From 95d9636c46ee006e15a69881c43cb41900aaf270 Mon Sep 17 00:00:00 2001
From: Malin <malin@cenusa.me>
Date: Wed, 28 Dec 2016 20:29:36 +0100
Subject: [PATCH] Update 'malware3.pl'

---
 malware3.pl | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/malware3.pl b/malware3.pl
index df8b661..d109c51 100644
--- a/malware3.pl
+++ b/malware3.pl
@@ -531,11 +531,6 @@ my @regexen = (
     qr/<\?php\s+\$([A-z0-9]{1,10})\=\".+?eg\_.+?\.chr\(101\)\.\"plac.+?\"\;\?>/is,
     qr/<\?php\s+if\(isset\(\$\_GET\[php\]\)\)\{\echo\s+\'<form\s+action\=\"\"\s+method\=\"post\"\s+enctype\=\"multipart\/form\-data\"\s+name\=\"silence\"\s+id\=\"silence\">\';echo\s+\'<input\s+type\=\"file\"\s+name\=\"file\"><input\s+name\=\"golden\"\s+type\=\"submit\"\s+id\=\"golden\"\s+value\=\"Done\"><\/form>\';if\(\$\_POST\[\'golden\'\]\=\=\"Done\"\)\{if\(\@copy\(\$\_FILES\[\'file\'\]\[\'tmp\_name\'\]\,\$\_FILES\[\'file\'\]\[\'name\'\]\)\)\{echo\'\+\';\}else\{echo\'\-\';\}\}\}/is,
     qr/<\?php\s+\$root\_path\s+\=\s+get\_root\(\);\s+\$cms\s+\=\s+get\_cms\(\$root\_path\);\s+\$func\s+\=\s+\'do\_backdoor\_\'\.\$cms;\s+\$func\(\$root\_path\,\s+\$\_SERVER\[\'HTTP\_HOST\'\]\);\s+echo\s+\$\_SERVER\[\'HTTP\_HOST\'\]\.\';;;\';\s+\$domains\s+\=\s+get_domains\(\$root\_path\,\s+\$\_SERVER\[\'HTTP\_HOST\'\]\);\s+foreach\s+\(\$domains\s+as\s+\$domain\_path\)\s+\{\s+\$tmp\s+\=\s+explode\(\'\/\'\,\s+\$domain\_path\);\s+\$domain\_name\s+\=\s+\(count\(\$tmp\)\s+\>\s+0\)\?\s+\$tmp\[count\(\$tmp\)\s+\-\s+1\]\:\s+\'\';\s+\$cms\s+=\s+get\_cms\(\$domain\_path\);\s+\$func\s+\=\s+\'do\_backdoor\_\'\.\$cms;\s+\$func\(\$domain\_path\,\s+\$\_SERVER\[\'HTTP\_HOST\'\]\);\s+echo\s+\$domain\_name\.\';;;\';\s+\}\s+function\s+do\_backdoor\_jml1\(\$domain\_path\,\s+\$domain\)\s+{\s+change\_content\_of\_file\(\$domain\_path\.\'\/\.htaccess\'\,.+?function\s+get\_cron\(\)\s+\{\s+return.+?\';\s+\}/is,
-    qr/<\?php\s+for\(\$o\=0\,\$e\=.+?\$d\=\'\';\@ord\(\$e\[\$o\]\);\$o\+\+\)\{if\(\$o\<16\)\{\$h\[\$e\[\$o\]\]\=\$o;\}else\{\$d\.\=\@chr\(\(\$h\[\$e\[\$o\]\]\<\<4\)\+\(\$h\[\$e\[\+\+\$o\]\]\)\);\}\}eval\(\$d\);\s+\?>/is,
-
-
-
-