This is a widely seen backdoor allowing the attacker executing a code passed through the $_REQUEST variable. It's obfuscating the create_function() and base64_decode() functions using arrays and is usually injected to legitimate files.
Severity
HIGH
Malware Signatures
- asp.backdoor
- asp.backdoor.execute.001
- asp.backdoor.pejvak.001
- asp.spam-seo
- asp.spam-seo.injector.001
- asp.spam-seo.redirect.001
- htaccess.backdoor
- htaccess.backdoor.evil-enabler.001
- htaccess.defaced
- htaccess.defaced.directory-index
- htaccess.hacktool
- htaccess.hacktool.cgi.001
- htaccess.hacktool.symlink-viewer
- htaccess.malware
- htaccess.malware.generic.001
- htaccess.malware.generic.002
- htaccess.malware.generic.003
- htaccess.phishing.block_bots.001.02
- htaccess.spam-seo
- htaccess.spam-seo.doorway.002
- htaccess.spam-seo.prepend.001
- htaccess.spam-seo.redirect.001.001
- htaccess.spam-seo.redirect.001.002
- htaccess.spam-seo.redirect.001.003
- htaccess.spam-seo.redirect.001.004
- htaccess.spam-seo.redirect.001.005
- htaccess.spam-seo.redirect.001.006
- htaccess.spam-seo.redirect.006
- htaccess.spam-seo.redirect_gen.001
- htaccess.spam-seo.redirect_gen.002
- htaccess.spam-seo.redirect_gen.003
- htaccess.spam-seo.redirect_gen.004
- htaccess.spam-seo.redirect_gen.005
- htaccess.spam-seo.redirect_gen.006
- htaccess.spam-seo.suspicious-rewrite.003
- html.defaced
- html.defaced.bghh.001
- html.defaced.cyberheroez.001
- html.defaced.darkflamez.001
- html.defaced.dkbrazil.001
- html.defaced.gangtengers.001
- html.defaced.gen.001
- html.defaced.gen.002
- html.defaced.gen.003
- html.defaced.gen.004
- html.defaced.gen.005
- html.defaced.gen.006
- html.defaced.gen.007
- html.defaced.gen.008
- html.defaced.gen.009
- html.defaced.gen.010
- html.defaced.gen.011
- html.defaced.gen.012
- html.defaced.gen.013
- html.defaced.gen.014
- html.defaced.gen.015
- html.defaced.gen.016
- html.defaced.gen.017
- html.defaced.gen.018
- html.defaced.gen.019
- html.defaced.gen.020
- html.defaced.gen.021
- html.defaced.gen.022
- html.defaced.hightech_hackteam.001
- html.defaced.hmei7
- html.defaced.horrorscary.001
- html.defaced.muslim_army.001
- html.defaced.nazihacker.001
- html.defaced.xtroj
- html.iframe
- html.iframe.gen.001
- html.iframe.gen.002
- html.iframe.gen.003
- html.iframe.gen.004
- html.iframe.gen.005
- html.iframe.gen.006
- html.iframe.gen.007
- html.iframe.gen.008
- html.iframe.gen.009
- html.iframe.gen.010
- html.injected.scounter
- html.phishing
- html.phishing.alibaba.001
- html.phishing.americanexpress.001
- html.phishing.apple.001.001
- html.phishing.apple.001.002
- html.phishing.apple.001.003
- html.phishing.apple.001.004
- html.phishing.apple.001.005
- html.phishing.battle_net.001
- html.phishing.bmo.001
- html.phishing.chase.001.001
- html.phishing.cielo.001
- html.phishing.cielo.001.002
- html.phishing.citibank.001
- html.phishing.ebay.001
- html.phishing.gen.001
- html.phishing.gen.002
- html.phishing.gen.003
- html.phishing.gen.004
- html.phishing.gen.005
- html.phishing.gen.006
- html.phishing.gen.007
- html.phishing.gen.008
- html.phishing.gen.009
- html.phishing.gen.010
- html.phishing.gen.011
- html.phishing.halifax.001
- html.phishing.hong_leong.001
- html.phishing.hotmail.001
- html.phishing.hotmail.003
- html.phishing.microsoft.001
- html.phishing.paypal.001
- html.phishing.paypal.001.002
- html.phishing.paypal.001.003
- html.phishing.paypal.001.004
- html.phishing.paypal.001.005
- html.phishing.paypal.001.006
- html.phishing.paypal.001.007
- html.phishing.paypal.001.008
- html.phishing.paypal.002
- html.phishing.remax.001
- html.phishing.securesignup_net.001
- html.phishing.vodafone.001
- html.phishing.wells_fargo.001
- html.phishing.yahoo.001.001
- html.phishing.yahoo.001.002
- html.phishing.yahoo.001.003
- html.phishing.yahoo.001.004
- html.phishing.yahoo.001.005
- html.phishing.yahoo.001.006
- html.redirect
- html.redirect.http-refresh_gen.001
- html.spam-seo
- html.spam-seo.generic.001
- html.spam-seo.hiddendiv.001
- html.spam-seo.hiddendiv.002
- html.spam-seo.iframer.001
- html.spam-seo.japanese-spam.006
- html.spam-seo.negative_position.001
- html.spam-seo.pharma-site.001
- html.spam-seo.redirect.001
- html.spam-seo.redirect.002
- html.spam-seo.redirect.005
- image.html_code.001
- image.php_code.001
- js.blackhole
- js.blackhole.gen.001
- js.blackhole.gen.001.02
- js.blackhole.gen.001.03
- js.blackhole.gen.001.04
- js.blackhole.gen.001.05
- js.blackhole.gen.001.06
- js.blackhole.gen.001.07
- js.blackhole.gen.001.08
- js.blackhole.gen.001.09
- js.blackhole.gen.002
- js.blackhole.gen.002.02
- js.blackhole.gen.002.03
- js.blackhole.gen.002.04
- js.blackhole.gen.003
- js.blackhole.generic.001.01
- js.defaced
- js.defaced.script.001
- js.malware
- js.malware.css-behavior.001
- js.malware.fb-fakevideo.001
- js.malware.generic.001
- js.malware.generic.002
- js.malware.generic.003
- js.malware.gpl
- js.malware.hidden-iframe.001
- js.malware.hidden-iframe.002.002
- js.malware.hidden-iframe.002.003
- js.malware.hidden-iframe.003
- js.malware.hidden-iframe.004
- js.malware.hidden-iframe.005
- js.malware.hidden-iframe.006
- js.malware.injector.001
- js.malware.injector.002
- js.malware.injector.003
- js.malware.injector.004
- js.malware.injector.005
- js.redirect
- js.redirect.window_location.001
- js.spam-seo
- js.spam-seo.hidden-iframe.001
- js.spam-seo.hidden-iframe.004
- js.spam-seo.hidden-iframe.005
- js.spam-seo.hidden-iframe.005.01
- js.spam-seo.hidden-iframe.006
- js.spam-seo.hidden-style.001
- js.spam-seo.hidden-style.002
- js.spam-seo.hiddendiv.001
- js.spam-seo.hideme.001
- js.spam-seo.hideme.001.02
- js.spam-seo.iframe-doorway
- js.spam-seo.iframe-doorway.001
- js.spam-seo.iframe-doorway.002
- js.spam-seo.iframe-doorway.003
- js.spam-seo.iframe-doorway.004
- js.spam-seo.injector.001
- js.spam-seo.injector.002
- js.spam-seo.injector.011
- js.spam-seo.injector.012
- js.spam-seo.injector.047
- js.spam-seo.redirect.001
- js.spam-seo.redirect.002
- js.spam-seo.redirect_gen.001
- js.spam-seo.xtrackpageview.001
- php.backdoor
- php.backdoor.arakbali.001
- php.backdoor.array.001
- php.backdoor.array.002
- php.backdoor.b374k-shell
- php.backdoor.b374k-shell.001
- php.backdoor.b374k-shell.002
- php.backdoor.b374k-shell.003
- php.backdoor.base64.001
- php.backdoor.base64.001.02
- php.backdoor.base64.001.03
- php.backdoor.base64.001.04
- php.backdoor.base64.002
- php.backdoor.base64.004
- php.backdoor.beandoor
- php.backdoor.beandoor.001
- php.backdoor.beandoor.002
- php.backdoor.byz_webshell.001
- php.backdoor.c99-shell.001.001
- php.backdoor.c99-shell.001.002
- php.backdoor.c99-shell.001.003
- php.backdoor.c99-shell.001.04
- php.backdoor.codenewbiecrew-shell.001
- php.backdoor.cookie_eval.001
- php.backdoor.create_function.001
- php.backdoor.create_function.002
- php.backdoor.create_function.002.02
- php.backdoor.create_function.003
- php.backdoor.create_function.004
- php.backdoor.create_function.005
- php.backdoor.create_function.006
- php.backdoor.create_function.007
- php.backdoor.create_function_wp.001
- php.backdoor.curl.001
- php.backdoor.curl.002
- php.backdoor.curl.003
- php.backdoor.curl.004
- php.backdoor.dbload.001
- php.backdoor.dbload.002
- php.backdoor.db_shell.001
- php.backdoor.db_shell.002
- php.backdoor.db_shell.003
- php.backdoor.determinator.001
- php.backdoor.encrypted.003
- php.backdoor.eval_gen.001
- php.backdoor.eval_gen.001.02
- php.backdoor.eval_gen.001.03
- php.backdoor.eval_gen.001.04
- php.backdoor.eval_gen.001.05
- php.backdoor.eval_gen.001.06
- php.backdoor.eval_gen.002.01
- php.backdoor.eval_gen.002.02
- php.backdoor.eval_gen.003
- php.backdoor.eval_gen.004
- php.backdoor.eval_gen.004.02
- php.backdoor.eval_post.001
- php.backdoor.eval_post.002.007
- php.backdoor.eval_post.002.2
- php.backdoor.eval_post.002.3
- php.backdoor.eval_post.002.4
- php.backdoor.eval_post.002.5
- php.backdoor.eval_post.002.6
- php.backdoor.eval_post.002.7
- php.backdoor.eval_post.002.8
- php.backdoor.eval_post.003
- php.backdoor.eval_post.004
- php.backdoor.eval_post.007
- php.backdoor.eval_post.008.001
- php.backdoor.eval_POST.008.002
- php.backdoor.eval_post.008.003
- php.backdoor.eval_post.008.004
- php.backdoor.eval_post.008.005
- php.backdoor.eval_post.008.006
- php.backdoor.eval_post.009
- php.backdoor.eval_post.010
- php.backdoor.eval_post.011
- php.backdoor.eval_post.012
- php.backdoor.eval_post.013
- php.backdoor.eval_post.014
- php.backdoor.eval_post.015
- php.backdoor.eval_post.016
- php.backdoor.eval_post_gen.001
- php.backdoor.eval_post_gen.005
- php.backdoor.eval_request.001.1
- php.backdoor.eval_request.001.2
- php.backdoor.eval_request.001.3
- php.backdoor.eval_request.001.4
- php.backdoor.eval_request.001.5
- php.backdoor.eval_request.001.6
- php.backdoor.eval_request.002
- php.backdoor.eval_request.002.02
- php.backdoor.eval_request.003
- php.backdoor.eval_request.003.02
- php.backdoor.eval_request.004
- php.backdoor.eval_request.005
- php.backdoor.eval_REQUEST.025
- php.backdoor.eval_request_gen.001
- php.backdoor.eval_xor.001
- php.backdoor.eval_xor.001.02
- php.backdoor.exec.001
- php.backdoor.fb_steal.001
- php.backdoor.filesman.001.001
- php.backdoor.filesman.001.002
- php.backdoor.filesman.001.003
- php.backdoor.filesman.001.009
- php.backdoor.filesman.001.010
- php.backdoor.filesman.001.011
- php.backdoor.filesman.001.013
- php.backdoor.filesman.001.014
- php.backdoor.filesman.001.015
- php.backdoor.filesman.002.001
- php.backdoor.filesman.002.002
- php.backdoor.filesman.002.003
- php.backdoor.filesman.002.004
- php.backdoor.filesman.002.005
- php.backdoor.filesman.002.006
- php.backdoor.filesman.002.007
- php.backdoor.filesman.002.008
- php.backdoor.filesman.003
- php.backdoor.filesman.004
- php.backdoor.file_get_content.001
- php.backdoor.file_get_contents.001
- php.backdoor.file_get_contents.002
- php.backdoor.file_get_contents.003
- php.backdoor.file_get_contents.004
- php.backdoor.file_get_contents.005
- php.backdoor.file_get_contents.006
- php.backdoor.file_get_contents.007
- php.backdoor.gen.020
- php.backdoor.generic-webshell.001
- php.backdoor.generic-webshell.001.31
- php.backdoor.generic-webshell.001.32
- php.backdoor.generic-webshell.001.34
- php.backdoor.generic-webshell.002
- php.backdoor.generic-webshell.003
- php.backdoor.generic-webshell.004
- php.backdoor.generic-webshell.005
- php.backdoor.generic.001
- php.backdoor.generic.001.14
- php.backdoor.generic.001.15
- php.backdoor.generic.001.16
- php.backdoor.generic.001.17
- php.backdoor.generic.001.18
- php.backdoor.generic.001.19
- php.backdoor.generic.001.20
- php.backdoor.generic.001.21
- php.backdoor.generic.002
- php.backdoor.generic.003
- php.backdoor.generic.003.02
- php.backdoor.generic.003.03
- php.backdoor.gp_shell.001
- php.backdoor.gp_shell.001.02
- php.backdoor.gzinflate.001
- php.backdoor.gzinflate.002
- php.backdoor.gzinflate.003
- php.backdoor.hex_xor
- php.backdoor.hex_xor.001
- php.backdoor.hex_xor.002
- php.backdoor.hmei7.001
- php.backdoor.http_post_files.001
- php.backdoor.i-47.001
- php.backdoor.i-47.002
- php.backdoor.ipcheck.001
- php.backdoor.joomla_gen.001
- php.backdoor.joomla_steal.001
- php.backdoor.myhack.001
- php.backdoor.myhack.002
- php.backdoor.nonascii.001
- php.backdoor.phpspy-shell
- php.backdoor.phpspy-shell.001
- php.backdoor.pregreplace.001
- php.backdoor.pregreplace.001.02
- php.backdoor.pregreplace.001.03
- php.backdoor.pregreplace.002
- php.backdoor.pregreplace.003
- php.backdoor.pregreplace.004
- php.backdoor.pregreplace.005
- php.backdoor.pregreplace.006
- php.backdoor.pregreplace.007
- php.backdoor.pregreplace.008
- php.backdoor.pregreplace.009
- php.backdoor.pregreplace.009.02
- php.backdoor.pregreplace.010
- php.backdoor.pregreplace.011
- php.backdoor.pregreplace.012
- php.backdoor.r57-shell.001.001
- php.backdoor.r57-shell.001.002
- php.backdoor.r57-shell.001.003
- php.backdoor.r57-shell.001.004
- php.backdoor.random-uploader.001
- php.backdoor.rename.002
- php.backdoor.request.001
- php.backdoor.rssinit.001
- php.backdoor.shell-exec.001.001
- php.backdoor.shell-exec.001.002
- php.backdoor.shell-exec.001.003
- php.backdoor.shell-exec.001.004
- php.backdoor.shell-exec.001.005
- php.backdoor.shell-exec.001.006
- php.backdoor.str_rot13.001
- php.backdoor.str_rot13.002
- php.backdoor.sv1_0_1.001
- php.backdoor.sv1_0_1.002
- php.backdoor.system.001
- php.backdoor.system.002
- php.backdoor.system.003
- php.backdoor.system.004
- php.backdoor.system_shell.001
- php.backdoor.system_shell.001.02
- php.backdoor.system_shell.002
- php.backdoor.system_shell.003
- php.backdoor.taxonomy.001
- php.backdoor.uploader
- php.backdoor.uploader.001
- php.backdoor.uploader.001.02
- php.backdoor.uploader.002
- php.backdoor.uploader.002.02
- php.backdoor.uploader.003
- php.backdoor.uploader.004
- php.backdoor.uploader.004.02
- php.backdoor.uploader.005
- php.backdoor.uploader.006
- php.backdoor.uploader.007
- php.backdoor.uploader.008
- php.backdoor.uploader.009
- php.backdoor.uploader.010
- php.backdoor.uploader.011
- php.backdoor.uploader_gen.001
- php.backdoor.uploader_gen.002
- php.backdoor.uploader_post.001
- php.backdoor.vbspiders.001
- php.backdoor.vpsp.001
- php.backdoor.vpsp.001.001
- php.backdoor.vpsp.001.002
- php.backdoor.webshell.001.001
- php.backdoor.webshell_gen
- php.backdoor.webshell_gen.003
- php.backdoor.webshell_gen.004
- php.backdoor.webshell_gen.005
- php.backdoor.webshell_gen.006
- php.backdoor.webshell_gen.007
- php.backdoor.webshell_gen.008
- php.backdoor.webshell_gen.009
- php.backdoor.webshell_gen.010
- php.backdoor.webshell_gen.011
- php.backdoor.webshell_gen.012
- php.backdoor.webshell_gen.013
- php.backdoor.webshell_gen.015
- php.backdoor.webshell_gen.016
- php.backdoor.webshell_gen.017
- php.backdoor.webshell_gen.018
- php.backdoor.webshell_gen.019
- php.backdoor.webshell_gen.020
- php.backdoor.webshell_gen.021
- php.backdoor.webshell_gen.022
- php.backdoor.webshell_gen.023
- php.backdoor.webshell_gen.024
- php.backdoor.webshell_gen.025
- php.backdoor.webshell_gen.026
- php.backdoor.webshell_gen.027
- php.backdoor.webshell_gen.028
- php.backdoor.webshell_gen.029
- php.backdoor.webshell_gen.030
- php.backdoor.webshell_gen.037
- php.backdoor.webshell_gen.038
- php.backdoor.webshell_gen.039
- php.backdoor.webshell_gen.040
- php.backdoor.webshell_gen.041
- php.backdoor.webshell_gen.042
- php.backdoor.webshell_gen.043
- php.backdoor.webshell_gen.044
- php.backdoor.webshell_gen.045
- php.backdoor.webshell_gen.046
- php.backdoor.webshell_gen.047
- php.backdoor.webshell_gen.048
- php.backdoor.webshell_gen.049
- php.backdoor.webshell_gen.050
- php.backdoor.webshell_gen.051
- php.backdoor.webshell_gen.074
- php.backdoor.webshell_gen.31
- php.backdoor.webshell_gen.32
- php.backdoor.webshell_gen.33
- php.backdoor.webshell_gen.34
- php.backdoor.webshell_gen.35
- php.backdoor.webshell_gen.36
- php.backdoor.whcms_killer.001
- php.backdoor.wp-admin_bypass.001
- php.backdoor.wp_addaction.001
- php.backdoor.wp_addaction.001.02
- php.backdoor.wp_addaction.001.03
- php.backdoor.wp_adminadd.001
- php.backdoor.wscript-shell.001
- php.backdoor.xhell.001.01
- php.defaced
- php.defaced.script.001
- php.defaced.script.002
- php.defaced.script.003
- php.defaced.Zone-H_Poster.001
- php.dropper
- php.dropper.hosts.001
- php.dropper.hosts.001.02
- php.dropper.linux-rootkit.001
- php.dropper.reverse_shell.001
- php.exploit
- php.exploit.cpanelbruteforce.001
- php.exploit.cpanelbruteforce.001.001
- php.exploit.cpanelbruteforce.001.002
- php.exploit.leak.001
- php.exploit.leak.001.001
- php.exploit.leak.001.002
- php.exploit.suphp.001
- php.exploit.suphp.001.001
- php.exploit.suphp.001.002
- php.exploit.sysinfo.001
- php.exploit.sysinfo.001.02
- php.hacktool
- php.hacktool.arhack_generic.001
- php.hacktool.cpanel_bruteforce.001
- php.hacktool.cpanel_bruteforce.002
- php.hacktool.dark-mailer.001
- php.hacktool.ddos
- php.hacktool.doorway-gen.001
- php.hacktool.ircbot.001
- php.hacktool.ircbot.002
- php.hacktool.ircbot.003
- php.hacktool.mailer-jezzy.001
- php.hacktool.mailer-jezzy.002
- php.hacktool.mailer-jezzy.003
- php.hacktool.mailer-s3nd3r.001
- php.hacktool.mailer-sp4m3r-fb3.001
- php.hacktool.mailer-tool4spam.001
- php.hacktool.mailer.001
- php.hacktool.mailer.002
- php.hacktool.mailer.003
- php.hacktool.mailer.004
- php.hacktool.mailer.005
- php.hacktool.mailer.006
- php.hacktool.mailer.007
- php.hacktool.mailer.008
- php.hacktool.mailer.009
- php.hacktool.mailer.010
- php.hacktool.mailer.011
- php.hacktool.massdeface.001
- php.hacktool.php_proxy.001
- php.hacktool.php_proxy.002
- php.hacktool.postman-full.001
- php.hacktool.safemode-disabler.001
- php.hacktool.SAPE.001
- php.hacktool.SAPE.001.02
- php.hacktool.SAPE.001.03
- php.hacktool.SAPE.001.04
- php.hacktool.scan-inb0x-hotmail.001
- php.hacktool.spamtool.005
- php.hacktool.sqlinjection.001
- php.hacktool.sql_sniper_hex.001
- php.hacktool.sql_sniper_hex.002
- php.hacktool.sql_teamhack.001
- php.hacktool.tryag_cpanelcracker.001
- php.hacktool.tryag_cpanelcracker.002
- php.hacktool.twitterbruteforce.001
- php.hacktool.udpflood.001
- php.hacktool.udpflood.002
- php.hacktool.viaWorm-doorway-gen
- php.hacktool.viaWorm-doorway-gen.001
- php.hacktool.wp_users.005
- php.injected.scounter.001
- php.mailer
- php.mailer.cookie
- php.mailer.encrypted.001
- php.mailer.gen.001
- php.mailer.gen.002
- php.mailer.gen.004
- php.mailer.gen.005
- php.mailer.phpinfo.001
- php.mailer.post.001
- php.mailer.post.002
- php.mailer.post.002.001
- php.mailer.post.002.002
- php.mailer.post.002.003
- php.mailer.post.002.004
- php.mailer.post.003
- php.mailer.post.003.02
- php.mailer.post.004
- php.mailer.post.004.02
- php.mailer.post.004.03
- php.mailer.post.004.04
- php.mailer.post.005
- php.mailer.POST.005.02
- php.mailer.post.006
- php.mailer.post.007
- php.mailer.post.008
- php.mailer.spambot.001
- php.mailer.spamtool.001
- php.malware
- php.malware.anuna.001.02
- php.malware.assert.001
- php.malware.assert.002
- php.malware.assert.003
- php.malware.base64.001
- php.malware.base64.001.020
- php.malware.base64.002
- php.malware.base64.003
- php.malware.base64.004
- php.malware.base64.005
- php.malware.base64.006
- php.malware.base64.007
- php.malware.base64.008
- php.malware.base64.009
- php.malware.base64.010.02
- php.malware.base64.011
- php.malware.base64.012
- php.malware.base64.013
- php.malware.base64.014
- php.malware.base64.015
- php.malware.base64.016
- php.malware.base64.017
- php.malware.create_function.001
- php.malware.create_function.001.02
- php.malware.create_function.001.03
- php.malware.create_function.004
- php.malware.dropper.004.02
- php.malware.eval_gen.001
- php.malware.eval_gen.002
- php.malware.eval_gen.005
- php.malware.eval_hex.001
- php.malware.eval_hex.002
- php.malware.eval_hex.003
- php.malware.exif_read.001
- php.malware.exif_read.001.02
- php.malware.extract.001
- php.malware.fopo_obfuscator.001
- php.malware.generic-str_rot13.001
- php.malware.generic.001
- php.malware.generic.002
- php.malware.generic.003
- php.malware.generic.004
- php.malware.generic.005
- php.malware.generic.006
- php.malware.generic.006-1
- php.malware.generic.007
- php.malware.generic.008
- php.malware.generic.009
- php.malware.generic.010
- php.malware.generic.011
- php.malware.generic.012
- php.malware.generic.013
- php.malware.generic.014
- php.malware.generic.015
- php.malware.generic.016
- php.malware.generic.017
- php.malware.generic.018
- php.malware.generic.019
- php.malware.generic.020
- php.malware.generic.021
- php.malware.generic.022
- php.malware.generic.023
- php.malware.generic.024
- php.malware.generic.025
- php.malware.generic.026
- php.malware.generic.027-1
- php.malware.generic.027-10
- php.malware.generic.027-2
- php.malware.generic.027-3
- php.malware.generic.027-4
- php.malware.generic.027-5
- php.malware.generic.027-6
- php.malware.generic.027-7
- php.malware.generic.027-8
- php.malware.generic.027-9
- php.malware.generic.028
- php.malware.generic.029
- php.malware.generic.030
- php.malware.generic.030.001
- php.malware.generic.031
- php.malware.generic.032
- php.malware.generic.034
- php.malware.generic.035
- php.malware.generic.036
- php.malware.generic.037
- php.malware.generic.038
- php.malware.generic.039
- php.malware.generic.040
- php.malware.generic.050
- php.malware.GLOBALS.003
- php.malware.GLOBALS.004
- php.malware.gzinflate_hex.001
- php.malware.gzuncompress.001
- php.malware.hidden-iframe
- php.malware.http-enc.001
- php.malware.include.001
- php.malware.include.002
- php.malware.include.003
- php.malware.include.004
- php.malware.injector.001
- php.malware.injector.002
- php.malware.injector.003
- php.malware.injector.004
- php.malware.injector.005
- php.malware.injector.006
- php.malware.injector.007
- php.malware.injector.008
- php.malware.injector.009
- php.malware.injector.010
- php.malware.injector.011
- php.malware.obfuscated.001
- php.malware.obfuscated.001.002
- php.malware.pastebin.001
- php.malware.strrev.001
- php.malware.strrev.002.02
- php.malware.tds-url
- php.malware.ua_check.001
- php.malware.ua_check.002
- php.malware.ua_check.003
- php.malware.ua_check.004
- php.malware.ua_check.005
- php.phishing
- php.phishing.generic.014
- php.phishing.gmail.001
- php.phishing.hitman.001
- php.phishing.hitman.002
- php.redirect
- php.redirect.header_location.001
- php.redirect.header_location.002
- php.redirect.header_location.002.02
- php.redirect.header_location.003
- php.redirect.header_location.004
- php.redirect.header_location.005
- php.redirect.header_location.006
- php.redirect.header_location.018
- php.redirect.header_location.019
- php.redirect.header_location.022
- php.redirect.js_window_location.001
- php.spam-seo
- php.spam-seo.bean-injector.001
- php.spam-seo.b_chgl.001
- php.spam-seo.dbload.001
- php.spam-seo.doorway-gen.001
- php.spam-seo.doorway-gen.043
- php.spam-seo.fake-wpflash.001
- php.spam-seo.gen.001
- php.spam-seo.gen.002
- php.spam-seo.gen.003
- php.spam-seo.gen.004
- php.spam-seo.gen.005
- php.spam-seo.gen.006
- php.spam-seo.gen.007
- php.spam-seo.gen.008
- php.spam-seo.gen.009
- php.spam-seo.gen.010
- php.spam-seo.gen.011
- php.spam-seo.gen.021
- php.spam-seo.header_location.001
- php.spam-seo.header_location.007
- php.spam-seo.header_location.008
- php.spam-seo.header_location.009
- php.spam-seo.header_location.020
- php.spam-seo.header_location.021
- php.spam-seo.header_location.024
- php.spam-seo.hiddeniframe.001
- php.spam-seo.hiddeniframe.002
- php.spam-seo.iframer.001
- php.spam-seo.infector
- php.spam-seo.infector.001
- php.spam-seo.infector.001.001
- php.spam-seo.infector.001.002
- php.spam-seo.infector.001.003
- php.spam-seo.infector.002
- php.spam-seo.infector.003
- php.spam-seo.injector.001
- php.spam-seo.injector.001.012
- php.spam-seo.injector.006.002
- php.spam-seo.injector.015
- php.spam-seo.injector.016
- php.spam-seo.injector.017
- php.spam-seo.injector.018
- php.spam-seo.injector.019
- php.spam-seo.injector.020
- php.spam-seo.injector.021
- php.spam-seo.injector.022
- php.spam-seo.injector.023
- php.spam-seo.injector.024
- php.spam-seo.injector.153
- php.spam-seo.injector.163
- php.spam-seo.injector.229
- php.spam-seo.injector_gen.001
- php.spam-seo.injector_gen.002
- php.spam-seo.injector_gen.003
- php.spam-seo.injector_gen.004
- php.spam-seo.injector_gen.005
- php.spam-seo.injector_gen.006
- php.spam-seo.injector_gen.007
- php.spam-seo.injector_gen.008
- php.spam-seo.injector_gen.009
- php.spam-seo.injector_gen.010
- php.spam-seo.injector_gen.011
- php.spam-seo.injector_gen.012
- php.spam-seo.injector_gen.013
- php.spam-seo.injector_gen.014
- php.spam-seo.injector_gen.015
- php.spam-seo.injector_gen.016
- php.spam-seo.injector_gen.017
- php.spam-seo.injector_gen.018
- php.spam-seo.injector_gen.019
- php.spam-seo.injector_gen.020
- php.spam-seo.injector_gen.021
- php.spam-seo.injector_gen.023
- php.spam-seo.injector_gen.024
- php.spam-seo.joomla-injector.001
- php.spam-seo.joomla-injector.002
- php.spam-seo.payday_loans.001
- php.spam-seo.redirect.001
- php.spam-seo.redirect.002
- php.spam-seo.redirect.002.001
- php.spam-seo.redirect.002.003
- php.spam-seo.redirect.002.1
- php.spam-seo.redirect.003
- php.spam-seo.redirect.003.001
- php.spam-seo.redirect.004
- php.spam-seo.redirect.027
- php.spam-seo.redirect.106
- php.spam-seo.redirect_gen.001
- php.spam-seo.redirect_gen.017
- php.spam-seo.remote_dor_content
- php.spam-seo.remote_dor_content.001
- php.spam-seo.viaWorm.001
- php.spam-seo.viaWorm_infector.001
- php.spam-seo.wordpress-infector.001
- php.spam-seo.wp_doorgen.001
- php.spam-seo.xviewstate.001
- php.spam-seo.xviewstate.002
- pl.backdoor
- pl.backdoor.cgitelnet-shell.001
- pl.backdoor.confspy.001
- pl.backdoor.confspy.001.02
- pl.backdoor.conf_steal.001
- pl.backdoor.connectback.001
- pl.backdoor.ihs.001
- pl.backdoor.priv8.001
- pl.backdoor.shellbot.001
- pl.hacktool
- pl.hacktool.configuration_stealer.001
- pl.hacktool.configuration_stealer.002
- pl.hacktool.ddos-perl-ircbot.001
- pl.hacktool.information_gathering.001
- pl.hacktool.ircbot.001
- pl.hacktool.ircbot.002
- pl.hacktool.ircbot.004
- pl.hacktool.w3tw0rk_b0t.001
- py.backdoor.chickenlittle-shell.001
- py.hacktool
- py.hacktool.webshell.001
- rex.array_join.004
- rex.array_join.006
- rex.backdoor.eval_post.001
- rex.binary_content.001
- rex.create_function.003
- rex.defaced.generic.007
- rex.defaced.generic.008
- rex.defaced.generic.009
- rex.eval_cookie.003
- rex.include_abs_path.004
- rex.malware_generic.018
- rex.multi_vars.004
- rex.phishing.bank.001
- rex.phish_mailer_gen.002
- rex.spam_seo_links.001
- rex.url_short.001
- sh.hacktool
- sh.hacktool.abacus-exploit.001
- vb.injected
- vb.injected.wshshell-dropper
- vb.malware
- vb.malware.gen.001
- vb.spam-seo
- vb.spam-seo.redirect.001
- Home
- Malware Signatures
- php.backdoor.eval_REQUEST.025