PHP Malware Analysis

index.php

md5: cd9d9e477d6ba2c3a5d6b6bf808eca5b

Jump to: 

Screenshot
Attributes
Emails

Title

URLs

Deobfuscated PHP code
<!doctype html>
<html lang="en">
  <head>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=0.75, shrink-to-fit=no">
    <meta name="description" content="SandsX ft Andrew">
    <meta property="og:image" content="https://images2.imgbox.com/96/2c/5N8XvtAv_o.jpg">
    <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap@4.0.0/dist/css/bootstrap.min.css" integrity="sha384-Gn5384xqQ1aoWXA+058RXPxPg6fy4IWvTNh0E263XmFcJlSAwiGgFAW/dAiS6JXm" crossorigin="anonymous">
    <title>Hacked By 22XploiterCrew</title>
    <style>
    @import url('https://fonts.googleapis.com/css2?family=Caveat+Brush&family=Rubik+Dirt&display=swap');
    .hello {
      font-family: "Rubik Dirt";
      font-size: 3em;
      border-bottom: 2px solid #000;
    }
    img {
      margin: 0;
      padding: 0;
      width: 200px;
    }
    body {
      font-family: "Caveat Brush";
    }
    p {
      color: salmon;
      font-size: 22px;
    }
    </style>
  </head>
  <body>
    <div class="container mt-3">
      <h2 class="hello text-center m-0 p-0">22XploiterCrew</h2>
      <img src="https://images2.imgbox.com/d9/11/MHP66eTd_o.png" alt="" class="mx-auto d-block">
      <h4 class="hack text-center">-=[ Hacked by SandsX ft Andrew ]=-</h4>
      <div class="mt-3">
        <p class="text-center">
          "Kabeh kui ono dalane, Cuma durung dibangun"
        </p>
        <div class="mt-5 text-center">
          <small class="text-muted">
            Parkerzanta - Jati Rexsa - AdestaHaxor - ./Hades - CheezxFake - AryaKun
          </small>
        </div>
      </div>
    </div>
  </body>
</html>

Execution traces
data/traces/cd9d9e477d6ba2c3a5d6b6bf808eca5b_trace-1676261529.9206.xt
Version: 3.1.0beta2
File format: 4
TRACE START [2023-02-13 02:12:35.818482]
1	0	1	0.000278	393512
1	3	0	0.000344	394824	{main}	1		/var/www/html/uploads/index.php	0	0
1	3	1	0.000368	394824
			0.000413	314224
TRACE END   [2023-02-13 02:12:35.818673]


Generated HTML code
<html lang="en"><head>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=0.75, shrink-to-fit=no">
    <meta name="description" content="SandsX ft Andrew">
    <meta property="og:image" content="https://images2.imgbox.com/96/2c/5N8XvtAv_o.jpg">
    <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap@4.0.0/dist/css/bootstrap.min.css" integrity="sha384-Gn5384xqQ1aoWXA+058RXPxPg6fy4IWvTNh0E263XmFcJlSAwiGgFAW/dAiS6JXm" crossorigin="anonymous">
    <title>Hacked By 22XploiterCrew</title>
    <style>
    @import url('https://fonts.googleapis.com/css2?family=Caveat+Brush&family=Rubik+Dirt&display=swap');
    .hello {
      font-family: "Rubik Dirt";
      font-size: 3em;
      border-bottom: 2px solid #000;
    }
    img {
      margin: 0;
      padding: 0;
      width: 200px;
    }
    body {
      font-family: "Caveat Brush";
    }
    p {
      color: salmon;
      font-size: 22px;
    }
    </style>
  </head>
  <body>
    <div class="container mt-3">
      <h2 class="hello text-center m-0 p-0">22XploiterCrew</h2>
      <img src="https://images2.imgbox.com/d9/11/MHP66eTd_o.png" alt="" class="mx-auto d-block">
      <h4 class="hack text-center">-=[ Hacked by SandsX ft Andrew ]=-</h4>
      <div class="mt-3">
        <p class="text-center">
          "Kabeh kui ono dalane, Cuma durung dibangun"
        </p>
        <div class="mt-5 text-center">
          <small class="text-muted">
            Parkerzanta - Jati Rexsa - AdestaHaxor - ./Hades - CheezxFake - AryaKun
          </small>
        </div>
      </div>
    </div>
  

</body></html>
Original PHP code
<!doctype html>
<html lang="en">
  <head>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=0.75, shrink-to-fit=no">
    <meta name="description" content="SandsX ft Andrew">
    <meta property="og:image" content="https://images2.imgbox.com/96/2c/5N8XvtAv_o.jpg">
    <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap@4.0.0/dist/css/bootstrap.min.css" integrity="sha384-Gn5384xqQ1aoWXA+058RXPxPg6fy4IWvTNh0E263XmFcJlSAwiGgFAW/dAiS6JXm" crossorigin="anonymous">
    <title>Hacked By 22XploiterCrew</title>
    <style>
    @import url('https://fonts.googleapis.com/css2?family=Caveat+Brush&family=Rubik+Dirt&display=swap');
    .hello {
      font-family: "Rubik Dirt";
      font-size: 3em;
      border-bottom: 2px solid #000;
    }
    img {
      margin: 0;
      padding: 0;
      width: 200px;
    }
    body {
      font-family: "Caveat Brush";
    }
    p {
      color: salmon;
      font-size: 22px;
    }
    </style>
  </head>
  <body>
    <div class="container mt-3">
      <h2 class="hello text-center m-0 p-0">22XploiterCrew</h2>
      <img src="https://images2.imgbox.com/d9/11/MHP66eTd_o.png" alt="" class="mx-auto d-block">
      <h4 class="hack text-center">-=[ Hacked by SandsX ft Andrew ]=-</h4>
      <div class="mt-3">
        <p class="text-center">
          "Kabeh kui ono dalane, Cuma durung dibangun"
        </p>
        <div class="mt-5 text-center">
          <small class="text-muted">
            Parkerzanta - Jati Rexsa - AdestaHaxor - ./Hades - CheezxFake - AryaKun
          </small>
        </div>
      </div>
    </div>
  </body>
</html>