ompress'

11
definitions/patterns_re.txt
View File

@@ -138,4 +138,13 @@ explode\('\|\x01\|\x03\|\x03', gzinflate\(
@\$[a-z]{1}\[\d+\]\(\$[a-z]{1}\[\d+\]\); @\$[a-z]{1}\[\d+\]\(\$[a-z]{1}\[\d+\]\);
# reported #77 # reported #77
\$[a-z]11 \^ [a-z]8\(\$[a-z]6, \$[a-z]14, \$[a-z]6\[13\]\(\$[a-z]11\)\)\)\); \$[a-z]11 \^ [a-z]8\(\$[a-z]6, \$[a-z]14, \$[a-z]6\[13\]\(\$[a-z]11\)\)\)\);
# eval function return and concat
eval\([A-Za-z]{5,}\(\) \. '
# eval function return, parameter is a hex string
eval\([A-Za-z0-9]{5,}\(\"[A-Z0-9]{16,}
# gzip payload called by variable named function
\$[a-zA-Z0-9]{6,}\('\x78\x9C\xAD\x90\x41\x0E