SiteCheck Signatures

  1. Home
  2. Signatures
  3. SiteCheck Signatures
  4. backdoor-phpevalgzinflateb64

backdoor-phpevalgzinflateb64

Description: We detected a highly encoded (and malicious) code hidden under a loop of gzinflate/gzuncompress/base64_decode calls. After decoded, it goes through an eval call to execute the code.

Affecting: Any web site (often through outdated WordPress, Joomla, vBulletin, osCommerce and stolen passwords).

Clean up: You can also sign up with us and let our team remove the malware for you.

Malware dump:

eval ( gzinflate( base64_decode("FZhFtoVcloSnkr3MP2n..