How can I gzinflate and save the inflated data without running it? (Found what I think is a trojan o
- by Rob
Well, not my server. My friend found it and sent it to me, trying to make sense of it. What it appears to be is a PHP IRC bot, but I have no idea how to decode it and make any sense of it.
Here is the code:
<?eval(gzinflate(base64_decode('some base 64 code here')))?>
So I decoded the base64, and it output a ton of strange characters, I'm guessing either encrypted or a different file type, like when you change a .jpg to a .txt and open it.
But I have no idea how to decode this and determine its source. Any help?