index.php

md5: 4930436885280933dbe614d0e5459656

Jump to:
Deobfuscated code (Read more)
Execution traces (Read more)
Generated HTML (Read more)
Original Code (Read more)
Screenshot
Attributes
Title
hacked by MR44J (Deobfuscated, HTML, Original)

Deobfuscated PHP code
GIF89; <title>hacked by MR44J</title> <script>var g=35,f=new Array("#AAAACC","#DDDDFF","#CCCCDD","#F3F3F3","#F0FFFF"),e=new Array("Arial Black","Arial Narrow","Times","Comic Sans MS"),d="*",m=0.6,a=22,b=8,c=1,j=new Array(),k,l,x,n=new Array(),o=new Array(),p=new Array(),q=navigator.userAgent,r=document.all&&document.getElementById&&!q.match(/Opera/),s=document.getElementById&&!document.all,u=q.match(/Opera/),t=r||s||u;function y(z){return Math.floor(z*Math.random())}function v(){if(r||u){k=document.body.clientHeight;l=document.body.clientWidth;}else if(s){k=window.innerHeight;l=window.innerWidth;}var h=a-b;for(i=0;i<=g;i++){o[i]=0;p[i]=Math.random()*15;n[i]=0.03+Math.random()/10;j[i]=document.getElementById("s"+i);j[i].style.fontFamily=e[y(e.length)];j[i].size=y(h)+b;j[i].style.fontSize=j[i].size;j[i].style.color=f[y(f.length)];j[i].sink=m*j[i].size/5;if(c==1){j[i].posx=y(l-j[i].size)}if(c==2){j[i].posx=y(l/2-j[i].size)}if(c==3){j[i].posx=y(l/2-j[i].size)+l/4};if(c==4){j[i].posx=y(l/2-j[i].size)+l/2}j[i].posy=y(2*k-k-2*j[i].size);j[i].style.left=j[i].posx;j[i].style.top=j[i].posy}w()}function w(){for(i=0;i<=g;i++){o[i]+=n[i];j[i].posy+=j[i].sink;j[i].style.left=j[i].posx+p[i]*Math.sin(o[i]);j[i].style.top=j[i].posy;if(j[i].posy>=k-2*j[i].size||parseInt(j[i].style.left)>(l-3*p[i])){if(c==1){j[i].posx=y(l-j[i].size)}if(c==2){j[i].posx=y(l/2-j[i].size)}if(c==3){j[i].posx=y(l/2-j[i].size)+l/4}if(c==4){j[i].posx=y(l/2-j[i].size)+l/2}j[i].posy=0}}var x=setTimeout("w()",50)}for(i=0;i<=g;i++){document.write("<span id='s"+i+"' style='position:absolute;top:-"+a+"'>"+d+"</span>")}if(t){window.onload=v}</script> <center><div id=q>hacked by MR44J <style>body{overflow:hidden;background-color:black}#q{font:40px impact;color:white;position:absolute;left:0;right:0;top:46%} 
Execution traces
data/traces/4930436885280933dbe614d0e5459656_trace-1676261087.9487.xt
Version: 3.1.0beta2
File format: 4
TRACE START [2023-02-13 02:05:13.846552]
1	0	1	0.000243	393512
1	3	0	0.000297	395080	{main}	1		/var/www/html/uploads/index.php	0	0
1	3	1	0.000316	395080
			0.000351	314224
TRACE END   [2023-02-13 02:05:13.846702]

Generated HTML code
<html><head></head><body>GIF89; <title>hacked by MR44J</title> <script>var g=35,f=new Array("#AAAACC","#DDDDFF","#CCCCDD","#F3F3F3","#F0FFFF"),e=new Array("Arial Black","Arial Narrow","Times","Comic Sans MS"),d="*",m=0.6,a=22,b=8,c=1,j=new Array(),k,l,x,n=new Array(),o=new Array(),p=new Array(),q=navigator.userAgent,r=document.all&&document.getElementById&&!q.match(/Opera/),s=document.getElementById&&!document.all,u=q.match(/Opera/),t=r||s||u;function y(z){return Math.floor(z*Math.random())}function v(){if(r||u){k=document.body.clientHeight;l=document.body.clientWidth;}else if(s){k=window.innerHeight;l=window.innerWidth;}var h=a-b;for(i=0;i<=g;i++){o[i]=0;p[i]=Math.random()*15;n[i]=0.03+Math.random()/10;j[i]=document.getElementById("s"+i);j[i].style.fontFamily=e[y(e.length)];j[i].size=y(h)+b;j[i].style.fontSize=j[i].size;j[i].style.color=f[y(f.length)];j[i].sink=m*j[i].size/5;if(c==1){j[i].posx=y(l-j[i].size)}if(c==2){j[i].posx=y(l/2-j[i].size)}if(c==3){j[i].posx=y(l/2-j[i].size)+l/4};if(c==4){j[i].posx=y(l/2-j[i].size)+l/2}j[i].posy=y(2*k-k-2*j[i].size);j[i].style.left=j[i].posx;j[i].style.top=j[i].posy}w()}function w(){for(i=0;i<=g;i++){o[i]+=n[i];j[i].posy+=j[i].sink;j[i].style.left=j[i].posx+p[i]*Math.sin(o[i]);j[i].style.top=j[i].posy;if(j[i].posy>=k-2*j[i].size||parseInt(j[i].style.left)>(l-3*p[i])){if(c==1){j[i].posx=y(l-j[i].size)}if(c==2){j[i].posx=y(l/2-j[i].size)}if(c==3){j[i].posx=y(l/2-j[i].size)+l/4}if(c==4){j[i].posx=y(l/2-j[i].size)+l/2}j[i].posy=0}}var x=setTimeout("w()",50)}for(i=0;i<=g;i++){document.write("<span id='s"+i+"' style='position:absolute;top:-"+a+"'>"+d+"</span>")}if(t){window.onload=v}</script><span id="s0" style="position: absolute; top: 758.44px; font-family: &quot;Arial Narrow&quot;; font-size: 9px; color: rgb(221, 221, 255); left: 1328.51px;">*</span><span id="s1" style="position: absolute; top: 201.6px; font-family: &quot;Comic Sans MS&quot;; font-size: 21px; color: rgb(243, 243, 243); left: 784.936px;">*</span><span id="s2" style="position: absolute; top: 772.24px; font-family: &quot;Arial Narrow&quot;; font-size: 14px; color: rgb(221, 221, 255); left: 918.646px;">*</span><span id="s3" style="position: absolute; top: 323.24px; font-family: &quot;Arial Narrow&quot;; font-size: 14px; color: rgb(221, 221, 255); left: 405.523px;">*</span><span id="s4" style="position: absolute; top: 668.24px; font-family: &quot;Comic Sans MS&quot;; font-size: 14px; color: rgb(170, 170, 204); left: 1455.74px;">*</span><span id="s5" style="position: absolute; top: 760.92px; font-family: &quot;Arial Narrow&quot;; font-size: 12px; color: rgb(240, 255, 255); left: 797.965px;">*</span><span id="s6" style="position: absolute; top: 852.4px; font-family: Times; font-size: 15px; color: rgb(243, 243, 243); left: 1466.07px;">*</span><span id="s7" style="position: absolute; top: 443.04px; font-family: &quot;Comic Sans MS&quot;; font-size: 19px; color: rgb(240, 255, 255); left: 509.456px;">*</span><span id="s8" style="position: absolute; top: 326.36px; font-family: &quot;Comic Sans MS&quot;; font-size: 21px; color: rgb(240, 255, 255); left: 737.672px;">*</span><span id="s9" style="position: absolute; top: 622.2px; font-family: &quot;Arial Narrow&quot;; font-size: 20px; color: rgb(243, 243, 243); left: 218px;">*</span><span id="s10" style="position: absolute; top: 419.28px; font-family: &quot;Comic Sans MS&quot;; font-size: 8px; color: rgb(204, 204, 221); left: 473.836px;">*</span><span id="s11" style="position: absolute; top: 702.04px; font-family: Times; font-size: 19px; color: rgb(204, 204, 221); left: 561.221px;">*</span><span id="s12" style="position: absolute; top: 311.36px; font-family: &quot;Arial Narrow&quot;; font-size: 21px; color: rgb(204, 204, 221); left: 932.595px;">*</span><span id="s13" style="position: absolute; top: 151.2px; font-family: &quot;Comic Sans MS&quot;; font-size: 15px; color: rgb(240, 255, 255); left: 1776.08px;">*</span><span id="s14" style="position: absolute; top: 134.4px; font-family: &quot;Arial Black&quot;; font-size: 20px; color: rgb(243, 243, 243); left: 72.5724px;">*</span><span id="s15" style="position: absolute; top: 229.76px; font-family: &quot;Arial Black&quot;; font-size: 11px; color: rgb(170, 170, 204); left: 1250.85px;">*</span><span id="s16" style="position: absolute; top: 102px; font-family: &quot;Arial Black&quot;; font-size: 17px; color: rgb(204, 204, 221); left: 1033.29px;">*</span><span id="s17" style="position: absolute; top: 216.72px; font-family: &quot;Arial Narrow&quot;; font-size: 17px; color: rgb(221, 221, 255); left: 1328.78px;">*</span><span id="s18" style="position: absolute; top: 810.56px; font-family: &quot;Arial Black&quot;; font-size: 16px; color: rgb(243, 243, 243); left: 827.309px;">*</span><span id="s19" style="position: absolute; top: 818.88px; font-family: &quot;Arial Black&quot;; font-size: 18px; color: rgb(243, 243, 243); left: 347.832px;">*</span><span id="s20" style="position: absolute; top: 719.24px; font-family: &quot;Arial Narrow&quot;; font-size: 14px; color: rgb(240, 255, 255); left: 1335.46px;">*</span><span id="s21" style="position: absolute; top: 695.08px; font-family: &quot;Arial Narrow&quot;; font-size: 13px; color: rgb(240, 255, 255); left: 184.843px;">*</span><span id="s22" style="position: absolute; top: 622.76px; font-family: &quot;Comic Sans MS&quot;; font-size: 11px; color: rgb(240, 255, 255); left: 1224.13px;">*</span><span id="s23" style="position: absolute; top: 399.4px; font-family: &quot;Comic Sans MS&quot;; font-size: 15px; color: rgb(221, 221, 255); left: 1447.1px;">*</span><span id="s24" style="position: absolute; top: 896.6px; font-family: &quot;Arial Narrow&quot;; font-size: 10px; color: rgb(170, 170, 204); left: 482.705px;">*</span><span id="s25" style="position: absolute; top: 611.72px; font-family: &quot;Arial Narrow&quot;; font-size: 17px; color: rgb(204, 204, 221); left: 619.037px;">*</span><span id="s26" style="position: absolute; top: 355.24px; font-family: &quot;Comic Sans MS&quot;; font-size: 14px; color: rgb(170, 170, 204); left: 964.301px;">*</span><span id="s27" style="position: absolute; top: 579.6px; font-family: &quot;Comic Sans MS&quot;; font-size: 10px; color: rgb(221, 221, 255); left: 815.185px;">*</span><span id="s28" style="position: absolute; top: 222.4px; font-family: &quot;Arial Black&quot;; font-size: 15px; color: rgb(170, 170, 204); left: 1401.02px;">*</span><span id="s29" style="position: absolute; top: 166.76px; font-family: &quot;Arial Black&quot;; font-size: 11px; color: rgb(204, 204, 221); left: 790.15px;">*</span><span id="s30" style="position: absolute; top: 136.08px; font-family: &quot;Arial Black&quot;; font-size: 18px; color: rgb(170, 170, 204); left: 703.982px;">*</span><span id="s31" style="position: absolute; top: 427.08px; font-family: &quot;Arial Narrow&quot;; font-size: 13px; color: rgb(240, 255, 255); left: 1125.66px;">*</span><span id="s32" style="position: absolute; top: 82.56px; font-family: &quot;Comic Sans MS&quot;; font-size: 16px; color: rgb(204, 204, 221); left: 228.411px;">*</span><span id="s33" style="position: absolute; top: 271.92px; font-family: &quot;Arial Black&quot;; font-size: 12px; color: rgb(240, 255, 255); left: 1256.56px;">*</span><span id="s34" style="position: absolute; top: 163.24px; font-family: Times; font-size: 14px; color: rgb(243, 243, 243); left: 342.888px;">*</span><span id="s35" style="position: absolute; top: 315.56px; font-family: &quot;Comic Sans MS&quot;; font-size: 16px; color: rgb(243, 243, 243); left: 1528.4px;">*</span> <center><div id="q">hacked by MR44J <style>body{overflow:hidden;background-color:black}#q{font:40px impact;color:white;position:absolute;left:0;right:0;top:46%} </style></div></center></body></html>
Original PHP code
GIF89; <title>hacked by MR44J</title> <script>var g=35,f=new Array("#AAAACC","#DDDDFF","#CCCCDD","#F3F3F3","#F0FFFF"),e=new Array("Arial Black","Arial Narrow","Times","Comic Sans MS"),d="*",m=0.6,a=22,b=8,c=1,j=new Array(),k,l,x,n=new Array(),o=new Array(),p=new Array(),q=navigator.userAgent,r=document.all&&document.getElementById&&!q.match(/Opera/),s=document.getElementById&&!document.all,u=q.match(/Opera/),t=r||s||u;function y(z){return Math.floor(z*Math.random())}function v(){if(r||u){k=document.body.clientHeight;l=document.body.clientWidth;}else if(s){k=window.innerHeight;l=window.innerWidth;}var h=a-b;for(i=0;i<=g;i++){o[i]=0;p[i]=Math.random()*15;n[i]=0.03+Math.random()/10;j[i]=document.getElementById("s"+i);j[i].style.fontFamily=e[y(e.length)];j[i].size=y(h)+b;j[i].style.fontSize=j[i].size;j[i].style.color=f[y(f.length)];j[i].sink=m*j[i].size/5;if(c==1){j[i].posx=y(l-j[i].size)}if(c==2){j[i].posx=y(l/2-j[i].size)}if(c==3){j[i].posx=y(l/2-j[i].size)+l/4};if(c==4){j[i].posx=y(l/2-j[i].size)+l/2}j[i].posy=y(2*k-k-2*j[i].size);j[i].style.left=j[i].posx;j[i].style.top=j[i].posy}w()}function w(){for(i=0;i<=g;i++){o[i]+=n[i];j[i].posy+=j[i].sink;j[i].style.left=j[i].posx+p[i]*Math.sin(o[i]);j[i].style.top=j[i].posy;if(j[i].posy>=k-2*j[i].size||parseInt(j[i].style.left)>(l-3*p[i])){if(c==1){j[i].posx=y(l-j[i].size)}if(c==2){j[i].posx=y(l/2-j[i].size)}if(c==3){j[i].posx=y(l/2-j[i].size)+l/4}if(c==4){j[i].posx=y(l/2-j[i].size)+l/2}j[i].posy=0}}var x=setTimeout("w()",50)}for(i=0;i<=g;i++){document.write("<span id='s"+i+"' style='position:absolute;top:-"+a+"'>"+d+"</span>")}if(t){window.onload=v}</script> <center><div id=q>hacked by MR44J <style>body{overflow:hidden;background-color:black}#q{font:40px impact;color:white;position:absolute;left:0;right:0;top:46%}
PHP Malware Analysis

index.php

md5: 4930436885280933dbe614d0e5459656

Screenshot

Attributes

Deobfuscated PHP code

Execution traces

Generated HTML code

Original PHP code
