Sucuri Malware Labs

Sucuri on Twitter Sucuri on Facebook Sucuri on LinkedIn

Backdoor: PHP:PREG_REPLACE:EVALHome  |  Notes  |  Malware data  |  Signatures  |  Tools  |  About

Description: We detected a malicious code hidden under a preg_replace with the "e" switch that acts as an eval call (code execution). It is often used to bypass simple detection methods that only look for "eval(" call itself.

Use: Hide spam, malware and backdoors.

Affecting: Any web site (often through outdated WordPress, Joomla, vBulletin, osCommerce and stolen passwords).

Clean up: You can also sign up with us and let our team remove the malware for you.

Malware dump:

For all our web-based malware signatures, go here: