PHP Malware Analysis
index.html, index.php, p.htm
md5: ad025b124dbfd7a1eacf322415a91a45
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
Title
- Hacked by TN.MDK (Deobfuscated, HTML, Original)
URLs
- https://lh3.googleusercontent.com/-71pFn4Vadtg/YjKkrWU5lfI/AAAAAAAAAAc/0duh0WapmCg9KMoRw2v81VSuhf9k9RiuQCNcBGAsYHQ/h240/20210327_215833.png (Deobfuscated, HTML, Original)
Deobfuscated PHP code
<HTML>
<head>
<link rel="icon" type="image/png" href="https://lh3.googleusercontent.com/-71pFn4Vadtg/YjKkrWU5lfI/AAAAAAAAAAc/0duh0WapmCg9KMoRw2v81VSuhf9k9RiuQCNcBGAsYHQ/h240/20210327_215833.png"/>
<title>Hacked by TN.MDK</title>
<meta name="description" content="your site hass been hacked">
<body bgcolor="black">
<style>
pre{
color:white;
}
img{
opacity: 70%;
border-radius: 7%;
}
</style>
</body>
<table width="100%" height="50%">
<tbody>
<tr>
<td align="center">
<center>
<pre>
.------.------.
+-------------+ ___ | | |
| | \ /] | | |
| | _ _(_) | | |
| | ___)) [ | \___ | | |
| | ) //o | | \ | | |
| | _ (_ > | | ] | | |
| __ | (O) \__< | | ____/ '------'------'
| / o| [/] / \) [__|/_
| | [\]| ( \ __/___\_____
| | [/]| \ \__ ___| |
| | [\]| \___E/%%/|____________|_____
| | [/]|=====__ (_____________________)
| | [\] \_____ \ | |
| | [/========\ | | |
| | [\] []| | | |
| | [/] []| |_ | |
| | [\] []|___) | |
====================================================================
</pre>
<p></p>
<font size="4px" face="courier new" color="white"> Hacked by TN.MDK </font>
<p></p>
<font size="4px" face="courier new" color="white"> Message</font>
<p></p><font size="4px" face="courier new" color="white"> hello admin of your website I defaced because there was a bug that was not fixed </font>
<p></p><font color="white" size="4px" face="courier New">Thanks To</font>
<p></p><font color="white" size="4px" face="courier New">| Bali Blackhat | K0R3X TEM3N T3AM | Cowok Tersakiti Team | TsecNetwork |</font>
<p></p><marquee width="50%"><font size="4px" face="courier new" color="white">ARD1K4_G4NS ~ MR.CRS ~ MR.Ngebug Kluyut :3 ~ CepuSosial ~ MR.tregear ~ DR4GON3/TEMO ~ Pixie ~ ./SaklarRusak ~ and You</font></marquee>
<p></p><font size="4px" face="courier new" color="white">- just for fun -</font>
<br><br>Execution traces
data/traces/ad025b124dbfd7a1eacf322415a91a45_trace-1676257830.0418.xtVersion: 3.1.0beta2
File format: 4
TRACE START [2023-02-13 01:10:55.939615]
1 0 1 0.000153 393512
1 3 0 0.000196 396104 {main} 1 /var/www/html/uploads/index.php 0 0
1 3 1 0.000213 396104
0.000239 314224
TRACE END [2023-02-13 01:10:55.939728]
Generated HTML code
<html><head>
<link rel="icon" type="image/png" href="https://lh3.googleusercontent.com/-71pFn4Vadtg/YjKkrWU5lfI/AAAAAAAAAAc/0duh0WapmCg9KMoRw2v81VSuhf9k9RiuQCNcBGAsYHQ/h240/20210327_215833.png">
<title>Hacked by TN.MDK</title>
<meta name="description" content="your site hass been hacked">
</head><body bgcolor="black">
<style>
pre{
color:white;
}
img{
opacity: 70%;
border-radius: 7%;
}
</style>
<table width="100%" height="50%">
<tbody>
<tr>
<td align="center">
<center>
<pre> .------.------.
+-------------+ ___ | | |
| | \ /] | | |
| | _ _(_) | | |
| | ___)) [ | \___ | | |
| | ) //o | | \ | | |
| | _ (_ > | | ] | | |
| __ | (O) \__< | | ____/ '------'------'
| / o| [/] / \) [__|/_
| | [\]| ( \ __/___\_____
| | [/]| \ \__ ___| |
| | [\]| \___E/%%/|____________|_____
| | [/]|=====__ (_____________________)
| | [\] \_____ \ | |
| | [/========\ | | |
| | [\] []| | | |
| | [/] []| |_ | |
| | [\] []|___) | |
====================================================================
</pre>
<p></p>
<font size="4px" face="courier new" color="white"> Hacked by TN.MDK </font>
<p></p>
<font size="4px" face="courier new" color="white"> Message</font>
<p></p><font size="4px" face="courier new" color="white"> hello admin of your website I defaced because there was a bug that was not fixed </font>
<p></p><font color="white" size="4px" face="courier New">Thanks To</font>
<p></p><font color="white" size="4px" face="courier New">| Bali Blackhat | K0R3X TEM3N T3AM | Cowok Tersakiti Team | TsecNetwork |</font>
<p></p><marquee width="50%"><font size="4px" face="courier new" color="white">ARD1K4_G4NS ~ MR.CRS ~ MR.Ngebug Kluyut :3 ~ CepuSosial ~ MR.tregear ~ DR4GON3/TEMO ~ Pixie ~ ./SaklarRusak ~ and You</font></marquee>
<p></p><font size="4px" face="courier new" color="white">- just for fun -</font>
<br><br></center></td></tr></tbody></table></body></html>Original PHP code
<HTML>
<head>
<link rel="icon" type="image/png" href="https://lh3.googleusercontent.com/-71pFn4Vadtg/YjKkrWU5lfI/AAAAAAAAAAc/0duh0WapmCg9KMoRw2v81VSuhf9k9RiuQCNcBGAsYHQ/h240/20210327_215833.png"/>
<title>Hacked by TN.MDK</title>
<meta name="description" content="your site hass been hacked">
<body bgcolor="black">
<style>
pre{
color:white;
}
img{
opacity: 70%;
border-radius: 7%;
}
</style>
</body>
<table width="100%" height="50%">
<tbody>
<tr>
<td align="center">
<center>
<pre>
.------.------.
+-------------+ ___ | | |
| | \ /] | | |
| | _ _(_) | | |
| | ___)) [ | \___ | | |
| | ) //o | | \ | | |
| | _ (_ > | | ] | | |
| __ | (O) \__< | | ____/ '------'------'
| / o| [/] / \) [__|/_
| | [\]| ( \ __/___\_____
| | [/]| \ \__ ___| |
| | [\]| \___E/%%/|____________|_____
| | [/]|=====__ (_____________________)
| | [\] \_____ \ | |
| | [/========\ | | |
| | [\] []| | | |
| | [/] []| |_ | |
| | [\] []|___) | |
====================================================================
</pre>
<p></p>
<font size="4px" face="courier new" color="white"> Hacked by TN.MDK </font>
<p></p>
<font size="4px" face="courier new" color="white"> Message</font>
<p></p><font size="4px" face="courier new" color="white"> hello admin of your website I defaced because there was a bug that was not fixed </font>
<p></p><font color="white" size="4px" face="courier New">Thanks To</font>
<p></p><font color="white" size="4px" face="courier New">| Bali Blackhat | K0R3X TEM3N T3AM | Cowok Tersakiti Team | TsecNetwork |</font>
<p></p><marquee width="50%"><font size="4px" face="courier new" color="white">ARD1K4_G4NS ~ MR.CRS ~ MR.Ngebug Kluyut :3 ~ CepuSosial ~ MR.tregear ~ DR4GON3/TEMO ~ Pixie ~ ./SaklarRusak ~ and You</font></marquee>
<p></p><font size="4px" face="courier new" color="white">- just for fun -</font>
<br><br>