Malware Signatures

  1. Home
  2. Malware Signatures
  3. php.backdoor.random-uploader.001

php.backdoor.random-uploader.001

Backdoors are pieces of code that allow attackers to bypass authentication, maintain their access to the server and reinfect files. Some of those malicious files can be as simple as a single line of code, allowing the execution of remote code, or complex algorithms, providing different functions to the attacker.

This PHP uploader can upload files giving them random filenames and placing them to random site subdirectories. It can also execute any PHP code working as a backdoor.

Affecting

Any sites on servers with enabled PHP

Cleanup

You can sign up with us and let our team remove the malware for you.

Dump

$version = "1.5";
if(!empty($_POST["gjwqweodsa"]) and strlen($_POST["gjwqweodsa"]) > 0 and isset($_POST["gjwqweodsa"])){
$isevalfunctionavailable = false;
...
}else if($save_type == "random_dir_random_dirname"){
...
@chmod($uploadfile,0644);
echo "UPLOAD:http://".str_replace($_SERVER["DOCUMENT_ROOT"],$_SERVER["SERVER_NAME"],$uploadfile)."-END";
...