PHP Malware Analysis
readme.aspx, readme.php, readme.phtml, readme.shtml
md5: ea58d5afad5be91e8967ad4bee38c330
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
Title
- #Pwned By Localhost (Deobfuscated, HTML, Original)
URLs
- https://fonts.googleapis.com/css2?family=Graduate& (HTML)
- https://fonts.googleapis.com/css2?family=Graduate&display=swap (Deobfuscated, Original)
- https://fonts.googleapis.com/css2?family=Sedgwick+Ave+Display& (HTML)
- https://fonts.googleapis.com/css2?family=Sedgwick+Ave+Display&display=swap (Deobfuscated, Original)
- https://fonts.googleapis.com/css2?family=Unica+One& (HTML)
- https://fonts.googleapis.com/css2?family=Unica+One&display=swap (Deobfuscated, Original)
Deobfuscated PHP code
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1254" />
<meta name="Description" content="Jaring">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link href="https://fonts.googleapis.com/css2?family=Sedgwick+Ave+Display&display=swap" rel="stylesheet">
<link href="https://fonts.googleapis.com/css2?family=Unica+One&display=swap" rel="stylesheet">
<link href="https://fonts.googleapis.com/css2?family=Graduate&display=swap" rel="stylesheet">
<title>#Pwned By Localhost</title>
<meta property="og:description" content="Hacked By Jaring">
<style>
.content{
display: flex;
flex-direction: column;
justify-content: center;
align-items: center;
}
.content img{
margin-top: 60px;
}
.content .text{
font-family: 'Sedgwick Ave Display', cursive;
color: white;
font-weight: 400;
font-size: 25px;
text-align: center;
}
.content .text-2{
font-family: 'Unica One', cursive;
color: white;
font-style: normal;
font-weight: normal;
font-size: 20px;
line-height: 24px;
text-align: center;
}
.content .text-3{
font-family: 'Graduate', cursive;
color: white;
font-style: normal;
font-weight: normal;
font-size: 15px;
line-height: 18px;
text-align: center;
}
.content .text-4{
font-family: 'Unica One', cursive;
color: white;
font-style: normal;
font-weight: normal;
font-size: 20px;
line-height: 1px;
text-align: center;
}
.red{
color: #FF1B1B;
}
.black{
color: #000000;
}
</style>
</head>
<body style="background-color: white;">
<div class="content">
<img src="Localhost.png" width="250px" height="250px" alt="Localhost" >
<h1 class="text"><span class="black">Hacked by <span class="red">Jaring </span><span class="black"></h1>
<h1 class="text-2"><span class="black">| dev-1337 | Solohere | BlackyGuy | Fatallerror89 | Zamil | Komando16 | McQueen | BlackShieldCrew | Ichiro | Tomatoman | Alienworm | Varians 19 Crew | All Muslim Hacking Team | All Discord Members #localhost <font></center></h1>
<br><p class="text-3"><span class="red">"no system is safe"</span></p>
</div>
</body>
</html>Execution traces
data/traces/ea58d5afad5be91e8967ad4bee38c330_trace-1676249519.2912.xtVersion: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 22:52:25.188982]
1 0 1 0.000155 393528
1 3 0 0.000222 405344 {main} 1 /var/www/html/uploads/readme.php 0 0
1 3 1 0.000326 413648
0.000352 314240
TRACE END [2023-02-12 22:52:25.189211]
Version: 3.1.0beta2
File format: 4
TRACE START [2023-02-13 01:12:07.552056]
1 0 1 0.000168 393528
1 3 0 0.000223 405344 {main} 1 /var/www/html/uploads/readme.phtml 0 0
1 3 1 0.000356 413648
0.000381 314240
TRACE END [2023-02-13 01:12:07.552296]
Generated HTML code
<html lang="en"><head>
<meta charset="UTF-8">
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1254">
<meta name="Description" content="Jaring">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link href="https://fonts.googleapis.com/css2?family=Sedgwick+Ave+Display&display=swap" rel="stylesheet">
<link href="https://fonts.googleapis.com/css2?family=Unica+One&display=swap" rel="stylesheet">
<link href="https://fonts.googleapis.com/css2?family=Graduate&display=swap" rel="stylesheet">
<title>#Pwned By Localhost</title>
<meta property="og:description" content="Hacked By Jaring">
<style>
.content{
display: flex;
flex-direction: column;
justify-content: center;
align-items: center;
}
.content img{
margin-top: 60px;
}
.content .text{
font-family: 'Sedgwick Ave Display', cursive;
color: white;
font-weight: 400;
font-size: 25px;
text-align: center;
}
.content .text-2{
font-family: 'Unica One', cursive;
color: white;
font-style: normal;
font-weight: normal;
font-size: 20px;
line-height: 24px;
text-align: center;
}
.content .text-3{
font-family: 'Graduate', cursive;
color: white;
font-style: normal;
font-weight: normal;
font-size: 15px;
line-height: 18px;
text-align: center;
}
.content .text-4{
font-family: 'Unica One', cursive;
color: white;
font-style: normal;
font-weight: normal;
font-size: 20px;
line-height: 1px;
text-align: center;
}
.red{
color: #FF1B1B;
}
.black{
color: #000000;
}
</style>
</head>
<body style="background-color: white;">
<div class="content">
<img src="Localhost.png" width="250px" height="250px" alt="Localhost">
<h1 class="text"><span class="black">Hacked by <span class="red">Jaring </span><span class="black"></span></span></h1>
<h1 class="text-2"><span class="black">| dev-1337 | Solohere | BlackyGuy | Fatallerror89 | Zamil | Komando16 | McQueen | BlackShieldCrew | Ichiro | Tomatoman | Alienworm | Varians 19 Crew | All Muslim Hacking Team | All Discord Members #localhost <font></font></span></h1><font>
<br><p class="text-3"><span class="red">"no system is safe"</span></p>
</font></div><font>
</font></body></html>Original PHP code
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1254" />
<meta name="Description" content="Jaring">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link href="https://fonts.googleapis.com/css2?family=Sedgwick+Ave+Display&display=swap" rel="stylesheet">
<link href="https://fonts.googleapis.com/css2?family=Unica+One&display=swap" rel="stylesheet">
<link href="https://fonts.googleapis.com/css2?family=Graduate&display=swap" rel="stylesheet">
<title>#Pwned By Localhost</title>
<meta property="og:description" content="Hacked By Jaring">
<style>
.content{
display: flex;
flex-direction: column;
justify-content: center;
align-items: center;
}
.content img{
margin-top: 60px;
}
.content .text{
font-family: 'Sedgwick Ave Display', cursive;
color: white;
font-weight: 400;
font-size: 25px;
text-align: center;
}
.content .text-2{
font-family: 'Unica One', cursive;
color: white;
font-style: normal;
font-weight: normal;
font-size: 20px;
line-height: 24px;
text-align: center;
}
.content .text-3{
font-family: 'Graduate', cursive;
color: white;
font-style: normal;
font-weight: normal;
font-size: 15px;
line-height: 18px;
text-align: center;
}
.content .text-4{
font-family: 'Unica One', cursive;
color: white;
font-style: normal;
font-weight: normal;
font-size: 20px;
line-height: 1px;
text-align: center;
}
.red{
color: #FF1B1B;
}
.black{
color: #000000;
}
</style>
</head>
<body style="background-color: white;">
<div class="content">
<img src="Localhost.png" width="250px" height="250px" alt="Localhost" >
<h1 class="text"><span class="black">Hacked by <span class="red">Jaring </span><span class="black"></h1>
<h1 class="text-2"><span class="black">| dev-1337 | Solohere | BlackyGuy | Fatallerror89 | Zamil | Komando16 | McQueen | BlackShieldCrew | Ichiro | Tomatoman | Alienworm | Varians 19 Crew | All Muslim Hacking Team | All Discord Members #localhost <font></center></h1>
<br><p class="text-3"><span class="red">"no system is safe"</span></p>
</div>
</body>
</html>