Quote:
Originally Posted by Habitual
I think it's been obfuscated twice.
|
Nope, it hasn't. As I said previously it creates a function and then executes the function whenever the script is called.
The function looks like an uploader rather than being directly malicious.
My main thought is that part of the strings tell php to use some form of different encoding rather than normal "english"