External/php-malware-scanner
1
0
Fork 0
mirror of https://github.com/scr34m/php-malware-scanner.git synced 2026-06-16 12:30:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

Added array_ and cslashes

Browse Source 
Found a couple of cases where the php functions array_shift and addcslashes were used in base64 encoded malware.

Adding strings to catch any references to 'cslashes' which will catch both addcslashes and strip cslashes
Adding strings to catch any references to 'array_' which will catch about a dozen array modification functions.
This commit is contained in:
nichogenius
2017-07-31 04:02:04 -06:00
committed by GitHub
parent b9b5de9e72
commit 9d60271b11
1 changed files with 10 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
patterns_raw.txt
View File

@@ -102,6 +102,16 @@ Zm9wZW
ZvcGVu
mb3Blb
# "array_" in base64
YXJyYXlf
FycmF5X
hcnJheV
# "cslashes" in base64
Y3NsYXNoZX
NzbGFzaGVz
jc2xhc2hlc
# "anyresults.net" in base64 ... this one may be too specific ?
YW55cmVzdWx0cy5uZX
FueXJlc3VsdHMubmV0