PHP Malware Analysis
0d.php
md5: 4706e05394945444214914798e43ccf4
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
Execution
- system (Deobfuscated, Original)
Title
- Hacked by L4663r666h05t (Deobfuscated, HTML, Original)
URLs
- https://s.kaskus.id/img/hot_thread/hot_thread_fcibsimzte5n.jpg (Deobfuscated, HTML, Original)
- https://twitter.com/L4663r666h05t (Deobfuscated, HTML, Original)
Deobfuscated PHP code
<title>Hacked by L4663r666h05t</title>
<style>
body{
font-family: Courier;
}
</style>
<font color='white'><body bgcolor='black'><center>
<body>
<br><br>
<img src='https://s.kaskus.id/img/hot_thread/hot_thread_fcibsimzte5n.jpg' width='450'>
<h3>Hacked by L4663r666h05t x Single Attacker<br><br>
<?php
system('uname -a');
?><br><br>
Greetz: Wonka - Dijehaji - PYS404 - Mr.Vendetta_404 - FRK48 - son1x - bky992<br><br>
Twitter: https://twitter.com/L4663r666h05t</h3>Execution traces
data/traces/4706e05394945444214914798e43ccf4_trace-1676259579.1088.xtVersion: 3.1.0beta2
File format: 4
TRACE START [2023-02-13 01:40:05.006617]
1 0 1 0.000179 393464
1 3 0 0.000226 393968 {main} 1 /var/www/html/uploads/0d.php 0 0
2 4 0 0.000244 393968 system 0 /var/www/html/uploads/0d.php 12 1 'uname -a'
2 4 1 0.005316 394160
2 4 R 'Linux osboxes 5.15.0-60-generic #66-Ubuntu SMP Fri Jan 20 14:29:49 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux'
1 3 1 0.005359 393968
0.005398 314200
TRACE END [2023-02-13 01:40:05.011870]
Generated HTML code
<html><head><title>Hacked by L4663r666h05t</title>
<style>
body{
font-family: Courier;
}
</style>
</head><body bgcolor="black"><font color="white"><center>
<br><br>
<img src="https://s.kaskus.id/img/hot_thread/hot_thread_fcibsimzte5n.jpg" width="450">
<h3>Hacked by L4663r666h05t x Single Attacker<br><br>
Linux osboxes 5.15.0-60-generic #66-Ubuntu SMP Fri Jan 20 14:29:49 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
<br><br>
Greetz: Wonka - Dijehaji - PYS404 - Mr.Vendetta_404 - FRK48 - son1x - bky992<br><br>
Twitter: https://twitter.com/L4663r666h05t</h3></center></font></body></html>Original PHP code
<title>Hacked by L4663r666h05t</title>
<style>
body{
font-family: Courier;
}
</style>
<font color='white'><body bgcolor='black'><center>
<body>
<br><br>
<img src='https://s.kaskus.id/img/hot_thread/hot_thread_fcibsimzte5n.jpg' width='450'>
<h3>Hacked by L4663r666h05t x Single Attacker<br><br>
<?php system('uname -a');?><br><br>
Greetz: Wonka - Dijehaji - PYS404 - Mr.Vendetta_404 - FRK48 - son1x - bky992<br><br>
Twitter: https://twitter.com/L4663r666h05t</h3>