Search the Community

PHP malware finder does it is very best to detect obfuscated/dodgy code as well as files using PHP functions often used in malware/webshells. The following list of encoders/obfuscators/webshells are also detected: Best PHP Obfuscator Carbylamine Cipher Design Cyklodev Joes Web Tools Obfuscator P.A.S PHP Jiami Php Obfuscator Encode SpinObf Weevely3 atomiku cobra obfuscator phpencode tennc web-malware-collection webtoolsvn novahot Of course, it’s trivial to bypass PMF, but its goal is to catch kiddies and idiots, not people with a working brain. If you report a stupid tailored bypass for PMF, you likely belong to one (or both) category and should re-read the previous statement. How does it work? Detection is performed by crawling the filesystem and testing files against a set of YARA rules. Yes, it’s that simple! Instead of using an hash-based approach, PMF tries as much as possible to use semantic patterns, to detect things like “a $_GET variable is decoded two times, unziped, and then passed to some dangerous function like system“. [hide][Hidden Content]]