PHP Malware Analysis
Rising_Emb3r.html
md5: 324175d164c0e5367a4986864033f50a
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
Title
- deface (Deobfuscated, HTML, Original)
URLs
- https://play.google.com/store/apps/details?id=ak.andro.easyhtml (Deobfuscated, Original)
Deobfuscated PHP code
<!DOCTYPE html>
<!-- Created Using Easy HTML v1.4.7 -->
<!-- https://play.google.com/store/apps/details?id=ak.andro.easyhtml -->
<html>
<head>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>deface</title>
<style>
body{
background-color: black;
}
.heading{
font-weight: bolder;
color: white;
border-bottom: 2px solid blue;
box-shadow: 1px 1px 2px lightblue, 0 0 50px blue, 0 0 52px darkblue;
}
.box{
border: 1px solid coral;
color: white;
font-weight: bolder;
/* height: 10rem; */
/* width: 15rem; */
line-height: 5;
box-shadow: 1px 1px 2px black, 0 0 52px red, 0 0 5px darkred;
margin-left: 10%;
margin-right: 10%;
margin-top:40%;
}
.box .box-alert{
font-weight: bolder;
text-shadow: 0 0 13px red, 0 0 5px red;
/* text-shadow: 5px 6px 6px #ff0000; */
/* box-shadow: 1px 1px 2px black, 0 0 25px blue, 0 0 5px lightblue; */
}
h3{
color: white;
}
</style>
<link rel="stylesheet" href="./style.css">
</head>
<body>
<!-- Start your code here -->
<h1 align="center" class="heading">Touched by Rising Emb3r</h1>
<marquee><p style="color:white;">"Rising Emb3r" was here!</p></marquee>
<div align="center" class="box">
<h1 class="box-alert">HACKED!</h1>
</div>
<h3 align="center">Message to Admin : Admin your file upload validation is just nothing. Try to validate the file extension and it's better to validate it with a server side request. And be careful that hackers can manipulate the server request also. So try to fix that bug too.</h3><br>
<h3 align="center"><strong>Final words "Fix it soon or be prepared for the next hit!"</strong></h3>
<!-- End your code here -->
<script src="./script.js"></script>
</body>
</html>Execution traces
Generated HTML code
<html><head>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>deface</title>
<style>
body{
background-color: black;
}
.heading{
font-weight: bolder;
color: white;
border-bottom: 2px solid blue;
box-shadow: 1px 1px 2px lightblue, 0 0 50px blue, 0 0 52px darkblue;
}
.box{
border: 1px solid coral;
color: white;
font-weight: bolder;
/* height: 10rem; */
/* width: 15rem; */
line-height: 5;
box-shadow: 1px 1px 2px black, 0 0 52px red, 0 0 5px darkred;
margin-left: 10%;
margin-right: 10%;
margin-top:40%;
}
.box .box-alert{
font-weight: bolder;
text-shadow: 0 0 13px red, 0 0 5px red;
/* text-shadow: 5px 6px 6px #ff0000; */
/* box-shadow: 1px 1px 2px black, 0 0 25px blue, 0 0 5px lightblue; */
}
h3{
color: white;
}
</style>
<link rel="stylesheet" href="./style.css">
</head>
<body>
<!-- Start your code here -->
<h1 align="center" class="heading">Touched by Rising Emb3r</h1>
<marquee><p style="color:white;">"Rising Emb3r" was here!</p></marquee>
<div align="center" class="box">
<h1 class="box-alert">HACKED!</h1>
</div>
<h3 align="center">Message to Admin : Admin your file upload validation is just nothing. Try to validate the file extension and it's better to validate it with a server side request. And be careful that hackers can manipulate the server request also. So try to fix that bug too.</h3><br>
<h3 align="center"><strong>Final words "Fix it soon or be prepared for the next hit!"</strong></h3>
<!-- End your code here -->
<script src="./script.js"></script>
</body></html>Original PHP code
<!DOCTYPE html>
<!-- Created Using Easy HTML v1.4.7 -->
<!-- https://play.google.com/store/apps/details?id=ak.andro.easyhtml -->
<html>
<head>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>deface</title>
<style>
body{
background-color: black;
}
.heading{
font-weight: bolder;
color: white;
border-bottom: 2px solid blue;
box-shadow: 1px 1px 2px lightblue, 0 0 50px blue, 0 0 52px darkblue;
}
.box{
border: 1px solid coral;
color: white;
font-weight: bolder;
/* height: 10rem; */
/* width: 15rem; */
line-height: 5;
box-shadow: 1px 1px 2px black, 0 0 52px red, 0 0 5px darkred;
margin-left: 10%;
margin-right: 10%;
margin-top:40%;
}
.box .box-alert{
font-weight: bolder;
text-shadow: 0 0 13px red, 0 0 5px red;
/* text-shadow: 5px 6px 6px #ff0000; */
/* box-shadow: 1px 1px 2px black, 0 0 25px blue, 0 0 5px lightblue; */
}
h3{
color: white;
}
</style>
<link rel="stylesheet" href="./style.css">
</head>
<body>
<!-- Start your code here -->
<h1 align="center" class="heading">Touched by Rising Emb3r</h1>
<marquee><p style="color:white;">"Rising Emb3r" was here!</p></marquee>
<div align="center" class="box">
<h1 class="box-alert">HACKED!</h1>
</div>
<h3 align="center">Message to Admin : Admin your file upload validation is just nothing. Try to validate the file extension and it's better to validate it with a server side request. And be careful that hackers can manipulate the server request also. So try to fix that bug too.</h3><br>
<h3 align="center"><strong>Final words "Fix it soon or be prepared for the next hit!"</strong></h3>
<!-- End your code here -->
<script src="./script.js"></script>
</body>
</html>