PHP Malware Analysis

Solly.htm

md5: ecaf8d58d327b486ed4cc9a73af469f7

Jump to:

Screenshot


Attributes

URLs


Deobfuscated PHP code

 <!doctype html> <html lang="en-US" oncontextmenu="return false;" onkeydown="return false;" onmousedown="return false;"> <head> 	<meta charset="UTF-8"> 	<meta name="robots" content="index, follow"/> 	<meta name="rating" content="General"/> 	<meta name="classification" content="Hacked"/> 	<meta name="keyword" content=" Bangladesh Cyber"/> 	<meta name="description" content="forhad haxor on your Security"/> 	<meta name="googlebot" content="index,follow"/> 	<meta name="robots" content="all"/> 	<name="robots schedule" content="auto"/> 	<meta name="distribution" content="global"/> 	<base target="_blank"/> 	<meta name="Author" content="Forhad Haxor"> 	<title>Hacked By Forhad Haxor</title> 	<meta http-equiv="imagetoolbar" content="no"> 	<link href="https://fonts.googleapis.com/css?family=Iceland" rel="stylesheet"> <body bgcolor='black' >
 
 
 
 
<title>Hacked By Mr.Solly [EG]</title><link href='https://upload.wikimedia.org/wikipedia/en/thumb/7/71/Detroit_Lions_logo.svg/1280px-Detroit_Lions_logo.svg.png' rel='shortcut icon'/>
<meta content='Hacked By Mr.Solly [EG]' name='description'/>
<meta content='Hacked By Mr.Solly [EG]' name='keywords'/>
<meta content='Hacked By Mr.Solly [EG]' name='Abstract'/>

<style type="text/css">body, a, a:hover {cursor: 
url(http://cur.cursors-4u.net/cursors/cur-2/cur101.cur), 
progress;}
</style>
</style>
  <style> 	body{ 
background:black; no-repeat center center fixed; 		-webkit-background-size: cover; 		-moz-background-size: cover; 		-o-background-size: cover; 		background-size: cover; 	} 	.title { 		font-family: Iceland; 		color: white; 		font-size: 98px; 		text-shadow: 0px 0px 10px blue; 		 	} 	.team { 		font-family: Iceland; 		color: red; 		font-size: 45px; 		text-shadow: 0px 0px 15px red; 		margin: 0px 0px 9px 0px; 		 	} 	.team1 { 		font-family: Iceland; 		color: #00ff00; 		font-size: 40px; 		text-shadow: 0px 0px 15px black; 		margin: 0px 0px 9px 0px; 		 	} 	 		.toxic { 		font-family: Iceland; 		color: white; 		font-size: 45px; 		text-shadow: 0px 0px 15px blue; 		margin: 0px 0px 9px 0px; 		 	} 	footer { 		position: fixed; 		bottom: 10px; 		text-align: center; 		 			text-shadow: 0px 0px 25px red; 	} .top { 		font-family: Iceland; 		color: white; 		font-size: 25px; 		text-shadow: 0px 0px 15px #33E6FF; 		margin: 0px 0px 9px 0px; 		 	} 		 		} body{ 	cursor: url("http://hellox.persiangig.com/DefacePage/negro.cur"), auto; </style>
 <center>
 <img src="https://i.gifer.com/EKm3.gif" border="" width="300" height="300" > </center>
<center><span class="title"> Hacked By Mr.Solly [EG]</span><br> <img src='https://upload.wikimedia.org/wikipedia/commons/6/6d/Flag_of_Egypt%28Moving%29.gif' width="40" height="30"/><span class="team"> Mr.Solly [EG] </span><img src='https://upload.wikimedia.org/wikipedia/commons/6/6d/Flag_of_Egypt%28Moving%29.gif' width="40" height="30"/></center> <br><center><span class="toxic">Dear Admin,<br>Your Website Security Is Very Low.<br> Please Call Me To Help You FoR Update Your Website Security.</span></center> <br>




 <center><span class="team1"><a href="https://www.facebook.com/MrSollyy/" target="_blank"/><span class="team1" > [+]Facebook[+] :</span></center></a><center> </center>

<script language="JavaScript1.2"> 
/*
SCRIPT EDITE SUR L'EDITEUR JAVASCRIPT
http://www.editeurjavascript.com
*/
 
function ejs_nodroit()
{
alert('You Want to Copy My Code :( :( i crie');
return(false);
}
 
document.oncontextmenu = ejs_nodroit;
</script> 

     <br>
      <br>
       <br>
        <br>
         <br>
     <br>
      
   


</body> </html>

Execution traces


Generated HTML code

<html lang="en-US" oncontextmenu="return false;" onkeydown="return false;" onmousedown="return false;"><head> 	<meta charset="UTF-8"> 	<meta name="robots" content="index, follow"> 	<meta name="rating" content="General"> 	<meta name="classification" content="Hacked"> 	<meta name="keyword" content=" Bangladesh Cyber"> 	<meta name="description" content="forhad haxor on your Security"> 	<meta name="googlebot" content="index,follow"> 	<meta name="robots" content="all"> 	</head><body bgcolor="black"><name="robots schedule"="" content="auto"> 	<meta name="distribution" content="global"> 	<base target="_blank"> 	<meta name="Author" content="Forhad Haxor"> 	<title>Hacked By Forhad Haxor</title> 	<meta http-equiv="imagetoolbar" content="no"> 	<link href="https://fonts.googleapis.com/css?family=Iceland" rel="stylesheet"> 
 
 
 
 
<title>Hacked By Mr.Solly [EG]</title><link href="https://upload.wikimedia.org/wikipedia/en/thumb/7/71/Detroit_Lions_logo.svg/1280px-Detroit_Lions_logo.svg.png" rel="shortcut icon">
<meta content="Hacked By Mr.Solly [EG]" name="description">
<meta content="Hacked By Mr.Solly [EG]" name="keywords">
<meta content="Hacked By Mr.Solly [EG]" name="Abstract">

<style type="text/css">body, a, a:hover {cursor: 
url(http://cur.cursors-4u.net/cursors/cur-2/cur101.cur), 
progress;}
</style>

  <style> 	body{ 
background:black; no-repeat center center fixed; 		-webkit-background-size: cover; 		-moz-background-size: cover; 		-o-background-size: cover; 		background-size: cover; 	} 	.title { 		font-family: Iceland; 		color: white; 		font-size: 98px; 		text-shadow: 0px 0px 10px blue; 		 	} 	.team { 		font-family: Iceland; 		color: red; 		font-size: 45px; 		text-shadow: 0px 0px 15px red; 		margin: 0px 0px 9px 0px; 		 	} 	.team1 { 		font-family: Iceland; 		color: #00ff00; 		font-size: 40px; 		text-shadow: 0px 0px 15px black; 		margin: 0px 0px 9px 0px; 		 	} 	 		.toxic { 		font-family: Iceland; 		color: white; 		font-size: 45px; 		text-shadow: 0px 0px 15px blue; 		margin: 0px 0px 9px 0px; 		 	} 	footer { 		position: fixed; 		bottom: 10px; 		text-align: center; 		 			text-shadow: 0px 0px 25px red; 	} .top { 		font-family: Iceland; 		color: white; 		font-size: 25px; 		text-shadow: 0px 0px 15px #33E6FF; 		margin: 0px 0px 9px 0px; 		 	} 		 		} body{ 	cursor: url("http://hellox.persiangig.com/DefacePage/negro.cur"), auto; </style>
 <center>
 <img src="https://i.gifer.com/EKm3.gif" border="" width="300" height="300"> </center>
<center><span class="title"> Hacked By Mr.Solly [EG]</span><br> <img src="https://upload.wikimedia.org/wikipedia/commons/6/6d/Flag_of_Egypt%28Moving%29.gif" width="40" height="30"><span class="team"> Mr.Solly [EG] </span><img src="https://upload.wikimedia.org/wikipedia/commons/6/6d/Flag_of_Egypt%28Moving%29.gif" width="40" height="30"></center> <br><center><span class="toxic">Dear Admin,<br>Your Website Security Is Very Low.<br> Please Call Me To Help You FoR Update Your Website Security.</span></center> <br>




 <center><span class="team1"><a href="https://www.facebook.com/MrSollyy/" target="_blank"><span class="team1"> [+]Facebook[+] :</span></a></span></center><center> </center>

<script language="JavaScript1.2"> 
/*
SCRIPT EDITE SUR L'EDITEUR JAVASCRIPT
http://www.editeurjavascript.com
*/
 
function ejs_nodroit()
{
alert('You Want to Copy My Code :( :( i crie');
return(false);
}
 
document.oncontextmenu = ejs_nodroit;
</script> 

     <br>
      <br>
       <br>
        <br>
         <br>
     <br>
      
   


 </name="robots></body></html>

Original PHP code

 <!doctype html> <html lang="en-US" oncontextmenu="return false;" onkeydown="return false;" onmousedown="return false;"> <head> 	<meta charset="UTF-8"> 	<meta name="robots" content="index, follow"/> 	<meta name="rating" content="General"/> 	<meta name="classification" content="Hacked"/> 	<meta name="keyword" content=" Bangladesh Cyber"/> 	<meta name="description" content="forhad haxor on your Security"/> 	<meta name="googlebot" content="index,follow"/> 	<meta name="robots" content="all"/> 	<name="robots schedule" content="auto"/> 	<meta name="distribution" content="global"/> 	<base target="_blank"/> 	<meta name="Author" content="Forhad Haxor"> 	<title>Hacked By Forhad Haxor</title> 	<meta http-equiv="imagetoolbar" content="no"> 	<link href="https://fonts.googleapis.com/css?family=Iceland" rel="stylesheet"> <body bgcolor='black' >
 
 
 
 
<title>Hacked By Mr.Solly [EG]</title><link href='https://upload.wikimedia.org/wikipedia/en/thumb/7/71/Detroit_Lions_logo.svg/1280px-Detroit_Lions_logo.svg.png' rel='shortcut icon'/>
<meta content='Hacked By Mr.Solly [EG]' name='description'/>
<meta content='Hacked By Mr.Solly [EG]' name='keywords'/>
<meta content='Hacked By Mr.Solly [EG]' name='Abstract'/>

<style type="text/css">body, a, a:hover {cursor: 
url(http://cur.cursors-4u.net/cursors/cur-2/cur101.cur), 
progress;}
</style>
</style>
  <style> 	body{ 
background:black; no-repeat center center fixed; 		-webkit-background-size: cover; 		-moz-background-size: cover; 		-o-background-size: cover; 		background-size: cover; 	} 	.title { 		font-family: Iceland; 		color: white; 		font-size: 98px; 		text-shadow: 0px 0px 10px blue; 		 	} 	.team { 		font-family: Iceland; 		color: red; 		font-size: 45px; 		text-shadow: 0px 0px 15px red; 		margin: 0px 0px 9px 0px; 		 	} 	.team1 { 		font-family: Iceland; 		color: #00ff00; 		font-size: 40px; 		text-shadow: 0px 0px 15px black; 		margin: 0px 0px 9px 0px; 		 	} 	 		.toxic { 		font-family: Iceland; 		color: white; 		font-size: 45px; 		text-shadow: 0px 0px 15px blue; 		margin: 0px 0px 9px 0px; 		 	} 	footer { 		position: fixed; 		bottom: 10px; 		text-align: center; 		 			text-shadow: 0px 0px 25px red; 	} .top { 		font-family: Iceland; 		color: white; 		font-size: 25px; 		text-shadow: 0px 0px 15px #33E6FF; 		margin: 0px 0px 9px 0px; 		 	} 		 		} body{ 	cursor: url("http://hellox.persiangig.com/DefacePage/negro.cur"), auto; </style>
 <center>
 <img src="https://i.gifer.com/EKm3.gif" border="" width="300" height="300" > </center>
<center><span class="title"> Hacked By Mr.Solly [EG]</span><br> <img src='https://upload.wikimedia.org/wikipedia/commons/6/6d/Flag_of_Egypt%28Moving%29.gif' width="40" height="30"/><span class="team"> Mr.Solly [EG] </span><img src='https://upload.wikimedia.org/wikipedia/commons/6/6d/Flag_of_Egypt%28Moving%29.gif' width="40" height="30"/></center> <br><center><span class="toxic">Dear Admin,<br>Your Website Security Is Very Low.<br> Please Call Me To Help You FoR Update Your Website Security.</span></center> <br>




 <center><span class="team1"><a href="https://www.facebook.com/MrSollyy/" target="_blank"/><span class="team1" > [+]Facebook[+] :</span></center></a><center> </center>

<script language="JavaScript1.2"> 
/*
SCRIPT EDITE SUR L'EDITEUR JAVASCRIPT
http://www.editeurjavascript.com
*/
 
function ejs_nodroit()
{
alert('You Want to Copy My Code :( :( i crie');
return(false);
}
 
document.oncontextmenu = ejs_nodroit;
</script> 

     <br>
      <br>
       <br>
        <br>
         <br>
     <br>
      
   


</body> </html>