PHP Malware Analysis

Back to list

Tags

URLs
https://encrypted-tbn0.gstatic.com/images?q=tbn%3AANd9GcTdDsvdLQczEISiaM41Hrt9JecKr7lKcZaufdXtXzB2N6kB633h
http://fonts.googleapis.com/css?family=Sriracha|Orbitron|Iceland|Allan|Shadows+Into+Light+Two
https://www.icegif.com/wp-content/uploads/one-punch-man-icegif-7.gif
https://f.top4top.io/m_1905tzafg0.mp3
Title
b aja

Deobfuscated code

<!doctype html> <head> <center> <title>b aja</title> <body bgcolor="#F5F2F9"> <meta name="description" content="Busset gan...gw sih owh aja"> <link rel="icon" href="https://encrypted-tbn0.gstatic.com/images?q=tbn%3AANd9GcTdDsvdLQczEISiaM41Hrt9JecKr7lKcZaufdXtXzB2N6kB633h" type="image/x-icon"> <meta name="keywords" content="SPIDER CYBER TEAM"> <meta name="author" content="SPIDER CYBER TEAM"> <meta name="viewport" content="width=device-width, initial-scale=1" /> <!--Link & end meta --> <link href='http://fonts.googleapis.com/css?family=Sriracha|Orbitron|Iceland|Allan|Shadows+Into+Light+Two' rel='stylesheet' type='text/css'> <!--end link--> <style> html { min-height: 100%;} body { box-sizing: border-box; height: 100%; background-color: #000000; background-image: radial-gradient(#000000, #041607); font-family: 'Allan', Helvetica, sans-serif; font-size: 1.5rem; color: rgba(128, 255, 128, 0.8); text-shadow: 0 0 1ex rgba(51, 255, 51, 1), 0 0 2px rgba(255, 255, 255, 0.8); } .scan::before { content: ""; pointer-events: none; position: absolute; display: block; top: 0; left: 3px; right: 3px; bottom: 200px; width: 900px; height: 900px; background-image: linear-gradient( 0deg, transparent 0%, rgba(32, 128, 32, 0.2) 2%, rgba(32, 128, 32, 0.8) 3%, rgba(32, 128, 32, 0.2) 3%, transparent 100%); background-repeat: no-repeat; animation: scan 4.5s linear 0s infinite;} @keyframes scan { 0% { background-position: 0 -100vh; } 1000px, 1000px { background-position: 0 200vh; }} .terminal { box-sizing: inherit; position: absolute; height: 1000px; width: 900px; max-width: 800px; padding: 3rem; text-transform: uppercase;} .output { color: rgba(128, 255, 128, 0.8); text-shadow: 0 0 1px rgba(51, 255, 51, 0.4), 0 0 2px rgba(255, 255, 255, 0.8);} .output::before { content: "> ";} a { color: blue; text-decoration: none;} a::before { content: "[";} a::after { content: "]";} .errorcode { color: white;}#hover:hover { color:orange;} @keyframes shake { 0% { transform: translate(5px, 1px) rotate(-1deg); } 10% { transform: translate(-5px, -2px) rotate(1deg); } 20% { transform: translate(-2px, 0px) rotate(1deg); } 30% { transform: translate(5px, 2px) rotate(-1deg); } 40% { transform: translate(2px, -1px) rotate(1deg); } 50% { transform: translate(-1px, 2px) rotate(2deg); } 60% { transform: translate(-3px, 1px) rotate(-1deg); } 70% { transform: translate(3px, 1px) rotate(1deg); } 80% { transform: translate(-1px, -1px) rotate(2deg); } 90% { transform: translate(1px, 2px) rotate(-1deg); } 100% { transform: translate(1px, -2px) rotate(-1deg); } } .BacodGan{ animation: shake 1s; animation-iteration-count: infinite; } </style> <div class="scan"> </div> <div class="terminal"> <center> <img class="BacodGan" src="https://www.icegif.com/wp-content/uploads/one-punch-man-icegif-7.gif" width="600" height="600"/> 	<br> <br> 	<br>CAP GAJAH</h2> <br> 	<br> <b><font size="50px">-?- THE-KUNTUL -?-</font> <br> <br> <font face="Shadows Into Light Two" size="5px">OUH..GITU YA NIPU NYA</font> <br> 	<br> <br> <h3><font face="Iceland" size="30px"> FROM BANTEN PEOPLE </font></h3> <br> <font face="Allan" size="4px">COPYFIGHT&copy;By ZKY.NULL</font> <iframe width="0%" height="0" scrolling="no" frameborder="no" loop="true" allow="autoplay" src="https://f.top4top.io/m_1905tzafg0.mp3"></iframe> </audio> </div> </center> </html>


Original code

<!doctype html> <head> <center> <title>b aja</title> <body bgcolor="#F5F2F9"> <meta name="description" content="Busset gan...gw sih owh aja"> <link rel="icon" href="https://encrypted-tbn0.gstatic.com/images?q=tbn%3AANd9GcTdDsvdLQczEISiaM41Hrt9JecKr7lKcZaufdXtXzB2N6kB633h" type="image/x-icon"> <meta name="keywords" content="SPIDER CYBER TEAM"> <meta name="author" content="SPIDER CYBER TEAM"> <meta name="viewport" content="width=device-width, initial-scale=1" /> <!--Link & end meta --> <link href='http://fonts.googleapis.com/css?family=Sriracha|Orbitron|Iceland|Allan|Shadows+Into+Light+Two' rel='stylesheet' type='text/css'> <!--end link--> <style> html { min-height: 100%;} body { box-sizing: border-box; height: 100%; background-color: #000000; background-image: radial-gradient(#000000, #041607); font-family: 'Allan', Helvetica, sans-serif; font-size: 1.5rem; color: rgba(128, 255, 128, 0.8); text-shadow: 0 0 1ex rgba(51, 255, 51, 1), 0 0 2px rgba(255, 255, 255, 0.8); } .scan::before { content: ""; pointer-events: none; position: absolute; display: block; top: 0; left: 3px; right: 3px; bottom: 200px; width: 900px; height: 900px; background-image: linear-gradient( 0deg, transparent 0%, rgba(32, 128, 32, 0.2) 2%, rgba(32, 128, 32, 0.8) 3%, rgba(32, 128, 32, 0.2) 3%, transparent 100%); background-repeat: no-repeat; animation: scan 4.5s linear 0s infinite;} @keyframes scan { 0% { background-position: 0 -100vh; } 1000px, 1000px { background-position: 0 200vh; }} .terminal { box-sizing: inherit; position: absolute; height: 1000px; width: 900px; max-width: 800px; padding: 3rem; text-transform: uppercase;} .output { color: rgba(128, 255, 128, 0.8); text-shadow: 0 0 1px rgba(51, 255, 51, 0.4), 0 0 2px rgba(255, 255, 255, 0.8);} .output::before { content: "> ";} a { color: blue; text-decoration: none;} a::before { content: "[";} a::after { content: "]";} .errorcode { color: white;}#hover:hover { color:orange;} @keyframes shake { 0% { transform: translate(5px, 1px) rotate(-1deg); } 10% { transform: translate(-5px, -2px) rotate(1deg); } 20% { transform: translate(-2px, 0px) rotate(1deg); } 30% { transform: translate(5px, 2px) rotate(-1deg); } 40% { transform: translate(2px, -1px) rotate(1deg); } 50% { transform: translate(-1px, 2px) rotate(2deg); } 60% { transform: translate(-3px, 1px) rotate(-1deg); } 70% { transform: translate(3px, 1px) rotate(1deg); } 80% { transform: translate(-1px, -1px) rotate(2deg); } 90% { transform: translate(1px, 2px) rotate(-1deg); } 100% { transform: translate(1px, -2px) rotate(-1deg); } } .BacodGan{ animation: shake 1s; animation-iteration-count: infinite; } </style> <div class="scan"> </div> <div class="terminal"> <center> <img class="BacodGan" src="https://www.icegif.com/wp-content/uploads/one-punch-man-icegif-7.gif" width="600" height="600"/> 	<br> <br> 	<br>CAP GAJAH</h2> <br> 	<br> <b><font size="50px">-?- THE-KUNTUL -?-</font> <br> <br> <font face="Shadows Into Light Two" size="5px">OUH..GITU YA NIPU NYA</font> <br> 	<br> <br> <h3><font face="Iceland" size="30px"> FROM BANTEN PEOPLE </font></h3> <br> <font face="Allan" size="4px">COPYFIGHT&copy;By ZKY.NULL</font> <iframe width="0%" height="0" scrolling="no" frameborder="no" loop="true" allow="autoplay" src="https://f.top4top.io/m_1905tzafg0.mp3"></iframe> </audio> </div> </center> </html>