Obfuscated Backdoor – Trying To Unravel

  • I recently had a problem with a malware infection and I traced the source back to a strangely named PHP file with some even stranger code inside it. Here’s what it looked like to start with (note this sample does not include all the code!)

    [ Malware redacted, please do not post even portions. ]

    I tried several different online decoders and finally found UNPHP which rendered the first part of the coding as: (again NOT the full code!)

    [ Also redacted ]

    Has anyone seen this coding before and if so, can anyone shed some light on exactly what this file is doing? I’ll provide addition code if someone recognizes this type of obfuscation.

    Thanks in advance!

Viewing 2 replies - 1 through 2 (of 2 total)
  • Moderator Samuel Wood (Otto)

    (@otto42)

    www.remarpro.com Admin

    Best not to post that sort of thing publicly.

    If you like, email me a copy. otto at wordpress dot org.

    My advice: delete anything you can find that is related to it.

    Doesn’t really matter what it is doing, the fact that it was obscurely named means that the person didnt want you do know that it was there.

    I would recommend setting up some kind of malware protection with your hosting provider if available.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Obfuscated Backdoor – Trying To Unravel’ is closed to new replies.