HEX
Server: Apache/2
System: Linux jingle.dotvndns.vn 2.6.32-754.17.1.el6.x86_64 #1 SMP Tue Jul 2 12:42:48 UTC 2019 x86_64
User: chuahuehuong (1863)
PHP: 7.3.16
Disabled: apache_note,apache_setenv,proc_get_status,exec,passthru,proc_nice,proc_terminate,shell_exec,system,ini_restore,syslog,define_syslog_variables,symlink,link,error_log,leak,dbmopen,closelog,stream_socket_server,execl,escapeshellcmd,ini_alter,dl,show_source,posix_getpwuid,posix_geteuid,posix_getegid,posix_getgrgid,open_basedir,safe_mode_include_dir,pcntl_exec,pcntl_fork,pclose,virtual,openlog,popen,escapeshellarg,eval,calo,posix_getpwuid,symlinks,symlink,getpwuid,mail
$ pwd: /usr/local/maldetect/internals/
Upload Files
File: //usr/local/maldetect/internals/hexstring.pl
#!/usr/bin/perl
#
##
# Linux Malware Detect v1.6.6
#             (C) 2002-2023, R-fx Networks <proj@r-fx.org>
#             (C) 2023, Ryan MacDonald <ryan@r-fx.org>
# This program may be freely redistributed under the terms of the GNU GPL v2
##
#

use warnings;

if ($#ARGV < "1") {
 print "usage: hexfile string\n";
 exit;
}

$hexfile = $ARGV[0];
$instr = $ARGV[1];

$dat_hexstring = $hexfile;
open(DAT, $dat_hexstring) || die("Could not open $dat_hexstring");
@raw_data=<DAT>;
close(DAT); 

foreach $hexptr (@raw_data) {
 chomp($hexptr);
 ($ptr,$name)=split(/:/,$hexptr);
 if ( grep(/$ptr/, $instr) ) {
 	print "$ptr $name \n";
	exit;
 }
}
@ Telegram