Malin/LP-MSH-Scanner
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update 'malware4.pl'

Browse Source
This commit is contained in:
Malin 2017-03-10 11:22:16 +01:00
parent 23ec91904c
commit f4f9ddaab4
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
malware4.pl
View File

@ -72,9 +72,9 @@ my @regexen = (
qr/\/\*([A-z0-9]{1,10})\*\/\s+\@include\s+\".+?\"\;\s+\/\*([A-z0-9]{1,10})\*\//is,
qr/<\?PHP\s+if\(isset\(\$\_REQUEST\[\"cmd\"\]\)\)\{eval\(stripslashes\(\$\_REQUEST\[\"cmd\"\]\)\)\;die\(\)\;\}\s+\?>/is,
qr/<\?php\s+\$auth_pass.+?\$color.+?\$default\_action\s+\=\s+\'FilesMan\'\;\s+\$default\_use\_ajax\s+\=\s+true\;\s+\$default\_charset\s+\=\s+\'Windows\-1251\'\;\s+if\(\!empty\(\$\_SERVER\[\'HTTP\_USER\_AGENT\'\]\)\)\s+\{\s+\$userAgents\s+\=\s+array\(\"Google\"\,\s+\"Slurp\"\,\s+\"MSNBot\"\,\s+\"ia\_archiver\"\,\s+\"Yandex\"\,\s+\"Rambler\"\)\;\s+if\(preg\_match\(\'\/\'\s+\.\s+implode\(\'\|\'\,\s+\$userAgents\)\s+\.\s+\'\/i\'\,\s+\$\_SERVER\[\'HTTP\_USER\_AGENT\'\]\)\)\s+\{\s+header\(\'HTTP\/1\.0\s+404\s+Not\s+Found\'\)\;\s+exit\;/is,
qr/<\?php.+?\$auth\_pass\s+\=\s+\"([A-z0-9]{32})\"\;\s+\$color\s+\=\s+\"\#df5\"\;\s+\$default\_action\s+\=\s+\'FilesMan\'\;\Z/is,
qr/<\?php.+?\$auth\_pass\s+\=.+?\$color\s+\=\s+\"\#df5\"\;\s+\$default\_action\s+\=\s+\'FilesMan\'\;\Z/is,
qr/<\?php\s+\$\{.+?\,NULL\)\;\@ini\_set\(\"log\_.+?\;return\s+sh\_decrypt\_phase\(sh\_decrypt\_phase\(\$\{\$\{.+?\=>\@phpversion\(\)\,.+?\]\)\;\}exit\(\)\;\}/is,
qr/<\?php\s+\$\{.+?\)\{if\(is\_uploaded\_file\(\$\_FILES\[.+?function\s+mail\_utf8\_html\_attch\(\$to\,\$subj\,\$text\,\$from\,\$filename\)\{\Z/is,
qr/<\?php\s+\$\{.+?\)\{if\(is\_uploaded\_file\(\$\_FILES\[\Z/is,