Global CyberSecurity

Smoker Backdoor: Evasion Techniques in Webshell Backdoors

0

Published on 08/13/2020 – Last Updated on 08/13/2020 by OTC

“Smoker Backdoor” is a PHP webshell backdoor that uses hexadecimal and decimal obfuscation in conjunction with the PHP function goto to evade detection from malware scanners.

The hexadecimal/decimal obfuscation is clear to see when viewing the file’s PHP code. For instance, this section of the PHP code is obfuscated using this method:

if ($_GET[“x72145156x61155x65”] == “164x72x75x65”) {
    echo “x3c146157162x6dx20145x6e143x74171x7014575x22155165x6c164x69x70141x7216457x66x6f16215555x64141x74141x2240155x65x74x68x6f144x3d42160x6f163x74x2276xax2040” .
        htmlspecialchars($_GET[“x66x69x6c145”])

As with many webshells, it allows the user to set a password to control access to the webshell.

Continue reading Smoker Backdoor: Evasion Techniques in Webshell Backdoors at Sucuri Blog.

The MozCon Virtual Video Bundle Is Here (Plus, Our 2019 Videos are FREE!)

Previous article

Israel and US complete successful flight test of Arrow-2 ballistic missile

Next article

You may also like

Comments

Comments are closed.