PHP Malware Analysis

Back to list

Tags

Encoding
base64_decode
base64_encode
URLs
https://telegram.me/solevisible
https://youtube.com/solevisible
http://solevisible.com/images/alfa-iran.png
http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd
http://www.w3.org/1999/xhtml
http://solevisible.com/icons/menu/b_plus.png
http://solevisible.com/icons/menu/b_minus.png
http://solevisible.com/images/alfabg.png
http://solevisible.com/images/loader.svg
ftp.example.com
http://solevisible.com/icons/menu/delete.svg
https://cdnjs.cloudflare.com/ajax/libs/ace/1.4.11/ace.js
http://solevisible.com/icons/
http://solevisible.com/images/alfa-iran.png
https://t.me/solevisible
http://solevisible.com/icons/menu/folder2.svg
http://solevisible.com/images/btn.png
http://solevisible.com/images/alfamini.png
http://solevisible.com/images/loader.svg
http://api.whoapi.com/?apikey=093b6cb9e6ea724e101928647df3e009&r=whois&domain=
http://solevisible.com/market.php
http://solevisible.com/customcolors/
http://solevisible.com/aboutus.php
http://solevisible.com/images/farvahar-iran.png
http://site.com/whmcs
http://solevisible.com/update.json?ver=4.1
http://www
https://md5decrypt.net/Api/api.php?hash=
https://md5decrypt.net/en/HashFinder/
http://solevisible.com/icons/menu/terminal.svg
https://telegram.me/solevisible
http://solevisible.com/icons/menu/newtab.svg
http://solevisible.com/icons/menu/link.svg
http://solevisible.com/icons/menu/download2.svg
http://solevisible.com/icons/menu/view.svg
http://solevisible.com/icons/menu/view.svg
http://solevisible.com/icons/menu/edit.svg
http://solevisible.com/icons/menu/move.svg
http://solevisible.com/icons/menu/copy.svg
http://solevisible.com/icons/menu/rename.svg
http://solevisible.com/icons/menu/time.svg
http://solevisible.com/icons/menu/key.svg
http://solevisible.com/icons/menu/resize.svg
http://solevisible.com/icons/menu/increase.svg
http://solevisible.com/icons/menu/delete.svg
http://solevisible.com/icons/menu/b_minus.png
http://solevisible.com/icons/menu/
http://solevisible.com/icons/menu/
http://solevisible.com/icons/menu/b_minus.png
http://solevisible.com/icons/menu/check-mark1.svg
http://solevisible.com/icons/menu/warning.svg
http://solevisible.com/icons/menu/delete.svg
http://solevisible.com/icons/menu/delete.svg
http://solevisible.com/icons/menu/time2.svg
http://solevisible.com/icons/menu/delete.svg
http://solevisible.com/images/flags/48/
http://solevisible.com/images/flags/48/
http://solevisible.com/icons/menu/folder2.svg
http://solevisible.com/icons/menu/delete.svg
https://cdnjs.cloudflare.com/ajax/libs/Sortable/1.10.2/Sortable.min.js
http://solevisible.com/icons/
http://solevisible.com/icons/back.png
http://solevisible.com/icons/folder.png
http://solevisible.com/icons/notfound.png
http://site.com/whmcs
http://solevisible.com/bc/windows.exe
http://www.zone-h.com/notify/single
http://www
http://solevisible.com/icons/menu/b_plus.png
http://solevisible.com/icons/menu/
http://solevisible.com/images/farvahar-iran.png
https://target.com:2083
https://target.com:2222
http://php.net/manual/en/function
http://www.geoplugin.net/json.gp?ip=
http://www.geoplugin.net/json.gp?ip=
Emails
solevisible@gmail.com
solevisible@fbi.gov
target@fbi.gov
sec@google.com
Execution
system
eval
exec
passthru
proc_open
shell_exec
Input
_GET
_POST
Environment
set_time_limit
error_reporting
php_uname
getcwd

Deobfuscated code



Original code