Jump to content
YOUR-AD-HERE
HOSTING
TOOLS
SERVICE

Locked Php malware finder: Detect potentially malicious PHP files


itsMe

Recommended Posts

This is the hidden content, please

PHP malware finder does it is very best to detect obfuscated/dodgy code as well as files using PHP functions often used in malware/webshells.

The following list of encoders/obfuscators/webshells are also detected:

    Best PHP Obfuscator
    Carbylamine
    Cipher Design
    Cyklodev
    Joes Web Tools Obfuscator
    P.A.S
    PHP Jiami
    Php Obfuscator Encode
    SpinObf
    Weevely3
    atomiku
    cobra obfuscator
    phpencode
    tennc
    web-malware-collection
    webtoolsvn
    novahot

Of course, it’s trivial to bypass PMF, but its goal is to catch kiddies and idiots, not people with a working brain. If you report a stupid tailored bypass for PMF, you likely belong to one (or both) category and should re-read the previous statement.

How does it work?

Detection is performed by crawling the filesystem and testing files against a set of YARA rules. Yes, it’s that simple!

Instead of using an hash-based approach, PMF tries as much as possible to use semantic patterns, to detect things like “a $_GET variable is decoded two times, unziped, and then passed to some dangerous function like system“.

This is the hidden content, please

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.