PHP Malware Analysis

Back to list

Tags

URLs
https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcRCHJLvDxgpYPZFkpwRqn50m5EMMzNq_smeGw&usqp=CAU
https://voca.ro/1dshDbnHawOn
Title
Philippine CyberMafia

Deobfuscated code

<!DOCTYPE HTML>
<html>
  <head>
    <body>
      <title>Philippine CyberMafia</title>
   	<meta content='CyberMafia.PH ~Vend3ttA' name='description'/>
    <meta content='Hacked by Vend3ttA' name='keywords'/>
      <link rel="stylesheet" href="style.css" type="text/css" media="all" />

    </body>
  </head>
</html>

<style>
 
 h1, h2 {
  font-family:Courier New;
  color: #8B0000;
  text-shadow: #8B0000 4px 5px 5px;
  font-size: 60px;
  font-stretch: 100px;
  
}


body {
  background-color: #000000;
  
}

p {
font-family: Courier;
color: #ffffff;
text-shadow: #8B0000 7px 8px 9px;
font-size: 43px;
}
  
  
  
  
</style>

<script>alert('Greetings from Philippine CyberMafia!!');
</script>
<script>alert('Defaced by Vend3ttA');</script>



<div align="center">
  <center>
  <img src="https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcRCHJLvDxgpYPZFkpwRqn50m5EMMzNq_smeGw&usqp=CAU" height="655">
  <h2>Your security is a crap!</h2>
  <h1>We are born to be hacked please protect your server because your site is vulnerable. And I hope you fix this as soon as possible or else we will be back and destroy your database!! </h1>
 </center>
 <p>No files where deleted during the hacking process.</p> 
  
  
  
  
  <p>greetz: | n!ghtm4r3 | n1x | script kiddy panda | Mr.Fu | ~Hal4man | -ube | k0jiX | H4xxor Cyberarmy | v0dka | PH.Luffy | Anonymous Davao | Phantom Hackers.PH | Bjornx | ~Zeki |</p>
  <h1>CyberMafia.PH All rights reserved 2022.</h1>
  
  <iframe width="0" height="0" frameborder="0"   src="https://voca.ro/1dshDbnHawOn" allow="autoplay"></iframe>
  
  
  </body>
  </html>


Original code

<!DOCTYPE HTML>
<html>
  <head>
    <body>
      <title>Philippine CyberMafia</title>
   	<meta content='CyberMafia.PH ~Vend3ttA' name='description'/>
    <meta content='Hacked by Vend3ttA' name='keywords'/>
      <link rel="stylesheet" href="style.css" type="text/css" media="all" />

    </body>
  </head>
</html>

<style>
 
 h1, h2 {
  font-family:Courier New;
  color: #8B0000;
  text-shadow: #8B0000 4px 5px 5px;
  font-size: 60px;
  font-stretch: 100px;
  
}


body {
  background-color: #000000;
  
}

p {
font-family: Courier;
color: #ffffff;
text-shadow: #8B0000 7px 8px 9px;
font-size: 43px;
}
  
  
  
  
</style>

<script>alert('Greetings from Philippine CyberMafia!!');
</script>
<script>alert('Defaced by Vend3ttA');</script>



<div align="center">
  <center>
  <img src="https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcRCHJLvDxgpYPZFkpwRqn50m5EMMzNq_smeGw&usqp=CAU" height="655">
  <h2>Your security is a crap!</h2>
  <h1>We are born to be hacked please protect your server because your site is vulnerable. And I hope you fix this as soon as possible or else we will be back and destroy your database!! </h1>
 </center>
 <p>No files where deleted during the hacking process.</p> 
  
  
  
  
  <p>greetz: | n!ghtm4r3 | n1x | script kiddy panda | Mr.Fu | ~Hal4man | -ube | k0jiX | H4xxor Cyberarmy | v0dka | PH.Luffy | Anonymous Davao | Phantom Hackers.PH | Bjornx | ~Zeki |</p>
  <h1>CyberMafia.PH All rights reserved 2022.</h1>
  
  <iframe width="0" height="0" frameborder="0"   src="https://voca.ro/1dshDbnHawOn" allow="autoplay"></iframe>
  
  
  </body>
  </html>