MALICIOUS
62
Risk Score
Heuristics 2
-
PHP webshell / backdoor source critical WEBSHELL_PHPThe file contains PHP server-side code with the signature of a webshell/backdoor (named PHP webshell banner (FilesMan)). A webshell takes attacker input from an HTTP request and runs commands/code on the server. Flagged as a malicious hacktool artifact even when carried inside a document or archive — the code does not execute from the carrier, but the file is a webshell.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://noreferer.de/?http://www.exploit-db.com/search/?action=search&description= In RTF body
- http://noreferer.de/?http://www.google.com/search?q=In RTF body
- https://hashcracking.ru/index.phpIn RTF body
- http://md5.rednoize.com/?q=In RTF body
- http://www.hashcrack.com/index.phpIn RTF body
- http://toolki.com/In RTF body
- http://fopo.com.ar/In RTF body
- http://www.md5decrypter.com/In RTF body
- https://cdn.jsdelivr.net/particles.js/2.0.0/particles.min.jsIn RTF body
- http://www.fakenamegenerator.com/In RTF body
Open this report in the interactive analyzer, or submit your own file for analysis.