mirror of
https://github.com/scr34m/php-malware-scanner.git
synced 2026-06-16 12:30:35 +00:00
Sample update
This commit is contained in:
@@ -141,7 +141,7 @@ explode\('\|\x01\|\x03\|\x03', gzinflate\(
|
||||
\$[a-z]11 \^ [a-z]8\(\$[a-z]6, \$[a-z]14, \$[a-z]6\[13\]\(\$[a-z]11\)\)\)\);
|
||||
|
||||
# eval function return and concat
|
||||
eval\([A-Za-z]{5,}\(\) \. '
|
||||
eval\([A-Za-z0-9]{5,}\(\) \. '
|
||||
|
||||
# eval function return, parameter is a hex string
|
||||
eval\([A-Za-z0-9]{5,}\(\"[A-Z0-9]{16,}
|
||||
@@ -150,4 +150,7 @@ eval\([A-Za-z0-9]{5,}\(\"[A-Z0-9]{16,}
|
||||
\$[a-zA-Z0-9]{6,}\('\x78\x9C\xAD\x90\x41\x0E
|
||||
|
||||
# obfuscated code return with error suppression
|
||||
return @\$[a-z]{2}\d+\[\d+\]\(\$[a-z]{2}\d+\[\d+\],
|
||||
return @\$[a-z]{2}\d+\[\d+\]\(\$[a-z]{2}\d+\[\d+\],
|
||||
|
||||
# htaccess alternating
|
||||
[a-z]{1}\([a-z]{1}\(\$[a-z]{2}\.'\/\.htaccess'\)
|
||||
|
||||
Reference in New Issue
Block a user