HEX

File: //usr/local/maldetect.bk689902/maldetect.bk4007950/event_log
Nov 01 2025 06:44:58 kubikelcreative maldet(401520): {sigup} performing signature update check...
Nov 01 2025 06:44:58 kubikelcreative maldet(401520): {sigup} local signature set is version 20250225482944
Nov 01 2025 06:44:58 kubikelcreative maldet(401520): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Nov 01 2025 06:44:58 kubikelcreative maldet(401520): {sigup} new signature set 202511011342225 available
Nov 01 2025 06:44:58 kubikelcreative maldet(401520): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-sigpack.tgz
Nov 01 2025 06:45:33 kubikelcreative maldet(401520): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-sigpack.tgz
Nov 01 2025 06:46:01 kubikelcreative maldet(401520): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-sigpack.tgz.md5
Nov 01 2025 06:46:01 kubikelcreative maldet(401520): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz
Nov 01 2025 06:46:39 kubikelcreative maldet(401520): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz
Nov 01 2025 06:46:57 kubikelcreative maldet(401520): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz.md5
Nov 01 2025 06:46:57 kubikelcreative maldet(401520): {sigup} verified md5sum of maldet-sigpack.tgz
Nov 01 2025 06:46:57 kubikelcreative maldet(401520): {sigup} unpacked and installed maldet-sigpack.tgz
Nov 01 2025 06:46:58 kubikelcreative maldet(401520): {sigup} verified md5sum of maldet-clean.tgz
Nov 01 2025 06:46:58 kubikelcreative maldet(401520): {sigup} unpacked and installed maldet-clean.tgz
Nov 01 2025 06:46:58 kubikelcreative maldet(401520): {sigup} signature set update completed
Nov 01 2025 06:46:58 kubikelcreative maldet(401520): {sigup} 17638 signatures (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Nov 01 2025 06:46:58 kubikelcreative maldet(395241): {update} completed update v1.6.6 3a1792 => v1.6.6 359d25, running signature updates...
Nov 01 2025 06:46:58 kubikelcreative maldet(404388): {sigup} performing signature update check...
Nov 01 2025 06:46:58 kubikelcreative maldet(404388): {sigup} local signature set is version 202511011342225
Nov 01 2025 06:46:59 kubikelcreative maldet(404388): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Nov 01 2025 06:46:59 kubikelcreative maldet(404388): {sigup} latest signature set already installed
Nov 01 2025 06:46:59 kubikelcreative maldet(395241): {update} update and config import completed
Nov 01 2025 06:46:59 kubikelcreative maldet(404480): {sigup} performing signature update check...
Nov 01 2025 06:46:59 kubikelcreative maldet(404480): {sigup} local signature set is version 202511011342225
Nov 01 2025 06:47:11 kubikelcreative maldet(404480): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Nov 01 2025 06:47:11 kubikelcreative maldet(404480): {sigup} latest signature set already installed
Nov 01 2025 06:47:12 kubikelcreative maldet(404772): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Nov 01 2025 06:48:35 kubikelcreative maldet(404772): {scan} signatures loaded: 17638 (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Nov 01 2025 06:48:35 kubikelcreative maldet(404772): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Nov 01 2025 06:48:35 kubikelcreative maldet(404772): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Nov 01 2025 06:48:35 kubikelcreative maldet(404772): {scan} executed /usr/bin/nice -n 19 /usr/bin/ionice -c2 -n 6 /usr/bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path "/usr/local/maldetect" -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0  
Nov 01 2025 06:48:50 kubikelcreative maldet(404772): {scan} file list completed in 15s, found 1015 files...
Nov 01 2025 06:48:50 kubikelcreative maldet(404772): {scan} found clamav binary at /usr/bin/clamdscan, using clamav scanner engine...
Nov 01 2025 06:48:50 kubikelcreative maldet(404772): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (1015 files) in progress...
Nov 01 2025 06:49:36 kubikelcreative maldet(404772): {hit} malware hit {HEX}php.base64.inject.182 found for /var/www/GosuryaNew/wordpress/wp-includes/pomo/bru.php
Nov 01 2025 06:49:36 kubikelcreative maldet(404772): {hit} malware hit {HEX}php.base64.inject.182 found for /var/www/GosuryaNew/wordpress/wp-admin/js/bru.php
Nov 01 2025 06:49:36 kubikelcreative maldet(404772): {hit} malware hit {HEX}php.base64.inject.182 found for /var/www/gosurya-id/wp-includes/pomo/bru.php
Nov 01 2025 06:49:36 kubikelcreative maldet(404772): {hit} malware hit {HEX}php.base64.inject.182 found for /var/www/indoadvisory/wp/wp-includes/pomo/bru.php
Nov 01 2025 06:49:36 kubikelcreative maldet(404772): {hit} malware hit {HEX}php.base64.inject.182 found for /var/www/indoadvisory/wp/wp-admin/js/bru.php
Nov 01 2025 06:49:36 kubikelcreative maldet(404772): {hit} malware hit {HEX}php.base64.inject.182 found for /var/www/indoadvisory/wp/bru.php
Nov 01 2025 06:49:36 kubikelcreative maldet(404772): {hit} malware hit {HEX}php.base64.inject.182 found for /var/www/Gosurya/WP2/wp-includes/pomo/bru.php
Nov 01 2025 06:49:36 kubikelcreative maldet(404772): {hit} malware hit {HEX}php.base64.inject.182 found for /var/www/Gosurya/WP2/wp-admin/js/bru.php
Nov 01 2025 06:49:36 kubikelcreative maldet(404772): {hit} malware hit {HEX}php.base64.inject.182 found for /var/www/Gosurya/wp/wp-content/bru.php
Nov 01 2025 06:49:36 kubikelcreative maldet(404772): {hit} malware hit {HEX}php.base64.inject.182 found for /var/www/Gosurya/wp/wp-includes/pomo/bru.php
Nov 01 2025 06:49:36 kubikelcreative maldet(404772): {hit} malware hit {HEX}php.base64.inject.182 found for /var/www/Gosurya/wp/wp-admin/js/bru.php
Nov 01 2025 06:49:36 kubikelcreative maldet(404772): {hit} malware hit {HEX}php.base64.inject.182 found for /var/www/Gosuryaid/wp/wp-includes/pomo/bru.php
Nov 01 2025 06:49:36 kubikelcreative maldet(404772): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 1015, malware hits 12, cleaned hits 0, time 144s
Nov 01 2025 06:49:36 kubikelcreative maldet(404772): {scan} scan report saved, to view run: maldet --report 251101-0647.404772
Nov 01 2025 06:49:36 kubikelcreative maldet(404772): {scan} quarantine is disabled! set quarantine_hits=1 in conf.maldet or to quarantine results run: maldet -q 251101-0647.404772