Deobfuscation made easy with MalwareDecoder.com
Battling malware has been a very competitive and very fulfilling task nowadays. It brings joy and confidence to each Malware Analyst that can discover or unravel the code being used for an attack or infection. We at Quttera, were able to help other Malware Analysts with their tasks by providing tools for them to be used in their analysis. We have tested it with one of the suspicious files that we got on one of our clean ups.
File : wp-manage.php
MD5 : 7B1231F8C385977706396B8F221D5D01
As you can see, the file is heavily obfuscated to discourage anyone who wants to read it:
The tool is very easy to use. Just visit the site:
and paste the content of the file on the field box provided on the page and click DECODE.
This is what it looks like after clicking the DECODE button:
It shows the levels of decryption to show the step by step decoding of the file. Based on the final decryption, it is a FilesMan Backdoor. You may want to check our other write up, with regards to FilesMan:
Your website is infected with the similar malware and/or blacklisted?
Here at Quttera we’re cleaning this and other kinds of malware on a daily basis. If you’d like our malware analysts to help you, just select appropriate ThreatSign! anti-malware plan
and get back online.
For other issues and help: Quttera's help-desk