Decode signatures with Sigtool

Tutorial

When you are scanning malware example ClamAV or Maldet from files in server and get positive hit, you may difficult find where has injected code in the file. For decoding signature you can use ClamAV sigtool command line tool. This will help you find the right position from infected file and remove malware code. Positive … Read more

Decode.Tools – Decode PHP Obfuscator by FOPO

Decode.tools

Decote.tools is a website that provides you free online decoding tools that can help you identify malicious PHP code hiding behind obfuscated code (ex. FOPO). Tools at decode.tools can decode almost any tough PHP code or program into a simple and understandable form that can be easily analyzed to see whether its malicious or not. … Read more

sql_dump.php – Bot network

malware botnetwork

Today we looked server’s logs and we found very active Bot network that trying use old malware and upload more PHP code files to servers. Malware files If we look access logs, we found many files which tried access, but they not are normal WordPress, Joomla etc. files. /Abbrevsprl.php /administrator/administrator.php /administrator/dbconfig.php /administrator/includes/readmy.php /administrator/webconfig.txt.php /al277.php /authenticating.php … Read more

php fwrite base64 decode

An attacker trying hide malware, before it’s uploaded, fwrite to server and executed. This attacks type uses Cross-Site Request Forgery & Remote Content Execution vulnerability together (CSRF & RCE vulnerability) It’s also base64 encoded content, so it’s more difficult find with scanners. Example – fwrite & base64_encoded malware base64_decode malware When malware uploaded to server … Read more