mirror of
https://github.com/scr34m/php-malware-scanner.git
synced 2026-06-16 12:30:35 +00:00
Adding str_, function, echo and include in base64
str_ will match 13 separate php functions, many of which can be used for string/modifcation aka obfuscation function added to catch function defining. echo added as it is a common php keyword, though experimental... may cause a of false positives include added as it is often used to link in other malware files.
This commit is contained in:
@@ -62,11 +62,31 @@ cmVwbGFjZ
|
|||||||
JlcGxhY2
|
JlcGxhY2
|
||||||
yZXBsYWNl
|
yZXBsYWNl
|
||||||
|
|
||||||
|
# "str_" in base64
|
||||||
|
c3RyX
|
||||||
|
N0cl
|
||||||
|
zdHJf
|
||||||
|
|
||||||
# "exec" in base64
|
# "exec" in base64
|
||||||
ZXhlYy
|
ZXhlYy
|
||||||
V4ZWMo
|
V4ZWMo
|
||||||
leGVjK
|
leGVjK
|
||||||
|
|
||||||
|
# "echo" in base64
|
||||||
|
ZWNob
|
||||||
|
VjaG
|
||||||
|
lY2hv
|
||||||
|
|
||||||
|
# "function" in base64
|
||||||
|
ZnVuY3Rpb2
|
||||||
|
Z1bmN0aW9u
|
||||||
|
mdW5jdGlvb
|
||||||
|
|
||||||
|
# "include" in base64
|
||||||
|
aW5jbHVkZ
|
||||||
|
luY2x1ZG
|
||||||
|
pbmNsdWRl
|
||||||
|
|
||||||
# "base64" in base64
|
# "base64" in base64
|
||||||
YmFzZTY0
|
YmFzZTY0
|
||||||
Jhc2U2N
|
Jhc2U2N
|
||||||
|
|||||||
Reference in New Issue
Block a user