PHP Malware Analysis
yx.html
md5: b200a21f284a77fd47c8e9a51cd37c08
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
Emails
- bondowosoblackhat@gmail.com (Deobfuscated, HTML, Original)
Title
- Hacked by Mr Exsploit Wmc (Deobfuscated, HTML, Original)
URLs
- https://c.top4top.io/p_2252p7oc46.png (Deobfuscated, HTML, Original)
- https://l.top4top.io/p_2248cfwwm9.jpg (Deobfuscated, HTML, Original)
Deobfuscated PHP code
<html>
<!--Mr Exsploit Wmc Was Here -->
<!-- BONDOWOSO BLACK HAT Team -->
<!-- if you read this admin, patch your security now
your server have many bug, if you didn't patch it on 3 month from now, something bad will happens -->
<head>
<title>Hacked by Mr Exsploit Wmc</title>
<meta charset="UTF-8"/>
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1" />
<meta property="og:title" content="Hacked by mr exsploit Wmc">
<meta name="description" content="wh00pz ! your security get down">
<meta property="og:description" content="wh00pz !your security get down">
<meta property="og:image" content="https://l.top4top.io/p_2248cfwwm9.jpg">
<meta name="theme-color" content="#fff">
<style type='text/css'>body,a:hover{cursor:url(../cur.cursors-4u.net/symbols/sym-1/sym46.cur),progress!important;}</style>
</head>
<body bgcolor="white" text="black" oncontextmenu="return false;" onkeydown="return false;" onmousedown="return false;" onclick="play()">
<style type="text/css">
center {
font-family: Courier;
}
img {
opacity: 80%;
}
red {
color: red;
}
</style>
<script language="JavaScript">
window.onbeforeunload = confirmExit;
function confirmExit() {
return "are you sure ? wkwk";
}
</script>
<table width="100%" height="80%">
<td>
<center>
<small>BONDOWOSO BLACK HAT</small><br>
<img src="https://c.top4top.io/p_2252p7oc46.png" width="220" height="220">
<br>Hacked by <red><i>Mr Exsploit Wmc</i></red><br><font size="2">wh00pz !your security get down<br>patch it before something bad happens<br></font><br>
<br><small><font size="1" color="gray">bondowosoblackhat@gmail.com</font></small><br><br><br>
<font size="2"><i>Mr Exsploit Wmc</i><br>
[ Mr FinsSm0ke/farell Haxor || TK IDDO X-PLOT || sabil xploit || Mr.R07 || arya gans || vinmafia06 || mr galaxsi.x || mr warnet || mr fox 858 || R666X || Ghos xploit || fajar xploit || angga xploit || Radar xploit || Arrabella Kimi P5xploiter || XNUXER HELLBOY || Razher || Mr.Venom]</font>
</td>
</table>Execution traces
Generated HTML code
<html><!--Mr Exsploit Wmc Was Here --><!-- BONDOWOSO BLACK HAT Team --><!-- if you read this admin, patch your security now
your server have many bug, if you didn't patch it on 3 month from now, something bad will happens --><head>
<title>Hacked by Mr Exsploit Wmc</title>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta property="og:title" content="Hacked by mr exsploit Wmc">
<meta name="description" content="wh00pz ! your security get down">
<meta property="og:description" content="wh00pz !your security get down">
<meta property="og:image" content="https://l.top4top.io/p_2248cfwwm9.jpg">
<meta name="theme-color" content="#fff">
<style type="text/css">body,a:hover{cursor:url(../cur.cursors-4u.net/symbols/sym-1/sym46.cur),progress!important;}</style>
</head>
<body bgcolor="white" text="black" oncontextmenu="return false;" onkeydown="return false;" onmousedown="return false;" onclick="play()">
<style type="text/css">
center {
font-family: Courier;
}
img {
opacity: 80%;
}
red {
color: red;
}
</style>
<script language="JavaScript">
window.onbeforeunload = confirmExit;
function confirmExit() {
return "are you sure ? wkwk";
}
</script>
<table width="100%" height="80%">
<tbody><tr><td>
<center>
<small>BONDOWOSO BLACK HAT</small><br>
<img src="https://c.top4top.io/p_2252p7oc46.png" width="220" height="220">
<br>Hacked by <red><i>Mr Exsploit Wmc</i></red><br><font size="2">wh00pz !your security get down<br>patch it before something bad happens<br></font><br>
<br><small><font size="1" color="gray">bondowosoblackhat@gmail.com</font></small><br><br><br>
<font size="2"><i>Mr Exsploit Wmc</i><br>
[ Mr FinsSm0ke/farell Haxor || TK IDDO X-PLOT || sabil xploit || Mr.R07 || arya gans || vinmafia06 || mr galaxsi.x || mr warnet || mr fox 858 || R666X || Ghos xploit || fajar xploit || angga xploit || Radar xploit || Arrabella Kimi P5xploiter || XNUXER HELLBOY || Razher || Mr.Venom]</font>
</center></td>
</tr></tbody></table></body></html>Original PHP code
<html>
<!--Mr Exsploit Wmc Was Here -->
<!-- BONDOWOSO BLACK HAT Team -->
<!-- if you read this admin, patch your security now
your server have many bug, if you didn't patch it on 3 month from now, something bad will happens -->
<head>
<title>Hacked by Mr Exsploit Wmc</title>
<meta charset="UTF-8"/>
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1" />
<meta property="og:title" content="Hacked by mr exsploit Wmc">
<meta name="description" content="wh00pz ! your security get down">
<meta property="og:description" content="wh00pz !your security get down">
<meta property="og:image" content="https://l.top4top.io/p_2248cfwwm9.jpg">
<meta name="theme-color" content="#fff">
<style type='text/css'>body,a:hover{cursor:url(../cur.cursors-4u.net/symbols/sym-1/sym46.cur),progress!important;}</style>
</head>
<body bgcolor="white" text="black" oncontextmenu="return false;" onkeydown="return false;" onmousedown="return false;" onclick="play()">
<style type="text/css">
center {
font-family: Courier;
}
img {
opacity: 80%;
}
red {
color: red;
}
</style>
<script language="JavaScript">
window.onbeforeunload = confirmExit;
function confirmExit() {
return "are you sure ? wkwk";
}
</script>
<table width="100%" height="80%">
<td>
<center>
<small>BONDOWOSO BLACK HAT</small><br>
<img src="https://c.top4top.io/p_2252p7oc46.png" width="220" height="220">
<br>Hacked by <red><i>Mr Exsploit Wmc</i></red><br><font size="2">wh00pz !your security get down<br>patch it before something bad happens<br></font><br>
<br><small><font size="1" color="gray">bondowosoblackhat@gmail.com</font></small><br><br><br>
<font size="2"><i>Mr Exsploit Wmc</i><br>
[ Mr FinsSm0ke/farell Haxor || TK IDDO X-PLOT || sabil xploit || Mr.R07 || arya gans || vinmafia06 || mr galaxsi.x || mr warnet || mr fox 858 || R666X || Ghos xploit || fajar xploit || angga xploit || Radar xploit || Arrabella Kimi P5xploiter || XNUXER HELLBOY || Razher || Mr.Venom]</font>
</td>
</table>