707.206.7563
Account Login

Login to your account

Username *
Password *
Remember Me

Detecting Malware VIA Regex

So there have been a rash of next generation Malware scripts that are using some tools that make them much more difficult to be detected. This post is intended to be a reference to several of the important REGEX patterns that I was albe to use to find the Malware packages to be removed.

<?php $GLOBALS['q489'] = "\x64\x69\x5c\x2b\x6c\x40\x59\x79\x30\x44\x6f\x3a\x27\x2e\x72\x57\x38\x49\x2a\x45

Can be detected with the following string

\<\?php.*(\\x[a-zA-Z0-9]*?)+

Here is another string to detect base64_decode strings with long packages that could indicate that something malicious is hiding

base64_decode(.{200,})

 

eval\(.*?base64_decode\(.{200,}


Also be sure to be on the look out for these other functions I've seen in conjunction with Malware

str_rot13(), assert()

View Portfolio

Catalina Express
ADTI Media
White Dragon Martial Arts
Devices For Life
PCE Ship Repair
Oral Pathology Diagnostic Services
Specialty Home Improvement
Far North Climbing Gym
Lamkin Grips
Networld Solutions
3D Expressions
Anna Danes
Cottage Construction Co
Tomo Japanese Restaurant
Prev Next

Testimonials

 We run a boutique design agency and pride ourselves on the high-quality of our work, so when we were looking for a new developer, we did not take it lightly...

Tribe Creative

Cat Rivademar Battson

Read more

...Trevor
 has a
 commitment 
to 
excellence 
in
 his
 work,
 and
 his 
honesty
 and
 friendliness
 to
 all
 those
 around
 him
 make 
him
 a
 joy 
to 
work 
with...I highly recommend him!

Colored By Nature

Darren Davis

Read more

Trevor is an expert in his craft, he is patient and candid, and I recommend him every chance I get.

Makua Coffee

Stacy Auruway

Read more

Joomla | PHP | MySQL | Javascript | HTML | Moo Tools | JQuery | AJAX | DNS Management |  E-Commerce

This email address is being protected from spambots. You need JavaScript enabled to view it. - 707-206-7563  linkedin-icon facebook-icon yelp-icon google-icongithub-icon