4 Sep, 2016

Deobfuscation Made Easy With MalwareDecoder.com

Learn how to use MalwareDecoder.com, a free online tool by Quttera, to easily deobfuscate malicious code and identify malware infections on your website.
Battling malware has been a very competitive and very fulfilling task nowadays. It brings joy and confidence to each Malware Analyst that can discover or unravel the code being used for an attack or infection. We at Quttera, were able to help other Malware Analysts with their tasks by providing tools for them to be used in their analysis. We have tested it with one of the suspicious files that we got on one of our clean ups.
File : wp-manage.php
MD5 : 7B1231F8C385977706396B8F221D5D01
As you can see, the file is heavily obfuscated to discourage anyone who wants to read it:
The tool is very easy to use. Just visit the site: https://malwaredecoder.com/
and paste the content of the file on the field box provided on the page and click DECODE.

This is what it looks like after clicking the DECODE button:
It shows the levels of decryption to show the step by step decoding of the file. Based on the final decryption, it is a FilesMan Backdoor. You may want to check our other write up, with regards to FilesMan:

FilesMan Backdoor
Your website is infected with the malware or is blocked by search engines?
Here at Quttera we are cleaning this and other kinds of malware on a daily basis. If you would like our malware analysts to help you, just select appropriate ThreatSign! Anti-Malware plan and get back online.

For other issues and help: Quttera help-desk