PHP Malware Analysis
1.html
md5: d61c03bb6ea17c331938ad861014b120
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
Title
- HACKED BY mrfikou39 (Deobfuscated, HTML, Original)
URLs
- http://catonmat.net/blog/wp-content/plugins/wp-downloadMonitor/user_uploads/leech_axss-hax_that_fuck.mp3 (Deobfuscated, HTML, Original)
- http://flash-mp3-player.net/medias/player_mp3_mini.swf (Deobfuscated, HTML, Original)
- http://img455.imageshack.us/img455/2928/lolwg9ro0.jpg (Deobfuscated, HTML, Original)
Deobfuscated PHP code
<html><head>
<title>HACKED BY mrfikou39</title>
</head>
<body bgcolor="#000000">
<center>
<br>
<font color="#FF0000" face="Courier New" size="6">mrfikou39 WAS HERE</font>
<br>
<br>
<img src="http://img455.imageshack.us/img455/2928/lolwg9ro0.jpg" height="" width="">
<br>
<br>
<font color="#008000" face="Courier New" size="5">im hacker algerien </font>
<br>
<font color="#00FF00" face="Courier New" size="4"> </font>
<br>
<font color="#00FF00" face="Courier New" size="4"></font>
<br>
<font color="#00FF00" face="Courier New" size="4"></font>
<br>
<font color="#FF0000" face="Courier New" size="7"></font>
<br>
<font color="#00FF00" face="Courier New" size="5"></font>
<br>
<font color="#0000FF" face="Courier New" size="4"></font>
<br>
<font color="#00FF00" face="Courier New" size="5"</font>
<br>
<font color="#00FF00" face="Courier New" size="4"></font>
<br>
<br>
<object type="application/x-shockwave-flash" data="http://flash-mp3-player.net/medias/player_mp3_mini.swf" width="200" height="20">
<br>
<param name="movie" value="http://flash-mp3-player.net/medias/player_mp3_mini.swf">
<br>
<param name="bgcolor" value="#000000">
<br>
<param name="FlashVars" value="mp3=http://catonmat.net/blog/wp-content/plugins/wp-downloadMonitor/user_uploads/leech_axss-hax_that_fuck.mp3 &autoplay=1">
<br>
</object>
<br>
</center>
</body></html>Execution traces
Generated HTML code
<html><head>
<title>HACKED BY mrfikou39</title>
</head>
<body bgcolor="#000000">
<center>
<br>
<font color="#FF0000" face="Courier New" size="6">mrfikou39 WAS HERE</font>
<br>
<br>
<img src="http://img455.imageshack.us/img455/2928/lolwg9ro0.jpg" height="" width="">
<br>
<br>
<font color="#008000" face="Courier New" size="5">im hacker algerien </font>
<br>
<font color="#00FF00" face="Courier New" size="4"> </font>
<br>
<font color="#00FF00" face="Courier New" size="4"></font>
<br>
<font color="#00FF00" face="Courier New" size="4"></font>
<br>
<font color="#FF0000" face="Courier New" size="7"></font>
<br>
<font color="#00FF00" face="Courier New" size="5"></font>
<br>
<font color="#0000FF" face="Courier New" size="4"></font>
<br>
<font color="#00FF00" face="Courier New" size="5" <="" font="">
<br>
<font color="#00FF00" face="Courier New" size="4"></font>
<br>
<br>
<object type="application/x-shockwave-flash" data="http://flash-mp3-player.net/medias/player_mp3_mini.swf" width="200" height="20">
<br>
<param name="movie" value="http://flash-mp3-player.net/medias/player_mp3_mini.swf">
<br>
<param name="bgcolor" value="#000000">
<br>
<param name="FlashVars" value="mp3=http://catonmat.net/blog/wp-content/plugins/wp-downloadMonitor/user_uploads/leech_axss-hax_that_fuck.mp3 &autoplay=1">
<br>
</object>
<br>
</font></center><font color="#00FF00" face="Courier New" size="5" <="" font="">
</font></body></html>Original PHP code
<html><head>
<title>HACKED BY mrfikou39</title>
</head>
<body bgcolor="#000000">
<center>
<br>
<font color="#FF0000" face="Courier New" size="6">mrfikou39 WAS HERE</font>
<br>
<br>
<img src="http://img455.imageshack.us/img455/2928/lolwg9ro0.jpg" height="" width="">
<br>
<br>
<font color="#008000" face="Courier New" size="5">im hacker algerien </font>
<br>
<font color="#00FF00" face="Courier New" size="4"> </font>
<br>
<font color="#00FF00" face="Courier New" size="4"></font>
<br>
<font color="#00FF00" face="Courier New" size="4"></font>
<br>
<font color="#FF0000" face="Courier New" size="7"></font>
<br>
<font color="#00FF00" face="Courier New" size="5"></font>
<br>
<font color="#0000FF" face="Courier New" size="4"></font>
<br>
<font color="#00FF00" face="Courier New" size="5"</font>
<br>
<font color="#00FF00" face="Courier New" size="4"></font>
<br>
<br>
<object type="application/x-shockwave-flash" data="http://flash-mp3-player.net/medias/player_mp3_mini.swf" width="200" height="20">
<br>
<param name="movie" value="http://flash-mp3-player.net/medias/player_mp3_mini.swf">
<br>
<param name="bgcolor" value="#000000">
<br>
<param name="FlashVars" value="mp3=http://catonmat.net/blog/wp-content/plugins/wp-downloadMonitor/user_uploads/leech_axss-hax_that_fuck.mp3 &autoplay=1">
<br>
</object>
<br>
</center>
</body></html>