malware detected, but ... inside maldetect (!) #26
Description
my results:
FILE HIT LIST:
{HEX}php.gzbase64.inject.457 : /home/me/ausx/maldetect-1.6.6/files/clean/gzbase64.inject.unclassed
{HEX}php.cmdshell.antichat.202 : /home/me/ausx/maldetect-1.6.6/files/sigs/rfxn.yara
{HEX}php.gzbase64.inject.457 : /home/me/aus_malde/linux-malware-detect/files/clean/gzbase64.inject.unclassed
then
cat /home/me/ausx/maldetect-1.6.6/files/clean/gzbase64.inject.unclassed
#!/usr/bin/env bash
export PATH=/sbin:/bin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
# $1 file path, $2 signature name, $3 file owner, $4 file mode, $5 file size (b), $6 file md5sum
if [ -f "$1" ]; then
sed -i -e 's/<?.*eval(gzinflate(base64_decode(.*?>//' -e 's/<?php.*eval(gzinflate(base64_decode(.*?>//' -e 's/eval(gzinflate(base64_decode(.*);//' "$1"
fi
cat /home/me/aus_malde/linux-malware-detect/files/clean/gzbase64.inject.unclassed
#!/usr/bin/env bash
export PATH=/sbin:/bin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
# $1 file path, $2 signature name, $3 file owner, $4 file mode, $5 file size (b), $6 file md5sum
if [ -f "$1" ]; then
sed -i -e 's/<?.*eval(gzinflate(base64_decode(.*?>//' -e 's/<?php.*eval(gzinflate(base64_decode(.*?>//' -e 's/eval(gzinflate(base64_decode(.*);//' "$1"
fi
Is this ok?