PHP Malware Analysis

surg4bij4k.html, surg4bij4k.php, surg4bij4k.pht

md5: c4e90058e09dd00458306bf0489a61e5

Jump to: 

Screenshot
Attributes
Title

URLs

Deobfuscated PHP code
</<html>



<head>



<title>.: surg4bij4k :.</title>

<meta name='description' content='surg4bij4k'/>

<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css">
	
<link rel="stylesheet" href="https://rawcdn.githack.com/nako48/shiraookaaaa/f37b3bb82ba199ac8df3a394d8652e56872935a9/style-css.css"><center>

<div class="glitch-wrapper">
<div class="glitch" data-text="maz apip">Hacked By surg4bij4k
<br>
<br>
<pre>


  _    _            _            _ 
 | |  | |          | |          | |
 | |__| | __ _  ___| | _____  __| |
 |  __  |/ _` |/ __| |/ / _ \/ _` |
 | |  | | (_| | (__|   <  __/ (_| |
 |_|  |_|\__,_|\___|_|\_\___|\__,_|
                                   
                                   



</pre>
<audio controls loop="true">
<source src="https://i.top4top.io/m_2212vaoii0.mp3" type="audio/mpeg">
</audio><br><br>
PLAY THE MUSIC<br>LEGEND WAS BACK!!<br>www.zone-h.org/archive/notifier=surg4bij4k<br>INDONESIA GRUNGE!!!!<br>
<a href="https://mazapip.blogspot.com">https://mazapip.blogspot.com</a>

Execution traces
data/traces/c4e90058e09dd00458306bf0489a61e5_trace-1676238535.6907.xt
Version: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 19:49:21.588486]
1	0	1	0.000192	393528
1	3	0	0.000235	394336	{main}	1		/var/www/html/uploads/surg4bij4k.php	0	0
1	3	1	0.000253	394336
			0.000279	314240
TRACE END   [2023-02-12 19:49:21.588612]


data/traces/c4e90058e09dd00458306bf0489a61e5_trace-1676255380.3071.xt
Version: 3.1.0beta2
File format: 4
TRACE START [2023-02-13 00:30:06.204947]
1	0	1	0.000167	393528
1	3	0	0.000211	394336	{main}	1		/var/www/html/uploads/surg4bij4k.pht	0	0
1	3	1	0.000228	394336
			0.000253	314240
TRACE END   [2023-02-13 00:30:06.205066]


Generated HTML code
<html><head>



<title>.: surg4bij4k :.</title>

<meta name="description" content="surg4bij4k">

<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css">
	
<link rel="stylesheet" href="https://rawcdn.githack.com/nako48/shiraookaaaa/f37b3bb82ba199ac8df3a394d8652e56872935a9/style-css.css"></head><body><center>

<div class="glitch-wrapper">
<div class="glitch" data-text="maz apip">Hacked By surg4bij4k
<br>
<br>
<pre>

  _    _            _            _ 
 | |  | |          | |          | |
 | |__| | __ _  ___| | _____  __| |
 |  __  |/ _` |/ __| |/ / _ \/ _` |
 | |  | | (_| | (__|   &lt;  __/ (_| |
 |_|  |_|\__,_|\___|_|\_\___|\__,_|
                                   
                                   



</pre>
<audio controls="" loop="true">
<source src="https://i.top4top.io/m_2212vaoii0.mp3" type="audio/mpeg">
</audio><br><br>
PLAY THE MUSIC<br>LEGEND WAS BACK!!<br>www.zone-h.org/archive/notifier=surg4bij4k<br>INDONESIA GRUNGE!!!!<br>
<a href="https://mazapip.blogspot.com">https://mazapip.blogspot.com</a>
</div></div></center></body></html>
Original PHP code
</<html>



<head>



<title>.: surg4bij4k :.</title>

<meta name='description' content='surg4bij4k'/>

<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css">
	
<link rel="stylesheet" href="https://rawcdn.githack.com/nako48/shiraookaaaa/f37b3bb82ba199ac8df3a394d8652e56872935a9/style-css.css"><center>

<div class="glitch-wrapper">
<div class="glitch" data-text="maz apip">Hacked By surg4bij4k
<br>
<br>
<pre>


  _    _            _            _ 
 | |  | |          | |          | |
 | |__| | __ _  ___| | _____  __| |
 |  __  |/ _` |/ __| |/ / _ \/ _` |
 | |  | | (_| | (__|   <  __/ (_| |
 |_|  |_|\__,_|\___|_|\_\___|\__,_|
                                   
                                   



</pre>
<audio controls loop="true">
<source src="https://i.top4top.io/m_2212vaoii0.mp3" type="audio/mpeg">
</audio><br><br>
PLAY THE MUSIC<br>LEGEND WAS BACK!!<br>www.zone-h.org/archive/notifier=surg4bij4k<br>INDONESIA GRUNGE!!!!<br>
<a href="https://mazapip.blogspot.com">https://mazapip.blogspot.com</a>