extending patterns from 3rd samples source

2026-06-16 12:30:35 +00:00 · 2016-05-05 07:42:39 +02:00
parent 7e06f846ae
commit 5783ead57a
1 changed files with 6 additions and 0 deletions
--- a/scan.php
+++ b/scan.php
@@ -149,11 +149,14 @@ class MalwareScanner
            '=\'base\'.(32*2).\'_de\'.\'code\'',
            '"base64_decode"',
            'YmFzZTY0X2RlY29kZ', // base64_decode
+            
            /* 'eval', 'eval(', */
+            'eval("?>',
            'ev\x61l',
            '\x65\166\x61\154\x28' /* dec/hex issue? */,
            '\x65\x76\x61\x6C' /* case, dec/hex issue? */,
            'ZXZhbCg', // eval
+
            'eval(base64_decode(',
            '\x47\x4c\x4f\x42\x41LS', // GLOBALS
            'SFRUUF9VU0VSX0FHRU5U', // HTTP_USER_AGENT
@@ -161,8 +164,11 @@ class MalwareScanner
            '${${', // ${${"\x47\x4c\x4f\x42...
            'file_get_contents(\'http://codepad.org',
            'PHPJiaMi',
+            '@include($_GET[',
+            'system($_GET[',

            /* too open? */
+            // 'gzinflate(base64_decode(',
            'md5($_GET[', // md5($_GET["ms-load"])
        );
        foreach ($patterns as $toSearch) {