PHP Malware Analysis

zxysb272nd8wb20w.html

md5: 17bc7ad5735f725bfbf619eb3b8f40da

Jump to: 

Screenshot
No Image
Attributes
Title

URLs

Deobfuscated PHP code
<html>

<center>

<script>
var blink_speed = 100; // every 1000 == 1 second, adjust to suit
var t = setInterval(function () {
    var ele = document.getElementById('myBlinkingDiv');
    ele.style.visibility = (ele.style.visibility == 'hidden' ? '' : 'hidden');
}, blink_speed);
</script>
<p id="myBlinkingDiv" style="margin-top: 50px;color: #FF0000; front-family: Verdana, Geneva, sans-serif;font-size: 25px;">WARNING: SECURITY BREACHED!</p>
 <head>
  <meta charset="UTF-8">
    <link rel="icon" href="https://pbs.twimg.com/profile_images/1515578430703943680/91A4q_cz.jpg" type="image/icon type">
    <script>alert("HACKED BY ROGER PIRATES | MR.H4T3X")</script>
  <title>HACKED BY ROGER PIRATES | MR.H4T3X</title>
  <style> 
  				body{    
  	 background-color: black;               }
     .content{                                             
      display: flex;                    
      flex-direction: column;
      justify-content: center;          
      align-items: center; 
     }
       .content img{      
          margin-top: 50px;
        }
     	.text h1{
        position: relative;
        font-family: Courier New, Courier, monospace, monospace;
        font-weight: bold;
        font-size: 30px;
        background: linear-gradient(90deg,#ffffff, #ffffff, #ffffff);
        background-repeat: no-repeat;
        background-size: 25%;
        animation: animate 5.5s infinite;
        -webkit-background-clip: text;
        -webkit-text-fill-color: rgba(255, 255, 255, 0.7);
      }
      @keyframes animate {
        0% {
          background-position: -110%;
        }
        100% {
          background-position: 110%;
        }
      }
      .text2 h1{
        position: relative;
        font-family: Courier New, Courier, monospace, monospace;
        font-weight: bold;
        font-size: 35px;
        background: linear-gradient(90deg,#FFD700, #FFD700, #FFD700);
        background-repeat: no-repeat;
        background-size: 25%;
        animation: animate 5.5s infinite;
        -webkit-background-clip: text;
        -webkit-text-fill-color: rgba(255, 255, 255, 0.5);
      }
      @keyframes animate {
        0% {
          background-position: -100%;
        }
        100% {
          background-position: 100%;
        }
      }
        </style>
 </head>
 <body>
  <div class="content">
   <img src="https://pbs.twimg.com/profile_images/1515578430703943680/91A4q_cz.jpg"  width="350px" height="350px" alt="">
   <br>
   </div>
   <center>
   <div class="text">
     <h1>[Defaced by Roger Pirates]</h1>
   </div>
   <br>
   
   <br>
   <center>
    <iframe width="0" height="0" frameborder="0" src="https://vocaroo.com/1i8RiRtJayKk" allow="autoplay"></iframe>
  <br>
<font size='6' style="font-family: 'Courier New', Courier, monospace;" color='Silver'>Your <font color="red">SERVER</font> has been hacked by <font color="red">Mr.H4t3X</font> That's just <font color="red">WARNING</font> For You! You know that your <font color="red">SECURITY</font> is still <font color="red">LACKING</font> and there are many <font color="red">HOLES</font> in your <font color="red">SYSTEM</font>. Don't worry <font color="red">ADMIN</font>, Your <font color="red">DATABASE</font> is <font color="red">SAFE!</font> Nothing deleted just changed the <font color="red">INDEX</font> page. <font color="red">PATCH</font> your <font color="red">SYSTEM</font> otherwise we will be back soon! 
	We have no connection with terrorism
	Nothing <font color="red">SECURITY.</font> Is Perfect.</font>
  </center>
  <br>
  <center>
    <font style="color:red; font-size: 14;">[</font><a href="https://facebook.com/RogerPiratesPH/" style="font-family: 'Courier New', Courier, monospace; font-size: 15px; color: silver;">Facebook Page</a><font style="color:red; font-size: 14px;">]</font>
  </center>
 </body>
</html>

Execution traces
Generated HTML code
Original PHP code
<html>

<center>

<script>
var blink_speed = 100; // every 1000 == 1 second, adjust to suit
var t = setInterval(function () {
    var ele = document.getElementById('myBlinkingDiv');
    ele.style.visibility = (ele.style.visibility == 'hidden' ? '' : 'hidden');
}, blink_speed);
</script>
<p id="myBlinkingDiv" style="margin-top: 50px;color: #FF0000; front-family: Verdana, Geneva, sans-serif;font-size: 25px;">WARNING: SECURITY BREACHED!</p>
 <head>
  <meta charset="UTF-8">
    <link rel="icon" href="https://pbs.twimg.com/profile_images/1515578430703943680/91A4q_cz.jpg" type="image/icon type">
    <script>alert("HACKED BY ROGER PIRATES | MR.H4T3X")</script>
  <title>HACKED BY ROGER PIRATES | MR.H4T3X</title>
  <style> 
  				body{    
  	 background-color: black;               }
     .content{                                             
      display: flex;                    
      flex-direction: column;
      justify-content: center;          
      align-items: center; 
     }
       .content img{      
          margin-top: 50px;
        }
     	.text h1{
        position: relative;
        font-family: Courier New, Courier, monospace, monospace;
        font-weight: bold;
        font-size: 30px;
        background: linear-gradient(90deg,#ffffff, #ffffff, #ffffff);
        background-repeat: no-repeat;
        background-size: 25%;
        animation: animate 5.5s infinite;
        -webkit-background-clip: text;
        -webkit-text-fill-color: rgba(255, 255, 255, 0.7);
      }
      @keyframes animate {
        0% {
          background-position: -110%;
        }
        100% {
          background-position: 110%;
        }
      }
      .text2 h1{
        position: relative;
        font-family: Courier New, Courier, monospace, monospace;
        font-weight: bold;
        font-size: 35px;
        background: linear-gradient(90deg,#FFD700, #FFD700, #FFD700);
        background-repeat: no-repeat;
        background-size: 25%;
        animation: animate 5.5s infinite;
        -webkit-background-clip: text;
        -webkit-text-fill-color: rgba(255, 255, 255, 0.5);
      }
      @keyframes animate {
        0% {
          background-position: -100%;
        }
        100% {
          background-position: 100%;
        }
      }
        </style>
 </head>
 <body>
  <div class="content">
   <img src="https://pbs.twimg.com/profile_images/1515578430703943680/91A4q_cz.jpg"  width="350px" height="350px" alt="">
   <br>
   </div>
   <center>
   <div class="text">
     <h1>[Defaced by Roger Pirates]</h1>
   </div>
   <br>
   
   <br>
   <center>
    <iframe width="0" height="0" frameborder="0" src="https://vocaroo.com/1i8RiRtJayKk" allow="autoplay"></iframe>
  <br>
<font size='6' style="font-family: 'Courier New', Courier, monospace;" color='Silver'>Your <font color="red">SERVER</font> has been hacked by <font color="red">Mr.H4t3X</font> That's just <font color="red">WARNING</font> For You! You know that your <font color="red">SECURITY</font> is still <font color="red">LACKING</font> and there are many <font color="red">HOLES</font> in your <font color="red">SYSTEM</font>. Don't worry <font color="red">ADMIN</font>, Your <font color="red">DATABASE</font> is <font color="red">SAFE!</font> Nothing deleted just changed the <font color="red">INDEX</font> page. <font color="red">PATCH</font> your <font color="red">SYSTEM</font> otherwise we will be back soon! 
	We have no connection with terrorism
	Nothing <font color="red">SECURITY.</font> Is Perfect.</font>
  </center>
  <br>
  <center>
    <font style="color:red; font-size: 14;">[</font><a href="https://facebook.com/RogerPiratesPH/" style="font-family: 'Courier New', Courier, monospace; font-size: 15px; color: silver;">Facebook Page</a><font style="color:red; font-size: 14px;">]</font>
  </center>
 </body>
</html>