mirror of
https://github.com/scr34m/php-malware-scanner.git
synced 2026-06-16 12:30:35 +00:00
Sample update
This commit is contained in:
@@ -262,6 +262,7 @@ FaisaL Ahmed aka rEd X
|
||||
smisbot
|
||||
smotherbot
|
||||
Indonesian Hacker Rulez
|
||||
pwetan.com
|
||||
|
||||
# WP-VCD Malware https://www.getastra.com/blog/911/how-to-fix-wp-vcd-backdoor-hack-in-wordpress-functions-php/
|
||||
wp-vcd
|
||||
@@ -404,3 +405,19 @@ eval(rawurldecode('
|
||||
'base', '64_dec', 'ode'
|
||||
'cook', 'set', 'ie'
|
||||
'repl', 'str_', 'ace'
|
||||
"base"."64_"
|
||||
'base'.'64_'
|
||||
"t"."m"."p"."_"."n"."a"."m"."e"
|
||||
"f"."i"."l"."e"."_"."p"."u"."t"
|
||||
"f"."i"."l"."e"."_"."g"."e"."t"
|
||||
'ode', 'e64_', 'bas', 'dec'
|
||||
'unct', 'ion', 'te_f', 'crea'
|
||||
'te', 'g', 'nf', 'l', 'a', 'zi'
|
||||
|
||||
# process data from request object directly
|
||||
extract($_REQUEST) && @$
|
||||
extract($_REQUEST)&&@$
|
||||
xtract($_REQUEST)&&@$
|
||||
|
||||
# uncompress cafted content
|
||||
gzuncompress(strrev(substr(
|
||||
|
||||
Reference in New Issue
Block a user