Malin/LP-MSH-Scanner
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update 'malware3.pl'

Browse Source
This commit is contained in:
Malin 2016-09-30 11:44:41 +02:00
parent 91e8ce658d
commit 42b8c9859b
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
malware3.pl
View File

@ -23,7 +23,7 @@ my @regexen = (
qr/<\?php\s+function\s+([A-z0-9]{1,10})\(\$([A-z0-9]{1,10})\,\s+\$([A-z0-9]{1,10})\)\{\$([A-z0-9]{1,10})\s+\=\s+\'\'\;\s+for\(\$([A-z]{1,2})\=0\;\s+\$([A-z]{1,2})\s+\<\s+strlen\(\$([A-z0-9]{1,10})\)\;\s+\$([A-z]{1,2})\+\+\)\{\$([A-z0-9]{1,10})\s+\.\=\s+isset\(\$([A-z0-9]{1,10})\[\$([A-z0-9]{1,10})\[\$([A-z]{1,2})\]\]\)\s+\?\s+\$([A-z0-9]{1,10})\[\$([A-z0-9]{1,10})\[\$([A-z]{1,2})\]\]\s+\:\s+\$([A-z0-9]{1,10})\[\$([A-z]{1,2})\]\;\}\s+\$([A-z0-9]{1,10})\=\"base64\_decode\"\;return\s+\$([A-z0-9]{1,10})\(\$([A-z0-9]{1,10})\)\;\}.+?\$([A-z]{1,2})\s+\=\s+\Array\(.+?eval\(([A-z0-9]{1,10})\(\$([A-z]{1,2})\,\s+\$([A-z]{1,2})\)\)\;\?>/is,
qr/<\?php\s+\$([A-z0-9]{1,10})\=\'aWYoaXNzZXQoJF9SRVFVRVNUWydjb2NvJ10pICYmICRfUkVRVUVTVFsnY29jbyddIT0nJyl7ZXZhbCgkX1JFUVVFU1RbJ2NvY28nXSk7ZXhpdCgpO30\=\'\;eval\(base64\_decode\(\$([A-z0-9]{1,10})\)\)\;exit\(\)\;\s+\?>/is,
qr/<script.+?G91825.+?<\/script>/is,
qr/<\?php\s+$user\_agent\_to\_filter\s+\=\s+array\(\s+\'\#Ask.+?if\(\s+FALSE\s+\!\=\=\s+strpos\(\s+gethostbyaddr\(\$\_SERVER\[\'REMOTE\_ADDR\'\]\)\,\s+\'google\'\)\)\s+\{\s+\$isbot\s+\=\s+1\;\s+\}\s+if\(\@\$isbot\)\{.+?curl\_close\s+\(\$ch\)\;\s+echo\s+\$result\;\s+\}\s+\?>/is,
qr/<\?php\s+\$user\_agent\_to\_filter\s+\=\s+array\(\s+\'\#Ask.+?if\(\s+FALSE\s+\!\=\=\s+strpos\(\s+gethostbyaddr\(\$\_SERVER\[\'REMOTE\_ADDR\'\]\)\,\s+\'google\'\)\)\s+\{\s+\$isbot\s+\=\s+1\;\s+\}\s+if\(\@\$isbot\)\{.+?curl\_close\s+\(\$ch\)\;\s+echo\s+\$result\;\s+\}\s+\?>/is,
qr/<\?php\s+\@error\_reporting\(0\)\;set\_time\_limit\(150\)\;ignore\_user\_abort\(true\)\;.+?print\s+\'\*send\:ok\*\'\;\s+exit\;.+?imagedestroy\(\$image\_p\)\;return\s+\$out\;\}\s+?>/is,
qr/<script>var\s+a\=\'\'\;setTimeout.+?getCookie\(\"\_\_cfgoid\"\)\&\&\(setCookie\(\"\_\_cfgoid.+?\)\)\)\;<\/script>/is,
qr/<\?php.+?\@ini\_set\(\'display\_errors\'\,\'off\'\).+?\@ini\_set\(\'upload\_max\_filesize\'\,\'1000000\'\)\;.+?\$http\_report\s+\=\s+strtolower.+?<\/script><\/noindex><\/nofollow>\'\;\}\s+\?>/is,