Thumbs.php

Malware details

Today we found new Thumbs.php encoded malware, which trying to hide PHP code to unreadable. This technique is not nothing new, so this is very easy de-obfuscate PHP code and make it readable again. After we manually decoded this PHP malware, we found again FilesMan backdoor which is PHP command shell. Decoded Thumbs.php FilesMan – … Read more

case.php malware

This case.php malware uses Obfuscation PHP code. Decoding Obfuscation There is tools to Decoding ObfuscatePHP code: https://www.unphp.net http://ddecode.com/phpdecoder/ http://lombokcyber.com/en/detools/decode-fopo ,but they don’t always work as except. That’s why we decrypted this manually. Source case.php Again, this malware tries load more backdoor files to the server to get full control. plug.php FilesMan Shell FilesMan Shell crypted … Read more

WordPress Plugin – wp-zipp.php

Today we found new malware WP-Zipp.zip which is a WordPress plugin. The attacker is somehow before with another vulnerability created a user account with WordPress and it uploads own malware plugin, which contains a FilesMan remote shell. Access log As we see, just direct access to WordPress and install WP-Zipp plugin: WP-Zipp.zip If we extracted … Read more

Free Online PHP Obfuscator

Free Online PHP Obfuscator is designed to help PHP developers protect their intellectual property. Any time you give your PHP source code to someone else your intellectual property can be used and altered without your permission. It’s not one-way encryption but it will keep curious eyes away from your code. These tryed again upload to … Read more

FilesMan

PHP backdoors are server-side malicious scripts. The typical examples of such backdoors are various File Managers, Web Shells, Command Shells, tools for bypassing admin login, or various one-purpose scripts allowing the attacker to upload and run another type of malicious scripts. The payload is PHP-based, thus intended for server-side use and the payload is executed … Read more