mirror of
https://github.com/scr34m/php-malware-scanner.git
synced 2026-06-16 12:30:35 +00:00
Sample update from #94 and some found in servers
This commit is contained in:
@@ -146,6 +146,8 @@ eval\([A-Za-z0-9]{5,}\(\) \. '
|
||||
# eval function return, parameter is a hex string
|
||||
eval\([A-Za-z0-9]{5,}\(\"[A-Z0-9]{16,}
|
||||
|
||||
eval\(\s+'\?>'
|
||||
|
||||
# gzip payload called by variable named function
|
||||
\$[a-zA-Z0-9]{6,}\('\x78\x9C\xAD\x90\x41\x0E
|
||||
|
||||
@@ -159,4 +161,7 @@ return @\$[a-z]{2}\d+\[\d+\]\(\$[a-z]{2}\d+\[\d+\],
|
||||
|
||||
# JS - escaped command
|
||||
\.fromCharCode\([0-9,]{4,}\)
|
||||
\+-parseInt\(\w\('0x[0-9a-z]+'\)\)\/
|
||||
\+-parseInt\(\w\('0x[0-9a-z]+'\)\)\/
|
||||
|
||||
# concated hash value
|
||||
('[a-z0-9]{2,}'\.){4,}
|
||||
|
||||
Reference in New Issue
Block a user