PHP Malware Analysis
deface.html
md5: 6925fa63909ed25dd98869197f63d5b0
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
Title
- Hacked by YakuzoWeb (Deobfuscated, HTML, Original)
URLs
- https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.js (Deobfuscated, HTML, Original)
- https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css (Deobfuscated, HTML, Original)
- https://cdnjs.cloudflare.com/ajax/libs/typed.js/1.1.1/typed.min.js (Deobfuscated, HTML, Original)
- https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i|Source+Code+Pro:400,500,600,700 (Deobfuscated, HTML, Original)
- https://nathanprinsley-files.prinsh.com/data-1/css/deface(08-01).css (Deobfuscated, HTML, Original)
- https://www.prinsh.com (Deobfuscated, HTML, Original)
Deobfuscated PHP code
<!DOCTYPE html>
<html lang="en" >
<head>
<meta charset="UTF-8">
<title>Hacked by YakuzoWeb</title>
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css">
<link rel="stylesheet" href="https://nathanprinsley-files.prinsh.com/data-1/css/deface(08-01).css">
</head>
<body>
<section id="four-oh-four">
<img class="bg" alt="404" />
<div id="error-container">
<div class="overlay"></div>
<div class="terminal">
<div class="window-title">
<div class="win-buttons">
<a id="close" class="button" href="https://www.prinsh.com"></a>
<a id="min" class="button" href="https://www.prinsh.com"></a>
<a id="max" class="button" href="https://www.prinsh.com"></a>
</div>
<span class="title">Hacked by YakuzoWeb</span></div>
<div class="message">
<span class='prompt'><span class='user'>root</span><span class="at">@</span><span class="path">ssd</span>~<span class="caret">$</span> </span>
<span class="typed"></span>
<form>><span class="caret">$</span>
<input type="text" name="response"></input>
</form>
</div>
</div>
</div>
</section>
<link rel='stylesheet' href='https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i|Source+Code+Pro:400,500,600,700' type='text/css' media='screen'/>
<script src='https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.js'></script>
<script src='https://cdnjs.cloudflare.com/ajax/libs/typed.js/1.1.1/typed.min.js'></script>
<script type="text/javascript">
$(function() {
$(".typed").typed({
strings: [
"./exploit <br/>" +
"~<span class='caret'>#</span> YakuzoWeb fucked you up <br/> ^1" +
"~<span class='caret'>#</span> s1l4n4 fucked you up too<br/> ^1" +
"~<span class='caret'>#</span> think 'bout SSD and Morpheus Team :)<br/> ^1" +
"~<span class='caret'>#</span> python3 greetz.py <br/> ^1" +
"['0xK0UN0', 'lil-corpse', 'Natsuyo', 'menfou', 'Bakemono', 'Yokai', 'qlb'] <br/> ^1" +
"~<span class='caret'>#</span> echo Thanks For reading :) <br/> ^1"
],
showCursor: true,
cursorChar: '_',
autoInsertCss: true,
typeSpeed: 30,
startDelay: 200,
loop: false,
showCursor: false,
onStart: $('.message form').hide(),
onStop: $('.message form').show(),
onTypingResumed: $('.message form').hide(),
onTypingPaused: $('.message form').show(),
onComplete: $('.message form').show(),
onStringTyped: $('.message form').show()
});
$('.message form').hide()
});
</script>
</body>
</html>Execution traces
Generated HTML code
<html lang="en"><head>
<meta charset="UTF-8">
<title>Hacked by YakuzoWeb</title>
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css">
<link rel="stylesheet" href="https://nathanprinsley-files.prinsh.com/data-1/css/deface(08-01).css">
</head>
<body>
<section id="four-oh-four">
<img class="bg" alt="404">
<div id="error-container">
<div class="overlay"></div>
<div class="terminal">
<div class="window-title">
<div class="win-buttons">
<a id="close" class="button" href="https://www.prinsh.com"></a>
<a id="min" class="button" href="https://www.prinsh.com"></a>
<a id="max" class="button" href="https://www.prinsh.com"></a>
</div>
<span class="title">Hacked by YakuzoWeb</span></div>
<div class="message">
<span class="prompt"><span class="user">root</span><span class="at">@</span><span class="path">ssd</span>~<span class="caret">$</span> </span>
<span class="typed">./exploit <br>~<span class="caret">#</span> YakuzoWeb fucked you up <br> ~<span class="caret">#</span> s1l4n4 fucked you up too<br> ~<span class="caret">#</span> think</span>
<form style="display: none;">><span class="caret">$</span>
<input type="text" name="response">
</form>
</div>
</div>
</div>
</section>
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i|Source+Code+Pro:400,500,600,700" type="text/css" media="screen">
<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/typed.js/1.1.1/typed.min.js"></script>
<script type="text/javascript">
$(function() {
$(".typed").typed({
strings: [
"./exploit <br/>" +
"~<span class='caret'>#</span> YakuzoWeb fucked you up <br/> ^1" +
"~<span class='caret'>#</span> s1l4n4 fucked you up too<br/> ^1" +
"~<span class='caret'>#</span> think 'bout SSD and Morpheus Team :)<br/> ^1" +
"~<span class='caret'>#</span> python3 greetz.py <br/> ^1" +
"['0xK0UN0', 'lil-corpse', 'Natsuyo', 'menfou', 'Bakemono', 'Yokai', 'qlb'] <br/> ^1" +
"~<span class='caret'>#</span> echo Thanks For reading :) <br/> ^1"
],
showCursor: true,
cursorChar: '_',
autoInsertCss: true,
typeSpeed: 30,
startDelay: 200,
loop: false,
showCursor: false,
onStart: $('.message form').hide(),
onStop: $('.message form').show(),
onTypingResumed: $('.message form').hide(),
onTypingPaused: $('.message form').show(),
onComplete: $('.message form').show(),
onStringTyped: $('.message form').show()
});
$('.message form').hide()
});
</script>
</body></html>Original PHP code
<!DOCTYPE html>
<html lang="en" >
<head>
<meta charset="UTF-8">
<title>Hacked by YakuzoWeb</title>
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css">
<link rel="stylesheet" href="https://nathanprinsley-files.prinsh.com/data-1/css/deface(08-01).css">
</head>
<body>
<section id="four-oh-four">
<img class="bg" alt="404" />
<div id="error-container">
<div class="overlay"></div>
<div class="terminal">
<div class="window-title">
<div class="win-buttons">
<a id="close" class="button" href="https://www.prinsh.com"></a>
<a id="min" class="button" href="https://www.prinsh.com"></a>
<a id="max" class="button" href="https://www.prinsh.com"></a>
</div>
<span class="title">Hacked by YakuzoWeb</span></div>
<div class="message">
<span class='prompt'><span class='user'>root</span><span class="at">@</span><span class="path">ssd</span>~<span class="caret">$</span> </span>
<span class="typed"></span>
<form>><span class="caret">$</span>
<input type="text" name="response"></input>
</form>
</div>
</div>
</div>
</section>
<link rel='stylesheet' href='https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i|Source+Code+Pro:400,500,600,700' type='text/css' media='screen'/>
<script src='https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.js'></script>
<script src='https://cdnjs.cloudflare.com/ajax/libs/typed.js/1.1.1/typed.min.js'></script>
<script type="text/javascript">
$(function() {
$(".typed").typed({
strings: [
"./exploit <br/>" +
"~<span class='caret'>#</span> YakuzoWeb fucked you up <br/> ^1" +
"~<span class='caret'>#</span> s1l4n4 fucked you up too<br/> ^1" +
"~<span class='caret'>#</span> think 'bout SSD and Morpheus Team :)<br/> ^1" +
"~<span class='caret'>#</span> python3 greetz.py <br/> ^1" +
"['0xK0UN0', 'lil-corpse', 'Natsuyo', 'menfou', 'Bakemono', 'Yokai', 'qlb'] <br/> ^1" +
"~<span class='caret'>#</span> echo Thanks For reading :) <br/> ^1"
],
showCursor: true,
cursorChar: '_',
autoInsertCss: true,
typeSpeed: 30,
startDelay: 200,
loop: false,
showCursor: false,
onStart: $('.message form').hide(),
onStop: $('.message form').show(),
onTypingResumed: $('.message form').hide(),
onTypingPaused: $('.message form').show(),
onComplete: $('.message form').show(),
onStringTyped: $('.message form').show()
});
$('.message form').hide()
});
</script>
</body>
</html>