REDROOM
PHP 8.2.31
Path:
Logout
Edit File
Size: 740 B
Close
/proc/self/root/proc/self/root/proc/thread-self/root/var/imunify360/files/sigs/v1/heuristic/main.yara
Text
Base64
// import "math" include "webshells.yara" /*private global rule size_limit { condition: filesize < 1MB } private rule is_php { strings: $str = /<\?(php|\s)/ condition: (filesize < 1MB) and $str } private rule php_keywords_rate { strings: $keyword = /\b(this|if|return|function|else|array|false|true)\b/ condition: is_php and math.divide(#keyword, filesize) > 0.001 } rule php_packed { strings: $func1 = /base64_decode\s*\(/ $func2 = /eval\s*\(/ $func3 = /\$[a-zA-Z0-9_]+\(/ condition: is_php and (($func1 and $func2) or $func3) and (math.entropy(0, filesize) >= 5.00) and not php_keywords_rate //5.81 } *./
Save
Close
Exit & Reset
Text mode: syntax highlighting auto-detects file type.
Directory Contents
Dirs: 0 × Files: 2
Delete Selected
Select All
Select None
Sort:
Name
Size
Modified
Enable drag-to-move
Name
Size
Perms
Modified
Actions
main.yara
740 B
lrw-r--r--
2024-03-06 00:47:17
Edit
Download
Rename
Chmod
Change Date
Delete
OK
Cancel
recursive
OK
Cancel
recursive
OK
Cancel
webshells.yara
273.52 KB
lrw-r--r--
2024-03-06 00:47:17
Edit
Download
Rename
Chmod
Change Date
Delete
OK
Cancel
recursive
OK
Cancel
recursive
OK
Cancel
Zip Selected
If ZipArchive is unavailable, a
.tar
will be created (no compression).