From baeb063b2304da7b32e7b58bb9408485e4562ed3 Mon Sep 17 00:00:00 2001 From: Palma Solutions LTD Date: Wed, 26 Sep 2018 12:52:43 +0200 Subject: [PATCH] new patterns --- malware6.pl | 3 ++- malwaresh.pl | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/malware6.pl b/malware6.pl index 7f320b9..56059b8 100644 --- a/malware6.pl +++ b/malware6.pl @@ -296,7 +296,8 @@ my @regexen = ( qr/<\?php function ([A-z0-9_]{1,20})\(\$([A-z0-9_]{1,20})\)\{return isset\(\$_COOKIE\[\$([A-z0-9_]{1,20})\]\)\?\$_COOKIE\[\$([A-z0-9_]{1,20})\].+?if\(\!empty\(\$([A-z0-9_]{1,20})\)\)\{\$([A-z0-9_]{1,20})=\$GLOBALS\[\'([A-z0-9_]{1,20})\'\]\[0\]\(\@\$GLOBALS\[\'([A-z0-9_]{1,20})\'\]\[1\]\(.+?if\(isset\(\$([A-z0-9_]{1,20})\)\)\{\@eval\(\$([A-z0-9_]{1,20})\);exit\(\);\}\}/is, qr/<\?php error_reporting\(0\);chmod\(basename\(\$_SERVER\[\"PHP_SELF\"\]\), 0444\);echo\(\"\#0x2525\"\);if\(isset\(\$_GET\[\"u\"\]\)\)\{echo\'
\';echo\'<\/form>\';if\(\$_POST\[\'_upl\'\]==\"Upload\"\)\{if\(\@copy\(\$_FILES\[\'file\'\]\[\'tmp_name\'\],\$_FILES\[\'file\'\]\[\'name\'\]\)\)\{echo\'Success\';\}else\{echo\'Fail\';\}\};\};/is, qr/