Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
U
U
up72020-05-05 13:25:36
PHP
up7, 2020-05-05 13:25:36

Why this code? Not a virus?

This is where the code starts:

<? $GLOBALS['_1116732506_']=Array(base64_decode('' .'c3' .'RyX3J' .'lcGxhY2' .'U' .'='),base64_decode('' .'bXRfc' .'m' .'Fu' .'ZA=='),base64_decode('' .'YXJ' .'yY' .'Xlf' .'ZGlmZl9r' .'ZXk='),base64_decode('' .'Y' .'XJy' .'YX' .'lfZGlmZl91a2V5'),base64_decode('c' .'3RycG9' .'z'),base64_decode('c' .'3RyX' .'3Jl' .'cGx' .'hY' .'2U='),base64_decode('c' .'3R' .'ydG90a' .'W1l'),


This is an array of methods - str_replace and so on

. Why is it? In the mail send folder

Here is the whole code of the file:

<? $GLOBALS['_1116732506_']=Array(base64_decode('' .'c3' .'RyX3J' .'lcGxhY2' .'U' .'='),base64_decode('' .'bXRfc' .'m' .'Fu' .'ZA=='),base64_decode('' .'YXJ' .'yY' .'Xlf' .'ZGlmZl9r' .'ZXk='),base64_decode('' .'Y' .'XJy' .'YX' .'lfZGlmZl91a2V5'),base64_decode('c' .'3RycG9' .'z'),base64_decode('c' .'3RyX' .'3Jl' .'cGx' .'hY' .'2U='),base64_decode('c' .'3R' .'ydG90a' .'W1l'),base64_decode('ZX' .'hw'),base64_decode('bXRf' .'cm' .'FuZA' .'=='),base64_decode('' .'c' .'3RyX' .'3' .'Jl' .'cGxhY2U='),base64_decode('bXRfcm' .'Fu' .'ZA=' .'='),base64_decode('c' .'3R' .'y' .'d' .'G9sb' .'3d' .'lc' .'g=='),base64_decode('c3Ryc' .'G9z'),base64_decode('aW1hZ2V' .'kZX' .'N0cm95'),base64_decode('c3RyX3JlcG' .'xhY2U='),base64_decode('b' .'WtkaXI='),base64_decode('' .'aW1hZ2Vjb3B' .'5'),base64_decode('c' .'HJ' .'l' .'Z' .'19yZXBs' .'YWN' .'l'),base64_decode('YXJyYX' .'l' .'fZmlsd' .'GVy'),base64_decode('' .'c' .'3RycHRpbWU='),base64_decode('c3' .'RycG' .'9z'),base64_decode('Zml' .'s' .'Z' .'Q=='),base64_decode('bXR' .'fcm' .'FuZA=='),base64_decode('' .'YXJyYXlfcmVkd' .'W' .'Nl'),base64_decode('cHJlZ19yZXBs' .'YWNl'),base64_decode('c2' .'9ja2V0X2Nvb' .'m' .'5lY3Q='),base64_decode('bXRfcmF' .'uZA' .'=='),base64_decode('' .'a' .'XNf' .'Y' .'X' .'JyYXk='),base64_decode('a' .'W1hZ2VjcmV' .'h' .'dGVmc' .'m' .'9tZ' .'2Q='),base64_decode('aW1hZ2Vjcm' .'VhdGU='),base64_decode('' .'c2' .'V' .'zc2l' .'vbl9pc19yZWdpc' .'3R' .'l' .'cm' .'Vk'),base64_decode('cH' .'JlZ19yZXB' .'s' .'Y' .'WNl'),base64_decode('cHJlZ19' .'xdW90Z' .'Q' .'=='),base64_decode('aW1hZ' .'2Vjb3B5bWVyZ2' .'Vn' .'cmF5'),base64_decode('' .'bXRfcmF' .'u' .'ZA=' .'='),base64_decode('c' .'HJlZ1' .'9t' .'Y' .'XRjaA=='),base64_decode('c' .'HJlZ19y' .'ZX' .'BsYWN' .'l'),base64_decode('' .'c29ja2V0' .'X' .'2NyZWF0ZV' .'9w' .'YWly'),base64_decode('bXRf' .'cm' .'FuZ' .'A=='),base64_decode('bX' .'RfcmFuZA' .'=='),base64_decode('bXRfcmFuZA=='),base64_decode('cH' .'Jl' .'Z' .'19tYXR' .'jaF9hbGw='),base64_decode('cHJlZ19yZX' .'B' .'sYWNl'),base64_decode('' .'c3R' .'ycG9z'),base64_decode('c29' .'ja2V0X2dldF9zdGF' .'0dXM' .'='),base64_decode('bXRf' .'c' .'mFuZA=' .'='),base64_decode('YXJy' .'YXl' .'fc' .'mF' .'u' .'ZA=='),base64_decode('Z' .'2V0X2' .'1hZ2l' .'jX3F1b3R' .'lc' .'19ncGM='),base64_decode('c3R' .'yX3JlcGxhY2U='),base64_decode('c3RyX3Jlc' .'GxhY2U='),base64_decode('c3' .'Ry' .'X3JlcG' .'xhY2U='),base64_decode('bXRfcm' .'F' .'u' .'ZA=' .'='),base64_decode('Y' .'XJyYXlfZGl' .'mZl' .'9r' .'Z' .'Xk='),base64_decode('' .'c3RyX3' .'JlcG' .'xh' .'Y2U='),base64_decode('YXJyYXlfcm' .'F' .'u' .'Z' .'A=='),base64_decode('' .'Y' .'2' .'91' .'bn' .'Q='),base64_decode('' .'c' .'3RyX3JlcGxh' .'Y2U='),base64_decode('' .'ZmdldHM='),base64_decode('Y3VybF9' .'t' .'d' .'Wx0aV9n' .'ZXR' .'jb' .'25' .'0ZW50'),base64_decode('bXRfcmFuZA=='),base64_decode('Zmd' .'ldGM='),base64_decode('' .'bX' .'RfcmF' .'u' .'Z' .'A=='),base64_decode('bXNzcWx' .'fcXV' .'lc' .'nk='),base64_decode('bXRfcmF' .'uZ' .'A=' .'='),base64_decode('c' .'3R' .'y' .'c' .'G' .'9z'),base64_decode('c3Ry' .'dG90' .'aW1l'),base64_decode('c3RyX3J' .'lcGxh' .'Y' .'2U='),base64_decode('bXRfc' .'m' .'FuZ' .'A=='),base64_decode('' .'c3RybmN' .'tcA=' .'='),base64_decode('cH' .'JpbnR' .'f' .'cg=='),base64_decode('ZGF' .'0Z' .'Q=='),base64_decode('c3R' .'yX3JlcGxhY2' .'U='),base64_decode('' .'bXR' .'fc' .'m' .'FuZ' .'A=='),base64_decode('Z' .'mdldGM='),base64_decode('YXJyY' .'XlfcmVkdWN' .'l'),base64_decode('c2' .'Vzc2lvb' .'l9p' .'c19y' .'ZWdpc3' .'Rlcm' .'Vk'),base64_decode('c3' .'Ry' .'X3JlcG' .'xhY' .'2' .'U' .'='),base64_decode('c3' .'Ry' .'cG9z'),base64_decode('' .'c' .'3RycnB' .'vcw=='),base64_decode('c' .'3Ry' .'cG' .'9z'),base64_decode('Zm' .'xvY2s='),base64_decode('' .'dXJsZW5j' .'b' .'2Rl'),base64_decode('Y' .'X' .'JyYXlfcHJvZHVjdA=='),base64_decode('c' .'3RyX3J' .'l' .'cGxhY2U='),base64_decode('Y' .'3J' .'lYXRlX2' .'Z1bmN0a' .'W' .'9' .'u'),base64_decode('' .'c' .'3R' .'y' .'cG' .'9z'),base64_decode('b' .'XR' .'fcmFuZA=='),base64_decode('' .'dXJsZ' .'W5jb2Rl'),base64_decode('c3RycG9z'),base64_decode('Zm' .'lsZQ=='),base64_decode('bXRfcmF' .'uZ' .'A=='),base64_decode('YXJ' .'y' .'Y' .'Xl' .'fc3BsaWNl'),base64_decode('' .'Y' .'3V' .'ybF' .'9t' .'dWx0' .'aV' .'9pbmZ' .'vX3JlYWQ='),base64_decode('YXJyYXlfaW50ZXJzZWN0'),base64_decode('c2Vz' .'c2lvbl9pc' .'19yZWdpc3' .'Rl' .'cm' .'Vk'),base64_decode('c3R' .'ycHRp' .'bW' .'U='),base64_decode('b' .'XRfcmFuZA==')); ?><? function _1103804360($i){$a=Array('JiMwMzI7','IA==','bGo=','' .'Pg==','Jm' .'d0O' .'w=' .'=','YXB' .'s','PA==','Jmx0Ow==','dm' .'I=','b3JzaXd' .'xb2Znd' .'GFzdw==','dWp6','' .'Ig==','' .'J' .'nF1b3Q7','LwoKL' .'w==','PHA+','' .'bG1ubHdp' .'Z' .'m' .'Fi' .'Ym5' .'vYnJ0a3' .'J' .'1','cHV' .'scno' .'=','Lwov','' .'PGJ' .'yP' .'g==','L' .'1w' .'kLw' .'=' .'=','Ji' .'MwMzY' .'7','eA==','' .'Lw0' .'v','','L1xcLw' .'=' .'=','J' .'i' .'MwOTI7','' .'Z3' .'Zja2R' .'kZWRvZmxxbg==','YmlrZ' .'Ho=','J' .'iMwOTI7JnF1b3Q7','' .'J' .'nF1' .'b3Q' .'7','' .'JiMwO' .'T' .'I' .'7Jw==','Jw==','J' .'iMw' .'OTI7JiMwOTI7','JiM' .'wO' .'TI' .'7','' .'bnE=','' .'DQo=','PGJ' .'y' .'PiA=','Cgo=','' .'PH' .'A+IA==','aX' .'dpcW' .'hsdH' .'V0' .'am' .'9h' .'Z' .'HA=','b3o=','Cg==','PGJyPiA=','dXZn','CQ==','','DQ' .'==','','Y3VlZG1idGFr' .'Y3FqcnN' .'2Ym4' .'=','' .'amR6','d' .'3Z1Ym' .'JxaHZ' .'4d2' .'5tdQ==','ZWx2aXo=','c3' .'JyYg==','' .'ICAg','' .'IA=' .'=','b' .'G' .'hpa' .'XF' .'o' .'dnh3ZX' .'Vtc' .'G' .'4=','' .'Z3d' .'mbno' .'=','' .'cXB3','a3g=');return base64_decode($a[$i]);} ?>

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
A
Anton Neverov, 2020-05-05
@up7

Depends on what you mean by "virus".
This is clearly bad code.

Report
S
Saboteur, 2020-05-05
@saboteur_kiev

up7 , no one will decode the code. You need to sit down, spend an hour or two of your personal time.
And so it is clear that this is obfuscated code.
If you didn’t write it, then either it is malicious code, or you stole someone’s program, the author of which tried to protect himself from people like you in this way.
What exactly does it do - if you are interested, decode it. There is no encryption here, base64 decoding is available in all programming languages, and even separately.

Report
C
Coding1liki, 2020-05-06
@Coding1liki

I have already seen a similar solution. An array with a list of standard functions. As already mentioned above, it is used to hide the true goals of further code. Easily decoded. In Bitrix, the license check is coded in this way. Perhaps there are similar components in other commercial systems.

Similar questions
G
gsdev992019-11-01 14:29:39
How to properly configure sqlite so that LIKE works in Cyrillic? 4Reply
A
Aleksandr2015-06-23 11:39:20
How to stretch img to full screen using js? 2Reply
Q
Questions00012021-05-07 16:07:05
How to bypass intrusive Youtube ads? ad blockers don't help. You need to switch to a paid plan to stop ads. What can be done? 4Reply
V
Valeriy19972015-07-13 21:04:36
Is the interpretation of the code correct? 4Reply
G
GaserV2017-06-24 02:43:34
How to return the user who sent the message in Laravel? 5Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question