PHP Malware Analysis
u.php
md5: d59554450da91c7f41ec139ee9d2549a
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
URLs
- http://catkaltim.info/k.php (Deobfuscated, HTML, Original)
- http://cbt.mtsannurkarangjunti.sch.id/k.php (Deobfuscated, HTML, Original)
- http://dum.mabadrularifin.sch.id/k.php (Deobfuscated, HTML, Original)
- http://elearning.mabadrularifin.sch.id/k.php (Deobfuscated, HTML, Original)
- http://infokelulusan.mabadrularifin.sch.id/k.php (Deobfuscated, HTML, Original)
- http://ksm.mabadrularifin.sch.id/k.php (Deobfuscated, HTML, Original)
- http://mtsannurkarangjunti.sch.id/k.php (Deobfuscated, HTML, Original)
- http://mtsnuungaran.sch.id/k.php (Deobfuscated, HTML, Original)
- http://pas.mabadrularifin.sch.id/k.php (Deobfuscated, HTML, Original)
- http://pat.mabadrularifin.sch.id/k.php (Deobfuscated, HTML, Original)
- http://pembayaran.mabadrularifin.sch.id/k.php (Deobfuscated, HTML, Original)
- http://pilkosimputra.mabadrularifin.sch.id/k.php (Deobfuscated, HTML, Original)
- http://pilkosimputri.mabadrularifin.sch.id/k.php (Deobfuscated, HTML, Original)
- http://rdm.mtsannurkarangjunti.sch.id/k.php (Deobfuscated, HTML, Original)
- http://rdm2122genap.mabadrularifin.sch.id/k.php (Deobfuscated, HTML, Original)
- http://surat.mabadrularifin.sch.id/k.php (Deobfuscated, HTML, Original)
- http://themaster.mabadrularifin.sch.id/k.php (Deobfuscated, HTML, Original)
- http://umbk.mtsnuungaran.sch.id/k.php (Deobfuscated, HTML, Original)
- http://www.catrpmacademy.com/k.php (Deobfuscated, HTML, Original)
- http://www.zuga.online/k.php (Deobfuscated, HTML, Original)
- https://cat.sdnsukabumi10.sch.id/k.php (Deobfuscated, HTML, Original)
- https://dhafintech.com/k.php (Deobfuscated, HTML, Original)
- https://edu.sdnsukabumi10.sch.id/k.php (Deobfuscated, HTML, Original)
- https://el.sdnsukabumi10.sch.id/k.php (Deobfuscated, HTML, Original)
- https://sdnsukabumi10.sch.id/k.php (Deobfuscated, HTML, Original)
- https://umbk.mabadrularifin.sch.id/k.php (Deobfuscated, HTML, Original)
Deobfuscated PHP code
https://cat.sdnsukabumi10.sch.id/k.php
https://edu.sdnsukabumi10.sch.id/k.php
https://el.sdnsukabumi10.sch.id/k.php
https://sdnsukabumi10.sch.id/k.php
http://umbk.mtsnuungaran.sch.id/k.php
http://mtsnuungaran.sch.id/k.php
http://dum.mabadrularifin.sch.id/k.php
http://pilkosimputri.mabadrularifin.sch.id/k.php
http://elearning.mabadrularifin.sch.id/k.php
http://infokelulusan.mabadrularifin.sch.id/k.php
http://ksm.mabadrularifin.sch.id/k.php
http://pas.mabadrularifin.sch.id/k.php
http://pat.mabadrularifin.sch.id/k.php
http://pembayaran.mabadrularifin.sch.id/k.php
http://pilkosimputra.mabadrularifin.sch.id/k.php
http://rdm2122genap.mabadrularifin.sch.id/k.php
http://surat.mabadrularifin.sch.id/k.php
http://themaster.mabadrularifin.sch.id/k.php
https://umbk.mabadrularifin.sch.id/k.php
http://cbt.mtsannurkarangjunti.sch.id/k.php
http://rdm.mtsannurkarangjunti.sch.id/k.php
http://mtsannurkarangjunti.sch.id/k.php
https://dhafintech.com/k.php
http://catkaltim.info/k.php
http://www.catrpmacademy.com/k.php
http://rdm.mtsannurkarangjunti.sch.id/k.php
http://cbt.mtsannurkarangjunti.sch.id/k.php
http://mtsannurkarangjunti.sch.id/k.php
http://www.zuga.online/k.php
Execution traces
data/traces/d59554450da91c7f41ec139ee9d2549a_trace-1676250670.8086.xtVersion: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 23:11:36.706464]
1 0 1 0.000213 393464
1 3 0 0.000260 394264 {main} 1 /var/www/html/uploads/u.php 0 0
1 3 1 0.000287 394264
0.000315 314200
TRACE END [2023-02-12 23:11:36.706644]
Generated HTML code
<html><head></head><body>https://cat.sdnsukabumi10.sch.id/k.php
https://edu.sdnsukabumi10.sch.id/k.php
https://el.sdnsukabumi10.sch.id/k.php
https://sdnsukabumi10.sch.id/k.php
http://umbk.mtsnuungaran.sch.id/k.php
http://mtsnuungaran.sch.id/k.php
http://dum.mabadrularifin.sch.id/k.php
http://pilkosimputri.mabadrularifin.sch.id/k.php
http://elearning.mabadrularifin.sch.id/k.php
http://infokelulusan.mabadrularifin.sch.id/k.php
http://ksm.mabadrularifin.sch.id/k.php
http://pas.mabadrularifin.sch.id/k.php
http://pat.mabadrularifin.sch.id/k.php
http://pembayaran.mabadrularifin.sch.id/k.php
http://pilkosimputra.mabadrularifin.sch.id/k.php
http://rdm2122genap.mabadrularifin.sch.id/k.php
http://surat.mabadrularifin.sch.id/k.php
http://themaster.mabadrularifin.sch.id/k.php
https://umbk.mabadrularifin.sch.id/k.php
http://cbt.mtsannurkarangjunti.sch.id/k.php
http://rdm.mtsannurkarangjunti.sch.id/k.php
http://mtsannurkarangjunti.sch.id/k.php
https://dhafintech.com/k.php
http://catkaltim.info/k.php
http://www.catrpmacademy.com/k.php
http://rdm.mtsannurkarangjunti.sch.id/k.php
http://cbt.mtsannurkarangjunti.sch.id/k.php
http://mtsannurkarangjunti.sch.id/k.php
http://www.zuga.online/k.php
</body></html>Original PHP code
https://cat.sdnsukabumi10.sch.id/k.php
https://edu.sdnsukabumi10.sch.id/k.php
https://el.sdnsukabumi10.sch.id/k.php
https://sdnsukabumi10.sch.id/k.php
http://umbk.mtsnuungaran.sch.id/k.php
http://mtsnuungaran.sch.id/k.php
http://dum.mabadrularifin.sch.id/k.php
http://pilkosimputri.mabadrularifin.sch.id/k.php
http://elearning.mabadrularifin.sch.id/k.php
http://infokelulusan.mabadrularifin.sch.id/k.php
http://ksm.mabadrularifin.sch.id/k.php
http://pas.mabadrularifin.sch.id/k.php
http://pat.mabadrularifin.sch.id/k.php
http://pembayaran.mabadrularifin.sch.id/k.php
http://pilkosimputra.mabadrularifin.sch.id/k.php
http://rdm2122genap.mabadrularifin.sch.id/k.php
http://surat.mabadrularifin.sch.id/k.php
http://themaster.mabadrularifin.sch.id/k.php
https://umbk.mabadrularifin.sch.id/k.php
http://cbt.mtsannurkarangjunti.sch.id/k.php
http://rdm.mtsannurkarangjunti.sch.id/k.php
http://mtsannurkarangjunti.sch.id/k.php
https://dhafintech.com/k.php
http://catkaltim.info/k.php
http://www.catrpmacademy.com/k.php
http://rdm.mtsannurkarangjunti.sch.id/k.php
http://cbt.mtsannurkarangjunti.sch.id/k.php
http://mtsannurkarangjunti.sch.id/k.php
http://www.zuga.online/k.php