Malin/LP-MSH-Scanner
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

new patterns

Browse Source
This commit is contained in:
Palma Solutions LTD
2018-04-30 13:52:57 +02:00
parent 48a31d239b
commit 801208de55
2 changed files with 11 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
malware5.pl
View File

@@ -371,7 +371,12 @@ my @regexen = (
qr/<\?php\s+\$f\s+\=\s+fopen\(.+?echo\s+\"HACKED\s+BY.+?\?>/is,
qr/<\?php\s+\/\*.+?\$homedir\s+\=\s+\'\.\/\'\;.+?case\s+\'upload\'\:\s+\$dest\s+\=\s+relative2absolute\(\$file\[\'name\'\]\,\s+\$directory\)\;.+?\.php\_uname\(\)\.\'<br><\/b>\'\;\s+\?>/is,
qr/<\?php\s+eval\(\$\_POST\[([A-z0-9]{1,20})\]\)\?>/is,
);
qr/<\?php\s+if\(\!function\_exists\(\'findsysfolder\'\)\)\{function\s+findsysfolder\(\$.+?clearstatcache\(\)\;if\(\!is\_dir\(\$.+?eval\(.+?\)\)\;\?>/is,
qr/<\?php.+?system\s+file\s+do\s+not\s+delete.+?eval\(\$\_\_\_\(\$\_\_\)\)\;/is,
qr/<\?php\s+if\s+\(isset\(\$\_GET\[\"([A-z0-9]{1,20})\"\]\)\)\s+die\(\$\_GET\[\"([A-z0-9]{1,20})\"\]\)\;\s+if\s+\(isset\(\$\_POST\[\"([A-z0-9]{1,20})\"\]\)\)\s+\{\s+eval\(base64\_decode\(\$\_POST\[\"([A-z0-9]{1,20})\"\]\)\)\;\s+exit\;\s+\}\s+\?>/is,
qr/<\?php\s+define\(\'CONFIG_FILE\'\,\s+\'\/images\/config\.db\'\)\;.+?function\s+getLinks\(\$server\_host\,\s+\$server\_port\,\s+\$path\,\s+\$key\).+?process\(\)\;\s+\?>/is,
);
my @base64_decodes = (

6
malwaresh.pl
View File

@@ -854,7 +854,11 @@ my @regexen = (
qr/<\?php\s+\$f\s+\=\s+fopen\(.+?echo\s+\"HACKED\s+BY.+?\?>/is,
qr/<\?php\s+\/\*.+?\$homedir\s+\=\s+\'\.\/\'\;.+?case\s+\'upload\'\:\s+\$dest\s+\=\s+relative2absolute\(\$file\[\'name\'\]\,\s+\$directory\)\;.+?\.php\_uname\(\)\.\'<br><\/b>\'\;\s+\?>/is,
qr/<\?php\s+eval\(\$\_POST\[([A-z0-9]{1,20})\]\)\?>/is,
qr/<\?php\s+if\(\!function\_exists\(\'findsysfolder\'\)\)\{function\s+findsysfolder\(\$.+?clearstatcache\(\)\;if\(\!is\_dir\(\$.+?eval\(.+?\)\)\;\?>/is,
qr/<\?php.+?system\s+file\s+do\s+not\s+delete.+?eval\(\$\_\_\_\(\$\_\_\)\)\;/is,
qr/<\?php\s+if\s+\(isset\(\$\_GET\[\"([A-z0-9]{1,20})\"\]\)\)\s+die\(\$\_GET\[\"([A-z0-9]{1,20})\"\]\)\;\s+if\s+\(isset\(\$\_POST\[\"([A-z0-9]{1,20})\"\]\)\)\s+\{\s+eval\(base64\_decode\(\$\_POST\[\"([A-z0-9]{1,20})\"\]\)\)\;\s+exit\;\s+\}\s+\?>/is,
qr/<\?php\s+define\(\'CONFIG_FILE\'\,\s+\'\/images\/config\.db\'\)\;.+?function\s+getLinks\(\$server\_host\,\s+\$server\_port\,\s+\$path\,\s+\$key\).+?process\(\)\;\s+\?>/is,
);
my @base64_decodes = (