psk.html, psk.phtml

md5: ed25a6c08156156dd90065b09c326032

Jump to:
Deobfuscated code (Read more)
Execution traces (Read more)
Generated HTML (Read more)
Original Code (Read more)
Screenshot
Attributes
Emails
fork-awesome@1.2.0 (Deobfuscated, HTML, Original)

Title
Spenden Sie (Deobfuscated, HTML, Original)

URLs
https://cdn.discordapp.com/attachments/943282172410884116/946935175479169044/ukraine_singing.mp4 (Deobfuscated, HTML, Original)
https://cdn.discordapp.com/attachments/953828728201437265/966119165515694130/20171005_MC-PayPal-Banner_1400x600-_1.jpg (Deobfuscated, HTML, Original)
https://cdn.jsdelivr.net/npm/fork-awesome@1.2.0/css/fork-awesome.min.css (Deobfuscated, HTML, Original)
https://discord.gg/lvl (Deobfuscated, HTML, Original)
https://www.paypal.com/paypalme/spendenkinderukraine (Deobfuscated, HTML, Original)

Deobfuscated PHP code
<!DOCTYPE html>
<html>
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/fork-awesome@1.2.0/css/fork-awesome.min.css" integrity="sha256-XoaMnoYC5TH6/+ihMEnospgm0J1PM/nioxbOUdnM8HY=" crossorigin="anonymous">
<body style="background-color:black;">
<style>
h1 {text-align: center;}
h4 {text-align: center;}
p {text-align: center;}
</style>
<title>Spenden Sie</title>
<meta content="Ukraine Krieg!" property="og:title">
<meta content="Werden sie noch heute activist gegen den krieg
         			● Spenden sie via Crypto
         			● Legal
         			● Seriös" property="og:description">
<meta content="#4275c7" data-react-helmet="true" name="theme-color">
  
    <h1 style="color:red;">Bitte spenden sie und helfen sie. jeder aktivist wird die ukraine mit der spende unterstützen. die spenden werden direkt an den Ukrainischen Präsidenten Wolodymyr Selenskyj weitergeleitet. wir bedanken uns für ihre mithilfe!</h1>
		     
                 
     <h4><a href="https://www.paypal.com/paypalme/spendenkinderukraine"><img title="Paypal" src="https://cdn.discordapp.com/attachments/953828728201437265/966119165515694130/20171005_MC-PayPal-Banner_1400x600-_1.jpg"/></a></h4>
              
              
    <h4 style="color:blue;">BTC: bc1qdvsser7ljcyysrqlzc9d2rwrn9syh6n0tpsqyy</h4>
    <h4 style="color:blue;">ETH: 0x9Fe307Dd97D046aD24Ff55cF9C1cec59D2240D2b</h4>
    <h4 style="color:blue;">LTC: LLR3pWBnYBeJM3eq4P76GWVvza9roLHPtP</h4>
    <p>&nbsp;</p>

<center><a href="https://discord.gg/lvl" style="color:yellow;" class="fa fa-discord">Join Discord</a></center>
    <p>&nbsp;</p>
    <p style="text-align: center; color: white;">This is the real world. Not a dream. <br>So wake up! Stand up! And start acting! <br></p>
<center>

<center>
  <video controls="">
    <source src="https://cdn.discordapp.com/attachments/943282172410884116/946935175479169044/ukraine_singing.mp4" type="video/mp4">
  </video>
</center>

  

<p style="color:white;">Best Regards</p>
<p style="color:white;">CodingGuy(Lukas Krause) & PSK(Jenni Buse)</p>


</html>

Execution traces
data/traces/ed25a6c08156156dd90065b09c326032_trace-1676246896.4191.xt
Version: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 22:08:42.316986]
1	0	1	0.000174	393512
1	3	0	0.000227	395592	{main}	1		/var/www/html/uploads/psk.phtml	0	0
1	3	1	0.000245	395592
			0.000274	314224
TRACE END   [2023-02-12 22:08:42.317122]

Generated HTML code
<html><head><link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/fork-awesome@1.2.0/css/fork-awesome.min.css" integrity="sha256-XoaMnoYC5TH6/+ihMEnospgm0J1PM/nioxbOUdnM8HY=" crossorigin="anonymous">
</head><body style="background-color:black;">
<style>
h1 {text-align: center;}
h4 {text-align: center;}
p {text-align: center;}
</style>
<title>Spenden Sie</title>
<meta content="Ukraine Krieg!" property="og:title">
<meta content="Werden sie noch heute activist gegen den krieg
         			● Spenden sie via Crypto
         			● Legal
         			● Seriös" property="og:description">
<meta content="#4275c7" data-react-helmet="true" name="theme-color">
  
    <h1 style="color:red;">Bitte spenden sie und helfen sie. jeder aktivist wird die ukraine mit der spende unterstützen. die spenden werden direkt an den Ukrainischen Präsidenten Wolodymyr Selenskyj weitergeleitet. wir bedanken uns für ihre mithilfe!</h1>
		     
                 
     <h4><a href="https://www.paypal.com/paypalme/spendenkinderukraine"><img title="Paypal" src="https://cdn.discordapp.com/attachments/953828728201437265/966119165515694130/20171005_MC-PayPal-Banner_1400x600-_1.jpg"></a></h4>
              
              
    <h4 style="color:blue;">BTC: bc1qdvsser7ljcyysrqlzc9d2rwrn9syh6n0tpsqyy</h4>
    <h4 style="color:blue;">ETH: 0x9Fe307Dd97D046aD24Ff55cF9C1cec59D2240D2b</h4>
    <h4 style="color:blue;">LTC: LLR3pWBnYBeJM3eq4P76GWVvza9roLHPtP</h4>
    <p>&nbsp;</p>

<center><a href="https://discord.gg/lvl" style="color:yellow;" class="fa fa-discord">Join Discord</a></center>
    <p>&nbsp;</p>
    <p style="text-align: center; color: white;">This is the real world. Not a dream. <br>So wake up! Stand up! And start acting! <br></p>
<center>

<center>
  <video controls="">
    <source src="https://cdn.discordapp.com/attachments/943282172410884116/946935175479169044/ukraine_singing.mp4" type="video/mp4">
  </video>
</center>

  

<p style="color:white;">Best Regards</p>
<p style="color:white;">CodingGuy(Lukas Krause) &amp; PSK(Jenni Buse)</p>




</center></body></html>
Original PHP code
<!DOCTYPE html>
<html>
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/fork-awesome@1.2.0/css/fork-awesome.min.css" integrity="sha256-XoaMnoYC5TH6/+ihMEnospgm0J1PM/nioxbOUdnM8HY=" crossorigin="anonymous">
<body style="background-color:black;">
<style>
h1 {text-align: center;}
h4 {text-align: center;}
p {text-align: center;}
</style>
<title>Spenden Sie</title>
<meta content="Ukraine Krieg!" property="og:title">
<meta content="Werden sie noch heute activist gegen den krieg
         			● Spenden sie via Crypto
         			● Legal
         			● Seriös" property="og:description">
<meta content="#4275c7" data-react-helmet="true" name="theme-color">
  
    <h1 style="color:red;">Bitte spenden sie und helfen sie. jeder aktivist wird die ukraine mit der spende unterstützen. die spenden werden direkt an den Ukrainischen Präsidenten Wolodymyr Selenskyj weitergeleitet. wir bedanken uns für ihre mithilfe!</h1>
		     
                 
     <h4><a href="https://www.paypal.com/paypalme/spendenkinderukraine"><img title="Paypal" src="https://cdn.discordapp.com/attachments/953828728201437265/966119165515694130/20171005_MC-PayPal-Banner_1400x600-_1.jpg"/></a></h4>
              
              
    <h4 style="color:blue;">BTC: bc1qdvsser7ljcyysrqlzc9d2rwrn9syh6n0tpsqyy</h4>
    <h4 style="color:blue;">ETH: 0x9Fe307Dd97D046aD24Ff55cF9C1cec59D2240D2b</h4>
    <h4 style="color:blue;">LTC: LLR3pWBnYBeJM3eq4P76GWVvza9roLHPtP</h4>
    <p>&nbsp;</p>

<center><a href="https://discord.gg/lvl" style="color:yellow;" class="fa fa-discord">Join Discord</a></center>
    <p>&nbsp;</p>
    <p style="text-align: center; color: white;">This is the real world. Not a dream. <br>So wake up! Stand up! And start acting! <br></p>
<center>

<center>
  <video controls="">
    <source src="https://cdn.discordapp.com/attachments/943282172410884116/946935175479169044/ukraine_singing.mp4" type="video/mp4">
  </video>
</center>

  

<p style="color:white;">Best Regards</p>
<p style="color:white;">CodingGuy(Lukas Krause) & PSK(Jenni Buse)</p>


</html>
PHP Malware Analysis

psk.html, psk.phtml

md5: ed25a6c08156156dd90065b09c326032

Screenshot

Attributes

Deobfuscated PHP code

Execution traces

Generated HTML code

Original PHP code
