PHP Malware Analysis

index.php

md5: 207939fb1a6ea97a9648b5da3b8d4a2e

Jump to:

Screenshot


Attributes

Emails

Title

URLs
  • https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcRnVpfkIGjKED5YsA03naq9I2PUzgYyGRBIIg& (HTML)
  • https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcRnVpfkIGjKED5YsA03naq9I2PUzgYyGRBIIg&usqp=CAU (Deobfuscated, Original)
  • https://fonts.googleapis.com/css?family=Roboto:400,900 (Deobfuscated, HTML, Original)
  • https://g.top4top.io/m_1859oufba0.mp3 (Deobfuscated, HTML, Original)
  • https://luvbay-afrobeatmusiradio.com/wp-content/plugins/under-construction-page/themes/css/bootstrap.min.css?v=3.83 (Deobfuscated, HTML, Original)
  • https://luvbay-afrobeatmusiradio.com/wp-content/plugins/under-construction-page/themes/css/common.css?v=3.83 (Deobfuscated, HTML, Original)
  • https://luvbay-afrobeatmusiradio.com/wp-content/plugins/under-construction-page/themes/css/font-awesome.min.css?v=3.83 (Deobfuscated, HTML, Original)
  • https://luvbay-afrobeatmusiradio.com/wp-content/plugins/under-construction-page/themes/mad_designer/mad-designer.png (Deobfuscated, HTML, Original)
  • https://luvbay-afrobeatmusiradio.com/wp-content/plugins/under-construction-page/themes/mad_designer/style.css?v=3.83 (Deobfuscated, HTML, Original)


Deobfuscated PHP code


<!DOCTYPE html>

<html lang="en">

  <head>

    <meta charset="utf-8">

    <meta http-equiv="X-UA-Compatible" content="IE=edge">

    <meta name="viewport" content="width=device-width, initial-scale=1">

 <title>Tested By Zeo_Kunz</title> 

<link rel="icon" sizes="128x128" href="https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcRnVpfkIGjKED5YsA03naq9I2PUzgYyGRBIIg&usqp=CAU">

     <meta name="description" content="Hi?">

     <meta name="keyword" content="how are you?">

    <meta name="description" content="HowAreYou?" />

    <meta name="generator" content="!!">

    <link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:400,900">

    <link rel="stylesheet" href="https://luvbay-afrobeatmusiradio.com/wp-content/plugins/under-construction-page/themes/css/bootstrap.min.css?v=3.83" type="text/css">
<link rel="stylesheet" href="https://luvbay-afrobeatmusiradio.com/wp-content/plugins/under-construction-page/themes/css/common.css?v=3.83" type="text/css">
<link rel="stylesheet" href="https://luvbay-afrobeatmusiradio.com/wp-content/plugins/under-construction-page/themes/mad_designer/style.css?v=3.83" type="text/css">
<link rel="stylesheet" href="https://luvbay-afrobeatmusiradio.com/wp-content/plugins/under-construction-page/themes/css/font-awesome.min.css?v=3.83" type="text/css">

  </head>



  <body>

    <div id="hero-image">

      <img src="https://luvbay-afrobeatmusiradio.com/wp-content/plugins/under-construction-page/themes/mad_designer/mad-designer.png" alt="Mad Designer at work" title="Mad Designer at work">

    </div>

    <div class="container">



      <div class="row">

        <div class="col-xs-12 col-md-12 col-lg-12">

          <center><h>Я отправил электронное письмо о том, что обнаружил ошибку на вашем веб-сайте
          Но от тебя нет ответа</h1>

        </div>

      </div>
<center>
<audio src="https://g.top4top.io/m_1859oufba0.mp3"autoplay controls></audio><br><b>



      <div class="row">

        <div class="col-xs-12 col-md-8 col-md-offset-2 col-lg-offset-2 col-lg-8">

          <p class="content">IndonesianSecurity</p>

        </div>

      </div>


      <div class="row" id="social">

        <div class="col-xs-12 col-md-12 col-lg-12">

          

        </div>

      </div>



    </div>

    <div id="login-button" class="loggedout"><a title="contactme" href="mailto:[email protected]"><i <i class="fab fa-whatsapp"></i> contact me </i></a></div>

  </body>

</html>

Execution traces

data/traces/207939fb1a6ea97a9648b5da3b8d4a2e_trace-1676253674.4835.xt
Version: 3.1.0beta2
File format: 4
TRACE START [2023-02-13 00:01:40.381331]
1	0	1	0.000144	393512
1	3	0	0.000188	396104	{main}	1		/var/www/html/uploads/index.php	0	0
1	3	1	0.000205	396104
			0.000230	314224
TRACE END   [2023-02-13 00:01:40.381445]


Generated HTML code

<html lang="en"><head>

    <meta charset="utf-8">

    <meta http-equiv="X-UA-Compatible" content="IE=edge">

    <meta name="viewport" content="width=device-width, initial-scale=1">

 <title>Tested By Zeo_Kunz</title> 

<link rel="icon" sizes="128x128" href="https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcRnVpfkIGjKED5YsA03naq9I2PUzgYyGRBIIg&amp;usqp=CAU">

     <meta name="description" content="Hi?">

     <meta name="keyword" content="how are you?">

    <meta name="description" content="HowAreYou?">

    <meta name="generator" content="!!">

    <link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:400,900">

    <link rel="stylesheet" href="https://luvbay-afrobeatmusiradio.com/wp-content/plugins/under-construction-page/themes/css/bootstrap.min.css?v=3.83" type="text/css">
<link rel="stylesheet" href="https://luvbay-afrobeatmusiradio.com/wp-content/plugins/under-construction-page/themes/css/common.css?v=3.83" type="text/css">
<link rel="stylesheet" href="https://luvbay-afrobeatmusiradio.com/wp-content/plugins/under-construction-page/themes/mad_designer/style.css?v=3.83" type="text/css">
<link rel="stylesheet" href="https://luvbay-afrobeatmusiradio.com/wp-content/plugins/under-construction-page/themes/css/font-awesome.min.css?v=3.83" type="text/css">

  </head>



  <body>

    <div id="hero-image">

      <img src="https://luvbay-afrobeatmusiradio.com/wp-content/plugins/under-construction-page/themes/mad_designer/mad-designer.png" alt="Mad Designer at work" title="Mad Designer at work">

    </div>

    <div class="container">



      <div class="row">

        <div class="col-xs-12 col-md-12 col-lg-12">

          <center><h>Я отправил электронное письмо о том, что обнаружил ошибку на вашем веб-сайте
          Но от тебя нет ответа

        </h></center></div>

      </div>
<center>
<audio src="https://g.top4top.io/m_1859oufba0.mp3" autoplay="" controls=""></audio><br><b>



      <div class="row">

        <div class="col-xs-12 col-md-8 col-md-offset-2 col-lg-offset-2 col-lg-8">

          <p class="content">IndonesianSecurity</p>

        </div>

      </div>


      <div class="row" id="social">

        <div class="col-xs-12 col-md-12 col-lg-12">

          

        </div>

      </div>



    </b></center></div><b>

    <div id="login-button" class="loggedout"><a title="contactme" href="mailto:[email protected]"><i <i="" class="fab fa-whatsapp"></i> contact me </a></div>

  


</b></body></html>

Original PHP code


<!DOCTYPE html>

<html lang="en">

  <head>

    <meta charset="utf-8">

    <meta http-equiv="X-UA-Compatible" content="IE=edge">

    <meta name="viewport" content="width=device-width, initial-scale=1">

 <title>Tested By Zeo_Kunz</title> 

<link rel="icon" sizes="128x128" href="https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcRnVpfkIGjKED5YsA03naq9I2PUzgYyGRBIIg&usqp=CAU">

     <meta name="description" content="Hi?">

     <meta name="keyword" content="how are you?">

    <meta name="description" content="HowAreYou?" />

    <meta name="generator" content="!!">

    <link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:400,900">

    <link rel="stylesheet" href="https://luvbay-afrobeatmusiradio.com/wp-content/plugins/under-construction-page/themes/css/bootstrap.min.css?v=3.83" type="text/css">
<link rel="stylesheet" href="https://luvbay-afrobeatmusiradio.com/wp-content/plugins/under-construction-page/themes/css/common.css?v=3.83" type="text/css">
<link rel="stylesheet" href="https://luvbay-afrobeatmusiradio.com/wp-content/plugins/under-construction-page/themes/mad_designer/style.css?v=3.83" type="text/css">
<link rel="stylesheet" href="https://luvbay-afrobeatmusiradio.com/wp-content/plugins/under-construction-page/themes/css/font-awesome.min.css?v=3.83" type="text/css">

  </head>



  <body>

    <div id="hero-image">

      <img src="https://luvbay-afrobeatmusiradio.com/wp-content/plugins/under-construction-page/themes/mad_designer/mad-designer.png" alt="Mad Designer at work" title="Mad Designer at work">

    </div>

    <div class="container">



      <div class="row">

        <div class="col-xs-12 col-md-12 col-lg-12">

          <center><h>Я отправил электронное письмо о том, что обнаружил ошибку на вашем веб-сайте
          Но от тебя нет ответа</h1>

        </div>

      </div>
<center>
<audio src="https://g.top4top.io/m_1859oufba0.mp3"autoplay controls></audio><br><b>



      <div class="row">

        <div class="col-xs-12 col-md-8 col-md-offset-2 col-lg-offset-2 col-lg-8">

          <p class="content">IndonesianSecurity</p>

        </div>

      </div>


      <div class="row" id="social">

        <div class="col-xs-12 col-md-12 col-lg-12">

          

        </div>

      </div>



    </div>

    <div id="login-button" class="loggedout"><a title="contactme" href="mailto:[email protected]"><i <i class="fab fa-whatsapp"></i> contact me </i></a></div>

  </body>

</html>