PHP/WebShell [Threat Name] go to Threat

PHP/WebShell.NBV [Threat Variant Name]

Category trojan
Detection created Apr 14, 2014
Detection database version 9674
Aliases PHP.Shell.101 (Dr.Web)
Short description

The trojan serves as a backdoor. It can be controlled remotely.

Installation

The trojan does not create any copies of itself.


The trojan is usually found in the following folder:

  • %webserverdocumentsrootfolder%
Other information

The trojan acquires data and commands from a remote computer or the Internet. The HTTP protocol is used.


It can execute the following operations:

  • execute shell commands
  • execute SQL commands
  • download files from a remote computer and/or the Internet
  • run executable files
  • various filesystem operations
  • collect information about the operating system used
  • send open TCP and UDP port numbers to a remote computer
  • open ports
  • brute-force logins for          FTP, MySql, PostgreSql
  • send list of installed applications
  • send gathered information

Some examples follow.

Please enable Javascript to ensure correct displaying of this content and refresh this page.