mirror of
https://github.com/scr34m/php-malware-scanner.git
synced 2026-06-16 12:30:35 +00:00
Added array_ and cslashes
Found a couple of cases where the php functions array_shift and addcslashes were used in base64 encoded malware. Adding strings to catch any references to 'cslashes' which will catch both addcslashes and strip cslashes Adding strings to catch any references to 'array_' which will catch about a dozen array modification functions.
This commit is contained in:
nichogenius
@@ -102,6 +102,16 @@ Zm9wZW
|
|||||||
ZvcGVu
|
ZvcGVu
|
||||||
mb3Blb
|
mb3Blb
|
||||||
|
|
||||||
|
# "array_" in base64
|
||||||
|
YXJyYXlf
|
||||||
|
FycmF5X
|
||||||
|
hcnJheV
|
||||||
|
|
||||||
|
# "cslashes" in base64
|
||||||
|
Y3NsYXNoZX
|
||||||
|
NzbGFzaGVz
|
||||||
|
jc2xhc2hlc
|
||||||
|
|
||||||
# "anyresults.net" in base64 ... this one may be too specific ?
|
# "anyresults.net" in base64 ... this one may be too specific ?
|
||||||
YW55cmVzdWx0cy5uZX
|
YW55cmVzdWx0cy5uZX
|
||||||
FueXJlc3VsdHMubmV0
|
FueXJlc3VsdHMubmV0
|
||||||
|
|||||||
Reference in New Issue
Block a user