Top 5 Malware Signatures - Week 29-30

We want to keep you up-to-date so we collected the Top 5 New Malware Signatures for you from the past two weeks! Don't forget that you are able to create your own malware signature too! We experienced that this crowdsourcing method between severals thousands of servers works fantastic in our IP reputation system, so keep on making the internet a safer place together! Thanks to your contribution we already have more than 15 000 malware signatures in our database.

#5 PHP Backdoor Remote Code Executor

A simple remote code executor script that receives data via cookies and posts. It has an additional parameter to decide which function should be used: str_rot13, pack or strrev.

Source code:

#4 PHP Backdoor WSO-Webshell

An obfuscated HTML file manager with base64 encoding, using eval to run decoded PHP code. According to VirusTotal, it runs by the name Tencent Heur: Trojan.Script.LS_Gencirc.7179453.0 .

Source code:

#3 PHP Backdoor Eval Obfuscated Ultim4t3 H4x 0r Shell

An advanced webshell for malicious activities. It uses base64, url, htmlspecialchars encoding and forks a new process. Also matches to some Yara rules for both the source code and output.

Source code:

#2 PHP Backdoor Eval Obfuscated Are You Ok 3

The malware downloads the source code to be executed from domainnamespace.top/lf.txt (198.204.244.186 - blacklisted by BitNinja), the script checks and updates itself from this file. The backdoor owner can manipulate the behavior by changing this file. At the time of the SA signature creation this source contains a complete hacker toolset. The access is password protected for the hacker.

Source code:

#1 PHP Backdoor WSO Webshell

An obfuscated variant of the WSO Webshell. The script pretends to show a 403 or 404 error page.

Source code:

If you haven't tried BitNinja yet don't forget to registerfor the 7-day free trial! No credit card needed!

Sign up for a free trial

For our subscribers we also provide valuable information about malwares and the most recent news from the cybersecurity world.

trial
If you have no more queries, 
take the next step and sign up!
Don’t worry, the installation process is quick and straightforward!
2023 BitNinja. All Rights reserved.
magnifiercross