/random-php-malware-foo

I decoded some random PHP malware

Primary LanguagePHP

Verschleierungen

${"\x47\x4c\x4f\x42\x41\x4c\x53"} == $GLOBALS

\x4f\x30\x5f\x4f\x30\x4f\x5f\x5f\x30\x4f == O0_O0O__0O

\x5f\x47\x45\x54 == $_GET

\x75\x72\x6c\x65\x72\x72 == urlerr

\x4f\x5f\x30\x30\x4f\x5f\x4f\x5f\x30\x4f == O_00O_O_0O

\x4f\x30\x5f\x5f\x30\x4f\x4f\x4f\x30\x5f == O0__0OOO0_

\x4f\x30\x5f\x30\x4f\x30\x4f\x5f\x4f\x5f == O0_0O0O_O_

Regex \$GLOBALS\[["']([0O_]+)["']\] replace to $$$1 (vscode)

Helper scripts

types.php == Decode php buildin function calls

unweird.php == Decrypt weird base64/gzip encodings

Decode unicode strings: https://www.online-toolz.com/tools/text-unicode-entities-convertor.php