Email Marketing News & updates

Smoker Backdoor: Evasion Techniques in Webshell Backdoors

Smoker Backdoor: Evasion Techniques in Webshell Backdoors“Smoker Backdoor” is a PHP webshell backdoor that uses hexadecimal and decimal obfuscation in conjunction with the PHP function goto to evade detection from malware scanners.

The hexadecimal/decimal obfuscation is clear to see when viewing the file’s PHP code. For instance, this section of the PHP code is obfuscated using this method:

if ($_GET[“x7256x615x65”] == “4x72x75x65”) {
    echo “x3c672x6dx205x6e3x741x705x2255x6c4x69x701x724x66x6f25x641x741x225x65x74x68x6f4x3d0x6f3x74x22xax20” .
        htmlspecialchars($_GET[“x66x69x6c5”])

As with many webshells, it allows the user to set a password to control access to the webshell.

Continue reading Smoker Backdoor: Evasion Techniques in Webshell Backdoors at Sucuri Blog.

Source: Scuri check