PHP Malware Analysis
index.php
md5: fc7250804bcd1b8adcf9da464b1d3b4a
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
Title
- Hacked By White Weasel (Deobfuscated, HTML, Original)
URLs
- http://icons.iconarchive.com/icons/icons8/halloween/128/werewolf-icon.png (Deobfuscated, HTML, Original)
- http://www.w3.org/1999/xhtml (Deobfuscated, HTML, Original)
- http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd (Deobfuscated, Original)
- https://www.youtube.com/embed/IOoyQFsjkW4?rel=0& (Deobfuscated, HTML, Original)
Deobfuscated PHP code
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link rel="SHORTCUT ICON" href="http://icons.iconarchive.com/icons/icons8/halloween/128/werewolf-icon.png">
<title>Hacked By White Weasel</title>
<style type="text/css">
<!--
body {
background-color: black;
text-align: center;
color: lime;
font-size: large;
}
.a { font-size: 24px;
}
.f { color: red;
}
.gbf { color: red;
}
.dd {
color: white;
}
.w {
font-size: small;
}
a:link {
text-decoration: none;
}
a:visited {
text-decoration: none;
}
a:hover {
text-decoration: none;
}
a:active {
text-decoration: none;
}
-->
</style></head>
<body>
<h2>[!] Hacked By White Weasel [!]</h2>
<p class="a">-----------------------------------------------------------------</p>
<pre class="w">Greetz: BlueTornado & MrByte </pre>
<p class="a">-----------------------------------------------------------------</p>
<h5>contact:illeg4lizm.org</h5>
<iframe width="0" height="0" src="https://www.youtube.com/embed/IOoyQFsjkW4?rel=0&autoplay=1" frameborder="0" allowfullscreen></iframe></body></html>
<p class="a"> </p>
</body>
<!-- --> <script type='text/javascript' src='//go.pub2srv.com/apu.php?zoneid=16780'> </script> <script type="text/javascript" src="//1phads.com/notice.php?p=16781&interactive=1&pushup=1"> </script> Execution traces
data/traces/fc7250804bcd1b8adcf9da464b1d3b4a_trace-1676238765.8619.xtVersion: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 19:53:11.759711]
1 0 1 0.000235 393512
1 3 0 0.000298 394568 {main} 1 /var/www/html/uploads/index.php 0 0
1 3 1 0.000320 394568
0.000364 314224
TRACE END [2023-02-12 19:53:11.759915]
Generated HTML code
<html xmlns="http://www.w3.org/1999/xhtml"><head>
<link rel="SHORTCUT ICON" href="http://icons.iconarchive.com/icons/icons8/halloween/128/werewolf-icon.png">
<title>Hacked By White Weasel</title>
<style type="text/css">
<!--
body {
background-color: black;
text-align: center;
color: lime;
font-size: large;
}
.a { font-size: 24px;
}
.f { color: red;
}
.gbf { color: red;
}
.dd {
color: white;
}
.w {
font-size: small;
}
a:link {
text-decoration: none;
}
a:visited {
text-decoration: none;
}
a:hover {
text-decoration: none;
}
a:active {
text-decoration: none;
}
-->
</style></head>
<body>
<h2>[!] Hacked By White Weasel [!]</h2>
<p class="a">-----------------------------------------------------------------</p>
<pre class="w">Greetz: BlueTornado & MrByte </pre>
<p class="a">-----------------------------------------------------------------</p>
<h5>contact:illeg4lizm.org</h5>
<iframe width="0" height="0" src="https://www.youtube.com/embed/IOoyQFsjkW4?rel=0&autoplay=1" frameborder="0" allowfullscreen=""></iframe>
<p class="a"> </p>
<script type="text/javascript" src="//go.pub2srv.com/apu.php?zoneid=16780"> </script> <script type="text/javascript" src="//1phads.com/notice.php?p=16781&interactive=1&pushup=1"> </script> </body><!-- --></html>Original PHP code
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link rel="SHORTCUT ICON" href="http://icons.iconarchive.com/icons/icons8/halloween/128/werewolf-icon.png">
<title>Hacked By White Weasel</title>
<style type="text/css">
<!--
body {
background-color: black;
text-align: center;
color: lime;
font-size: large;
}
.a { font-size: 24px;
}
.f { color: red;
}
.gbf { color: red;
}
.dd {
color: white;
}
.w {
font-size: small;
}
a:link {
text-decoration: none;
}
a:visited {
text-decoration: none;
}
a:hover {
text-decoration: none;
}
a:active {
text-decoration: none;
}
-->
</style></head>
<body>
<h2>[!] Hacked By White Weasel [!]</h2>
<p class="a">-----------------------------------------------------------------</p>
<pre class="w">Greetz: BlueTornado & MrByte </pre>
<p class="a">-----------------------------------------------------------------</p>
<h5>contact:illeg4lizm.org</h5>
<iframe width="0" height="0" src="https://www.youtube.com/embed/IOoyQFsjkW4?rel=0&autoplay=1" frameborder="0" allowfullscreen></iframe></body></html>
<p class="a"> </p>
</body>
<!-- --> <script type='text/javascript' src='//go.pub2srv.com/apu.php?zoneid=16780'> </script> <script type="text/javascript" src="//1phads.com/notice.php?p=16781&interactive=1&pushup=1"> </script>