SiteCheck Signatures

  1. Home
  2. Signatures
  3. SiteCheck Signatures
  4. backdoor-phppreg_replaceeval

backdoor-phppreg_replaceeval

Description: We detected a malicious code hidden under a preg_replace with the "e" switch that acts as an eval call (code execution). It is often used to bypass simple detection methods that only look for "eval(" call itself.

Use: Hide spam, malware and backdoors.

Affecting: Any web site (often through outdated WordPress, Joomla, vBulletin, osCommerce and stolen passwords).

Clean up: You can also sign up with us and let our team remove the malware for you.

Malware dump:

preg_replace("/.*/e","x65x76x61x6Cx28x67x7Ax69...2LKjE1nyJHlOmua7X4AiRdpW2t2/bmtJFEDiB4IACCrx1Og8mS7TcRln6Si6jYuy6LRnWTZLona3a9wbkmlUxM5O3L3fCYMXeR7edVpFOI1G82wStXqtbBGlo6uwiCZxDq81axSn42QJz016dBuNBXESF+FVEo0kWgG0MEmy...