Top 5 Malware Signatures - Week 24-25
Akos Molnar

Top 5 Malware Signatures - Week 24-25

Our team is always thriving to make the internet even safer with awesome innovations. We launched our brand new detecting method, the Source Code Structure Analysis in the past weeks and thought that you would be interested how well it works. Below you can find the Top 5 malware signatures with the most catches and don't forget that you are able to create your own malware signature too! We experienced that this crowdsourcing method between severals thousands of servers works fantastic in our IP reputation system, that's why we implemented it also to our malware detection tool. Thanks to your contribution we have already added more than 15 000 malware signatures to our database totally. 

#5 PHP Backdoor Web Shell Orb 4.2.6

An obfuscated HTML file manager with base64 encoding, using eval to run decoded PHP code. According to VirusTotal, it runs by the name: Tencent Heur:Trojan.Script.LS_Gencirc.7179453.0.

#4 PHP Obfuscated Backdoor 2

It uses a variable obfuscation technique. Bacdkoor tries to invoke curl, code is executed by a user-vcreated method.


#3 PHP Web Shell Orb 2.6

A Webshell with escaped hexadecimal ASCII character based obfuscation.


#2 PHP Backdoor Hexa Botnet Decimal Variant

Possible variant of the Hexa Botnet. Using decimal numbers instead of hexadecimal.


#1 PHP Backdoor Hexa Botnet Double Variant

Possible variant of the Hexa Botnet. Using double numbers instead of hexadecimal.


If you haven't tried BitNinja yet don't forget to register for the 7-day free trial! 

Sign up for a free trial

No credit card needed! For our subscribers we also provide valuable information about malwares and the most recent news from the cybersecurity world.

Share your ideas with us about this article

Previous posts

Release Note - New Way of Malware Detection
It’s been a while since we wrote a release note so there are plenty of new upgrades, features and fixes to tell you about. Our tech ninjas worked harder than ever. We invented a brand new way of malware detection and raised the SenseLog performance hugely.  In the past months we also: created a new licensing system, made a new Captcha design, added a service detector, upgraded the HaProxy, and of course we fixed bugs and added plenty of other features which made the UI/UX much better. Let’s see the details of what happene...
#CloudFest2020 cancelled – NinjaFest Day is here
We know that many of you were excitedly waiting for CloudFest2020. This conference is always the best event throughout the year to bring the amazing cloud community together. It was sad news that CloudFest was cancelled due to the Coronavirus threat, however, it was the right decision from the organizers. However, as thousands of people were preparing for this week-long event, we thought that you shouldn’t miss everything. We decided to bring a little piece of CloudFest to you online. We organize an online „NinjaFest” day on 18 March 2020, where you’ll have the opportunity to: Atte...