PHP Malware Analysis
root.html
md5: 5ee7f41bee3e3b41b7065c82e1834ffd
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
Title
- [!]Hacked by team_tsec [!] (Deobfuscated, HTML, Original)
URLs
- http://i.imgur.com/Cln0zMc.png (Deobfuscated, HTML, Original)
- https://cdn.anarchyzeus.wiki/noselect.css (Deobfuscated, HTML, Original)
- https://h.top4top.io/m_2317njq9e4.mp3 (Deobfuscated, HTML, Original)
- https://rebel-bit.github.io/i.woff (Deobfuscated, HTML, Original)
- https://rebel-bit.github.io/i.woff2 (Deobfuscated, HTML, Original)
- https://use.fontawesome.com/releases/v5.8.1/css/all.css (Deobfuscated, HTML, Original)
- https://www.freepnglogos.com/uploads/hacker-png/hacker-interpol-arrests-suspected-anonymous-hackers-motley-5.png (Deobfuscated, HTML, Original)
Deobfuscated PHP code
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<link rel="icon" type="image/x-icon" href="https://www.freepnglogos.com/uploads/hacker-png/hacker-interpol-arrests-suspected-anonymous-hackers-motley-5.png" />
<meta name="keywords" content="Hacked By washere ft xcode" />
<meta name="keywords" content="Hacked By washere" />
<title>[!]Hacked by team_tsec [!]</title>
<style>
@charset "UTF-8";
@import url(https://cdn.anarchyzeus.wiki/noselect.css);
@import url(https://use.fontawesome.com/releases/v5.8.1/css/all.css);
@font-face {
font-family: i;
src: url(https://rebel-bit.github.io/i.woff2) format("woff2"),
url(https://rebel-bit.github.io/i.woff) format("woff");
}
body {
font-family: i;
font-size: 20px;
background-color: #2c3e50;
cursor: url("http://i.imgur.com/Cln0zMc.png"), default
}
h2,
h4 {
font-family: i;
color: blue;
text-shadow: 0px 0px 1px #ffffff;
text-align: center;
}
br{
font-size: 20px;
}
</style>
</head>
<body onclick="playAudio();">
<h2>[!]hacked by washere Ft ?[!]</h2>
<center>
<img src="https://www.freepnglogos.com/uploads/hacker-png/hacker-interpol-arrests-suspected-anonymous-hackers-motley-5.png" width="300" height="300" />
</center>
<h4>
[=[jawatengah_xploit][foursedeath][tegalXploither][tsec_team][ghost1337][AnonSecTeam][tugu_crews][semarang_crews][badun6etar][banyumasXploither]=]<br>
<font color="white" font="" face="i">[]----=「<marquee width="30%" behavior="alternate" scrollamount="5">ghost1337 - semarang_crews - jawatengah_xploit</marquee><font color="white">」=-----[]</font>
</font>
</h4>
<audio id="sec" __idm_id__="823202817">
<source src="https://h.top4top.io/m_2317njq9e4.mp3" type="audio/mpeg">
</audio>
<script>
var x = document.getElementById("sec");
function playAudio() {
x.play();
}
function myFunction() {
var element = document.body;
element.classList.toggle("dark-mode");
}
function changeImage() {
if (document.getElementById("imgClickAndChange").src == "body") {
document.getElementById("imgClickAndChange").src = "body";
} else {
document.getElementById("imgClickAndChange").src = "body";
}
}
</script>
</body>
</html>Execution traces
Generated HTML code
<html lang="en"><head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="icon" type="image/x-icon" href="https://www.freepnglogos.com/uploads/hacker-png/hacker-interpol-arrests-suspected-anonymous-hackers-motley-5.png">
<meta name="keywords" content="Hacked By washere ft xcode">
<meta name="keywords" content="Hacked By washere">
<title>[!]Hacked by team_tsec [!]</title>
<style>
@charset "UTF-8";
@import url(https://cdn.anarchyzeus.wiki/noselect.css);
@import url(https://use.fontawesome.com/releases/v5.8.1/css/all.css);
@font-face {
font-family: i;
src: url(https://rebel-bit.github.io/i.woff2) format("woff2"),
url(https://rebel-bit.github.io/i.woff) format("woff");
}
body {
font-family: i;
font-size: 20px;
background-color: #2c3e50;
cursor: url("http://i.imgur.com/Cln0zMc.png"), default
}
h2,
h4 {
font-family: i;
color: blue;
text-shadow: 0px 0px 1px #ffffff;
text-align: center;
}
br{
font-size: 20px;
}
</style>
</head>
<body onclick="playAudio();">
<h2>[!]hacked by washere Ft ?[!]</h2>
<center>
<img src="https://www.freepnglogos.com/uploads/hacker-png/hacker-interpol-arrests-suspected-anonymous-hackers-motley-5.png" width="300" height="300">
</center>
<h4>
[=[jawatengah_xploit][foursedeath][tegalXploither][tsec_team][ghost1337][AnonSecTeam][tugu_crews][semarang_crews][badun6etar][banyumasXploither]=]<br>
<font color="white" font="" face="i">[]----=「<marquee width="30%" behavior="alternate" scrollamount="5">ghost1337 - semarang_crews - jawatengah_xploit</marquee><font color="white">」=-----[]</font>
</font>
</h4>
<audio id="sec" __idm_id__="823202817">
<source src="https://h.top4top.io/m_2317njq9e4.mp3" type="audio/mpeg">
</audio>
<script>
var x = document.getElementById("sec");
function playAudio() {
x.play();
}
function myFunction() {
var element = document.body;
element.classList.toggle("dark-mode");
}
function changeImage() {
if (document.getElementById("imgClickAndChange").src == "body") {
document.getElementById("imgClickAndChange").src = "body";
} else {
document.getElementById("imgClickAndChange").src = "body";
}
}
</script>
</body></html>Original PHP code
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<link rel="icon" type="image/x-icon" href="https://www.freepnglogos.com/uploads/hacker-png/hacker-interpol-arrests-suspected-anonymous-hackers-motley-5.png" />
<meta name="keywords" content="Hacked By washere ft xcode" />
<meta name="keywords" content="Hacked By washere" />
<title>[!]Hacked by team_tsec [!]</title>
<style>
@charset "UTF-8";
@import url(https://cdn.anarchyzeus.wiki/noselect.css);
@import url(https://use.fontawesome.com/releases/v5.8.1/css/all.css);
@font-face {
font-family: i;
src: url(https://rebel-bit.github.io/i.woff2) format("woff2"),
url(https://rebel-bit.github.io/i.woff) format("woff");
}
body {
font-family: i;
font-size: 20px;
background-color: #2c3e50;
cursor: url("http://i.imgur.com/Cln0zMc.png"), default
}
h2,
h4 {
font-family: i;
color: blue;
text-shadow: 0px 0px 1px #ffffff;
text-align: center;
}
br{
font-size: 20px;
}
</style>
</head>
<body onclick="playAudio();">
<h2>[!]hacked by washere Ft ?[!]</h2>
<center>
<img src="https://www.freepnglogos.com/uploads/hacker-png/hacker-interpol-arrests-suspected-anonymous-hackers-motley-5.png" width="300" height="300" />
</center>
<h4>
[=[jawatengah_xploit][foursedeath][tegalXploither][tsec_team][ghost1337][AnonSecTeam][tugu_crews][semarang_crews][badun6etar][banyumasXploither]=]<br>
<font color="white" font="" face="i">[]----=「<marquee width="30%" behavior="alternate" scrollamount="5">ghost1337 - semarang_crews - jawatengah_xploit</marquee><font color="white">」=-----[]</font>
</font>
</h4>
<audio id="sec" __idm_id__="823202817">
<source src="https://h.top4top.io/m_2317njq9e4.mp3" type="audio/mpeg">
</audio>
<script>
var x = document.getElementById("sec");
function playAudio() {
x.play();
}
function myFunction() {
var element = document.body;
element.classList.toggle("dark-mode");
}
function changeImage() {
if (document.getElementById("imgClickAndChange").src == "body") {
document.getElementById("imgClickAndChange").src = "body";
} else {
document.getElementById("imgClickAndChange").src = "body";
}
}
</script>
</body>
</html>