Things to Do and See

PHP Reference

• Common functions
  • base64_decode / base64_encode
  • gzinflate / gzdeflate
  • eval
  • exec / passthru / system
  • curl_init / curl_ functions
  • file / file_get_contents / file_put_contents
  • fopen / fwrite / fputs / fclose
  • goto
  • hexbin bindec dechex hexdec

Common functions

The following functions are commonly used throughout malware in order to hide, retrieve, log (in some cases) and execute their payload.

base64_decode / base64_encode

gzinflate / gzdeflate

eval

exec / passthru / system

curl_init / curl_ functions

file / file_get_contents / file_put_contents

fopen / fwrite / fputs / fclose

goto

hexbin bindec dechex hexdec

This site is open source. Improve this page.