WordPress Malware

Collection of malware collected on hacked (honeypot) WordPress websites.

Inspired by https://github.com/bediger4000/php-malware-analysis

Files are organized in directories by the day discovered by CXS or Imunify.

Custom Functions

Most common custom functions defined within php files that are responsible for malicious behavior such as file modifications, downloading, executing PHP, and scanning files:

restore(); file_man(); edit_file(); save_file(); save_norm(); delete_file(); delete_zpl(); exec_php(); suicide(); make_worker(); manage_file(); download000(); chmod_file(); renew_file(); manual_av(); manual_wp(); make_wp(); copy_zpl(); update_wordpress(); debug_wordpress(); delete_md5(); delete_name();

Used by 🔴 Malware Scanner and Simple Virus Scanner cPanel plugins

Email me for removal at pejcha1994[at]gmail.com