a.html, mrh4ted.html

md5: 5e15265405f7ac2ffc5a2e59660e095b

Jump to:
Deobfuscated code (Read more)
Execution traces (Read more)
Generated HTML (Read more)
Original Code (Read more)
Screenshot
No Image
Attributes
Emails
h4ted@protonmail.com (Deobfuscated, Original)

Title
You Have Been Hacked (Deobfuscated, Original)

URLs
http://www.plusminusten.com/images/Anonymous.png (Deobfuscated, Original)
http://www.w3.org/1999/xhtml (Deobfuscated, Original)
https://d.top4top.io/m_2146q9x6c1.mp3 (Deobfuscated, Original)
https://instagram.com/mrh4ted/ (Deobfuscated, Original)
https://k.top4top.io/p_1995ca8w93.gif (Deobfuscated, Original)

Deobfuscated PHP code
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>You Have Been Hacked</title>
<link rel="Shortcut Icon" href="http://www.plusminusten.com/images/Anonymous.png" type="image/x-icon" />
</head>
<script language="JavaScript">

function tb5_makeArray(n){
 this.length = n;
 return this.length;
}

tb5_messages = new tb5_makeArray(5);
tb5_messages[0] = "Hacked By MrH4ted";
tb5_messages[1] = "MrH4ted Was Here";
tb5_messages[2] = "Your Security is Low";
tb5_messages[3] = "You most Learn About Security";
tb5_messages[4] = "MrH4ted";
tb5_rptType = 'infinite';
tb5_rptNbr = 20;
tb5_speed = 1;
tb5_delay = 2000;
var tb5_counter=2;
var tb5_currMsg=0;
var tb5_stsmsg="";
function tb5_shuffle(arr){
var k;
for (i=0; i<arr.length; i++){
 k = Math.round(Math.random() * (arr.length - i - 1)) + i;
 temp = arr[i];arr[i]=arr[k];arr[k]=temp;
}
return arr;
}
tb5_arr = new tb5_makeArray(tb5_messages[tb5_currMsg].length);
tb5_sts = new tb5_makeArray(tb5_messages[tb5_currMsg].length);
for (var i=0; i<tb5_messages[tb5_currMsg].length; i++){
 tb5_arr[i] = i;
 tb5_sts[i] = "_";
}
tb5_arr = tb5_shuffle(tb5_arr);
function tb5_init(n){
var k;
if (n == tb5_arr.length){
 if (tb5_currMsg == tb5_messages.length-1){
 if ((tb5_rptType == 'finite') && (tb5_counter==tb5_rptNbr)){
 clearTimeout(tb5_timerID);
 return;
 }
 tb5_counter++;
 tb5_currMsg=0;
 }
 else{
 tb5_currMsg++;
 }
 n=0;
 tb5_arr = new tb5_makeArray(tb5_messages[tb5_currMsg].length);
 tb5_sts = new tb5_makeArray(tb5_messages[tb5_currMsg].length);
 for (var i=0; i<tb5_messages[tb5_currMsg].length; i++){
 tb5_arr[i] = i;
 tb5_sts[i] = "_";
 }
 tb5_arr = tb5_shuffle(tb5_arr);
 tb5_sp=tb5_delay;
}
else{
 tb5_sp=tb5_speed;
 k = tb5_arr[n];
 tb5_sts[k] = tb5_messages[tb5_currMsg].charAt(k);
 tb5_stsmsg = "";
 for (var i=0; i<tb5_sts.length; i++)
 tb5_stsmsg += tb5_sts[i];
 document.title = tb5_stsmsg;
 n++;
 }
 tb5_timerID = setTimeout("tb5_init("+n+")", tb5_sp);
}
function tb5_randomizetitle(){
 tb5_init(0);
}
tb5_randomizetitle();

</script>

<script>alert(' HACKED BY MrH4ted ;)');</script>




<body text="#FFFFFF">


<center>
<style type="text/css">
body {
	
	background-color:#000;
}
#F1{
	
	font-size:40px;
	font-family:"Comic Sans MS", cursive;
	
}

#f2{
	
	font-family:"Comic Sans MS", cursive;
	font-size:15px;
}
#f3 {
	
	color:#CC0000;
}

#fx {
	
	color:#fff;
}
#pet {
	color:#CC0000;
	font-size:25px;
	font-family:"Comic Sans MS", cursive;
}
#instapet {
	color:#CC0000;
	font-size:20px;
	font-family:"Comic Sans MS", cursive;

}
#contact {
	color:#CC0000;
	font-size:25px;
	font-family:"Comic Sans MS", cursive;
}
</style>
<div id="F1">
<font color="#CC0000">
HACKED BY MrH4ted !!!
</font>
</div>
<img src="https://k.top4top.io/p_1995ca8w93.gif"/>
<div id="fx"><b>
</b>
</div>
<br>
<audio controls autoplay>
	<source src="https://d.top4top.io/m_2146q9x6c1.mp3" type="audio/mpeg">
	u cant hear music ;(
  </audio> 
<br>
<br>
<div id="contact">
contact me! ;)</div>
<br>
<div id="f3"><b><h3><a id="instapet" href="https://instagram.com/mrh4ted/">instagram</a></h3>
<div id="f3"><b><h3><a id="instapet" href="mailto:h4ted@protonmail.com">E-mail</a></h3></b></div>
</b>
</div>
</b>
</div>
</div>
<br>
<br>
</center>
</body>
</html>
Execution traces
Generated HTML code
Original PHP code
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>You Have Been Hacked</title>
<link rel="Shortcut Icon" href="http://www.plusminusten.com/images/Anonymous.png" type="image/x-icon" />
</head>
<script language="JavaScript">

function tb5_makeArray(n){
 this.length = n;
 return this.length;
}

tb5_messages = new tb5_makeArray(5);
tb5_messages[0] = "Hacked By MrH4ted";
tb5_messages[1] = "MrH4ted Was Here";
tb5_messages[2] = "Your Security is Low";
tb5_messages[3] = "You most Learn About Security";
tb5_messages[4] = "MrH4ted";
tb5_rptType = 'infinite';
tb5_rptNbr = 20;
tb5_speed = 1;
tb5_delay = 2000;
var tb5_counter=2;
var tb5_currMsg=0;
var tb5_stsmsg="";
function tb5_shuffle(arr){
var k;
for (i=0; i<arr.length; i++){
 k = Math.round(Math.random() * (arr.length - i - 1)) + i;
 temp = arr[i];arr[i]=arr[k];arr[k]=temp;
}
return arr;
}
tb5_arr = new tb5_makeArray(tb5_messages[tb5_currMsg].length);
tb5_sts = new tb5_makeArray(tb5_messages[tb5_currMsg].length);
for (var i=0; i<tb5_messages[tb5_currMsg].length; i++){
 tb5_arr[i] = i;
 tb5_sts[i] = "_";
}
tb5_arr = tb5_shuffle(tb5_arr);
function tb5_init(n){
var k;
if (n == tb5_arr.length){
 if (tb5_currMsg == tb5_messages.length-1){
 if ((tb5_rptType == 'finite') && (tb5_counter==tb5_rptNbr)){
 clearTimeout(tb5_timerID);
 return;
 }
 tb5_counter++;
 tb5_currMsg=0;
 }
 else{
 tb5_currMsg++;
 }
 n=0;
 tb5_arr = new tb5_makeArray(tb5_messages[tb5_currMsg].length);
 tb5_sts = new tb5_makeArray(tb5_messages[tb5_currMsg].length);
 for (var i=0; i<tb5_messages[tb5_currMsg].length; i++){
 tb5_arr[i] = i;
 tb5_sts[i] = "_";
 }
 tb5_arr = tb5_shuffle(tb5_arr);
 tb5_sp=tb5_delay;
}
else{
 tb5_sp=tb5_speed;
 k = tb5_arr[n];
 tb5_sts[k] = tb5_messages[tb5_currMsg].charAt(k);
 tb5_stsmsg = "";
 for (var i=0; i<tb5_sts.length; i++)
 tb5_stsmsg += tb5_sts[i];
 document.title = tb5_stsmsg;
 n++;
 }
 tb5_timerID = setTimeout("tb5_init("+n+")", tb5_sp);
}
function tb5_randomizetitle(){
 tb5_init(0);
}
tb5_randomizetitle();

</script>

<script>alert(' HACKED BY MrH4ted ;)');</script>




<body text="#FFFFFF">


<center>
<style type="text/css">
body {
	
	background-color:#000;
}
#F1{
	
	font-size:40px;
	font-family:"Comic Sans MS", cursive;
	
}

#f2{
	
	font-family:"Comic Sans MS", cursive;
	font-size:15px;
}
#f3 {
	
	color:#CC0000;
}

#fx {
	
	color:#fff;
}
#pet {
	color:#CC0000;
	font-size:25px;
	font-family:"Comic Sans MS", cursive;
}
#instapet {
	color:#CC0000;
	font-size:20px;
	font-family:"Comic Sans MS", cursive;

}
#contact {
	color:#CC0000;
	font-size:25px;
	font-family:"Comic Sans MS", cursive;
}
</style>
<div id="F1">
<font color="#CC0000">
HACKED BY MrH4ted !!!
</font>
</div>
<img src="https://k.top4top.io/p_1995ca8w93.gif"/>
<div id="fx"><b>
</b>
</div>
<br>
<audio controls autoplay>
	<source src="https://d.top4top.io/m_2146q9x6c1.mp3" type="audio/mpeg">
	u cant hear music ;(
  </audio> 
<br>
<br>
<div id="contact">
contact me! ;)</div>
<br>
<div id="f3"><b><h3><a id="instapet" href="https://instagram.com/mrh4ted/">instagram</a></h3>
<div id="f3"><b><h3><a id="instapet" href="mailto:h4ted@protonmail.com">E-mail</a></h3></b></div>
</b>
</div>
</b>
</div>
</div>
<br>
<br>
</center>
</body>
</html>
PHP Malware Analysis

a.html, mrh4ted.html

md5: 5e15265405f7ac2ffc5a2e59660e095b

Screenshot

Attributes

Deobfuscated PHP code

Execution traces

Generated HTML code

Original PHP code
