First time in 2 years I dont feel safe on Babiato

Status
Not open for further replies.
GayBlackJew

GayBlackJew

Active member
Jan 18, 2019
111
57
28

I found a malware being shared by the staff, and his defense is "U think i am going to do a full install to see what's in those files? i don't think so, u can do that, and if you have a problem why not pay for it and ask the developer..."
patrocle said:
Look Friend, i share directly from the developer the theme and data files. U think i am going to do a full install to see what's in those files? i don't think so, u can do that, and if you have a problem why not pay for it and ask the developer...

"You are a staff member why do you act like you dont know the basics... " and stop pointing fingers to a staff member! U have been warned.
Click to expand...

Until now the file is still not removed, I'm not sure its the staff's pride or he is intentionally sharing it. If you feel ashamed of being pointed out for sharing malware, just delete the whole thread so no one will know it ever happened, i dont care. But leaving it there is a threat to the community, to our community.
 
T

TassieNZ

Premium Uploader and Sometimes Hacker!
Jan 17, 2019
9,017
19,814
120
New Zealand
GayBlackJew said:

I found a malware being shared by the staff, and his defense is "U think i am going to do a full install to see what's in those files? i don't think so, u can do that, and if you have a problem why not pay for it and ask the developer..."


Until now the file is still not removed, I'm not sure its the staff's pride or he is intentionally sharing it. If you feel ashamed of being pointed out for sharing malware, just delete the whole thread so no one will know it ever happened, i dont care. But leaving it there is a threat to the community, to our community.
Click to expand...
You need to provide further information please. A virus scan showing the malware is a good start. Also screenshots if you can.

Then we can look at it.

I have now downloaded the Theme and the Demo data. I'll look at it tomorrow.

TassieNZ :)
 
  • Like
Reactions: Fukutaro and anymoment
Midodove

Midodove

Active member
Jul 28, 2020
182
140
43
Madagascar
Sure, this community is the best.
What is your anti-virus? I guess if it is safe but your anti-virus is blocking it? I just wonder as I do not know anything on this field...
 
starliner

starliner

Well-known member
Null Master
Trusted Uploader
Mar 28, 2019
559
531
93
GayBlackJew said:
Thanks for your reply, the file is found in this post:

After extracting the .wpress file, inside the directory
/wp-content/uploads/2019/01/13181_HireBee_v1.3.6.zip

this is the virustotal scan:

VirusTotal

VirusTotal
www.virustotal.com www.virustotal.com

1599714511726.png
Click to expand...

before we adding any resource or post we look at malware ect.

But;

Some scanners especially virustotal isnt healthy results on scannig php files.

Because php has some functions example file_get_contents . Some scanners detects this function as malware but its not.

We can give many example like this.

At least there isnt any online scanner that works 100% and gives true results especially on php files.

So i dont believe there are malware on your php files.
 
  • Like
Reactions: anymoment
patrocle

patrocle

Well Known Senior Member!
Trusted Uploader
Nov 17, 2018
979
1,571
100
Ca. Usa
babiato.tech
GayBlackJew said:

I found a malware being shared by the staff, and his defense is "U think i am going to do a full install to see what's in those files? i don't think so, u can do that, and if you have a problem why not pay for it and ask the developer..."


Until now the file is still not removed, I'm not sure its the staff's pride or he is intentionally sharing it. If you feel ashamed of being pointed out for sharing malware, just delete the whole thread so no one will know it ever happened, i dont care. But leaving it there is a threat to the community, to our community.
Click to expand...

" I'm not sure its the staff's pride or he is intentionally sharing it. If you feel ashamed of being pointed out for sharing malware"

sharing malware...
2020-09-09_22-35-43.jpg
Why not go buy the theme and ask them why in the data file there is a virus...

I think you are crossing the line when you keep pointing fingers... "I'm not sure its the staff's pride or he is intentionally sharing it"

Like i said in the other tread my files are uploaded directly from the author / developer ,and if you want to use them check is on u to install at your own risk , and if something is up with them u can let someone know that have the time to install and check.

@TassieNZ
U can check...and see
Also the file demo data was deleted, from the other tread. Who ever wants the file they can go and buy it from the developer.
 
starliner

starliner

Well-known member
Null Master
Trusted Uploader
Mar 28, 2019
559
531
93
saranganime said:
Screenshot_1.jpg
i also found malware in this theme PsyPlay WordPress Movies Theme & Series [2.1.2]
Click to expand...


İn functions.php Hex encoded code found like below;

Code: 
${"\x47\x4c\x4f\x42\x41LS"}["p\x6d\x78j\x76b\x76"]="\x63\x6f\x6e\x66\x69gs";${"G\x4c\x4f\x42ALS"}["t\x78o\x66u\x70\x63\x69"]="\x73\x69\x7ae";${"\x47\x4c\x4f\x42AL\x53"}["\x66\x77d\x74\x72phl"]="i\x6d\x67";${"\x47LOB\x41\x4c\x53"}["\x73\x6f\x6c\x6f\x79\x6d\x64\x6ej\x6f\x75"]="\x70\x6f\x73ter\x75\x72\x6c";${"\x47L\x4f\x42A\x4c\x53"}["\x69\x69o\x6f\x6d\x65g\x75\x6b"]="i\x6dgs\x72c";${"\x47L\x4fB\x41LS"}["\x73\x68\x66\x78\x78\x66\x62\x62\x6a\x78\x6a\x68"]="\x74h\x75\x6db";${"\x47\x4c\x4f\x42\x41\x4cS"}["\x6b\x66h\x71gvl\x77\x78\x76"]="\x63a\x74_\x69\x64";${"\x47\x4c\x4fB\x41\x4c\x53"}["\x78m\x71kmx\x63"]="\x73\x69\x74\x65\x32";${"\x47\x4c\x4f\x42\x41\x4cS"}["\x73\x75hd\x62\x73\x61\x70me\x79"]="\x73\x69\x74e";function module_movies(){${${"G\x4cO\x42\x41L\x53"}["\x73\x75\x68\x64b\x73\x61\x70\x6d\x65\x79"]}=EDD_SL_STORE_URL;if(${${"\x47\x4c\x4f\x42AL\x53"}["\x73u\x68d\x62s\x61\x70\x6d\x65y"]}=="ht\x74ps://\x70\x73\x79t\x68\x65\x6d\x65s.com"){include_once"\x69n\x63ludes/\x70ar\x74\x73/m\x6fdu\x6c\x65\x73/modu\x6ce-\x6do\x76i\x65s.p\x68\x70";}}add_shortcode("\x6do\x64ul\x65-\x6d\x6fv\x69\x65s","mod\x75l\x65\x5fmovi\x65\x73");function module_tvshows(){${${"\x47LO\x42\x41L\x53"}["suh\x64\x62s\x61\x70\x6d\x65y"]}=EDD_SL_STORE_URL;if(${${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x73uh\x64bs\x61\x70\x6d\x65y"]}=="h\x74tps://\x70\x73yt\x68emes\x2e\x63o\x6d"){include_once"in\x63\x6cud\x65\x73/p\x61\x72\x74s/m\x6f\x64\x75\x6ces/\x6d\x6f\x64ule-t\x76\x73h\x6fws.php";}}add_shortcode("mod\x75l\x65-\x74\x76s\x68o\x77s","\x6d\x6fd\x75\x6ce\x5ft\x76\x73\x68\x6f\x77s");function module_episodes(){$oyrjbkvgfozh="\x73\x69\x74e";${${"\x47\x4c\x4f\x42A\x4cS"}["\x73\x75\x68d\x62s\x61\x70\x6de\x79"]}=EDD_SL_STORE_URL;if(${$oyrjbkvgfozh}=="ht\x74ps://p\x73\x79t\x68e\x6d\x65s\x2ec\x6f\x6d"){include_once"\x69ncl\x75\x64\x65\x73/\x70a\x72t\x73/m\x6f\x64ul\x65s/\x6dodule-\x65p\x69\x73o\x64\x65s.php";}}add_shortcode("m\x6fdul\x65-e\x70\x69\x73od\x65\x73","\x6dod\x75\x6ce_\x65p\x69sod\x65s");function module_extra1(){$uytzvk="\x73\x69\x74e";$kbojiiynxue="s\x69\x74\x65";${$kbojiiynxue}=EDD_SL_STORE_URL;if(${$uytzvk}=="\x68tt\x70\x73://ps\x79th\x65m\x65\x73\x2eco\x6d"){include_once"\x69\x6e\x63l\x75d\x65\x73/\x70\x61rt\x73/m\x6fdu\x6ces/\x6dod\x75l\x65-extr\x611.\x70h\x70";}}add_shortcode("mo\x64u\x6ce-\x65\x78\x74\x72\x611","\x6dod\x75le\x5f\x65\x78\x74\x72a1");function module_extra2(){${"\x47L\x4f\x42\x41L\x53"}["\x72bam\x61e\x78\x71"]="\x73ite";${${"\x47L\x4fB\x41LS"}["\x72\x62\x61\x6da\x65\x78\x71"]}=EDD_SL_STORE_URL;$dktynojzurp="s\x69t\x65";if(${$dktynojzurp}=="h\x74tp\x73://\x70syth\x65\x6d\x65s.c\x6fm"){include_once"\x69n\x63\x6cu\x64e\x73/p\x61\x72\x74\x73/\x6dod\x75l\x65s/modul\x65-\x65x\x74r\x61\x32.\x70\x68\x70";}}add_shortcode("\x6dodule-\x65\x78tra\x32","m\x6fdu\x6c\x65\x5f\x65\x78tra\x32");function module_extra3(){${"\x47\x4cO\x42A\x4c\x53"}["\x6bl\x6cx\x74\x77c\x71\x65"]="\x73i\x74\x65";${${"\x47L\x4f\x42ALS"}["\x73\x75\x68\x64\x62\x73a\x70\x6de\x79"]}=EDD_SL_STORE_URL;if(${${"GL\x4fB\x41\x4cS"}["\x6b\x6c\x6c\x78tw\x63\x71\x65"]}=="h\x74\x74ps://\x70\x73yt\x68\x65\x6des\x2e\x63\x6f\x6d"){include_once"incl\x75d\x65\x73/\x70ar\x74s/mo\x64ules/mo\x64\x75\x6ce-\x65\x78tr\x613\x2e\x70\x68\x70";}}add_shortcode("\x6d\x6f\x64u\x6ce-\x65x\x74r\x613","m\x6fd\x75l\x65\x5fext\x72\x613");function module_extra4(){$qiihywij="\x73\x69\x74\x65";${$qiihywij}=EDD_SL_STORE_URL;if(${${"\x47L\x4f\x42\x41L\x53"}["\x73\x75h\x64\x62s\x61\x70m\x65\x79"]}=="http\x73://\x70syt\x68e\x6d\x65\x73.c\x6f\x6d"){include_once"\x69\x6ec\x6c\x75de\x73/par\x74s/mod\x75les/\x6do\x64ul\x65-\x65xt\x72\x614.\x70\x68p";}}add_shortcode("\x6do\x64u\x6c\x65-ex\x74\x72\x61\x34","\x6d\x6fd\x75\x6c\x65_e\x78\x74ra4");function module_extra5(){${"\x47L\x4f\x42A\x4c\x53"}["fm\x67\x74ubm"]="s\x69t\x65";${"\x47\x4c\x4f\x42\x41L\x53"}["d\x70\x62\x74\x75\x64"]="\x73\x69\x74\x65";${${"G\x4c\x4f\x42\x41L\x53"}["fm\x67tub\x6d"]}=EDD_SL_STORE_URL;if(${${"GL\x4fBA\x4c\x53"}["\x64\x70\x62t\x75d"]}=="\x68tt\x70\x73://p\x73\x79\x74h\x65\x6des\x2ec\x6f\x6d"){include_once"\x69nc\x6c\x75d\x65s/par\x74s/\x6d\x6fdules/mo\x64\x75\x6ce-\x65x\x74r\x61\x35.php";}}add_shortcode("\x6d\x6f\x64\x75\x6ce-ex\x74ra5","\x6do\x64u\x6c\x65\x5fe\x78tr\x61\x35");function homepage_modules(){${"\x47LOB\x41\x4c\x53"}["\x6a\x6c\x6d\x78\x68\x7atx"]="\x63o\x64\x65\x78";${"\x47\x4c\x4fB\x41\x4cS"}["\x6e\x64\x7a\x68\x79w\x6e\x79"]="\x63\x6f\x64\x65x";${${"\x47\x4c\x4f\x42\x41LS"}["\x6a\x6c\x6d\x78h\x7a\x74\x78"]}=get_option("mo\x64u\x6ce-s\x68o\x72tcode\x73");if(${${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x6e\x64\x7ah\x79\x77\x6e\x79"]}){$cvkqvtlv="s\x69\x74\x65";$pchvjyjfhym="\x73\x69\x74\x65";${$cvkqvtlv}=EDD_SL_STORE_URL;if(${$pchvjyjfhym}=="\x68\x74t\x70\x73://p\x73\x79\x74\x68eme\x73\x2e\x63\x6f\x6d"){${"\x47\x4c\x4f\x42A\x4c\x53"}["\x65\x6a\x74u\x70lmc\x6ca"]="\x63\x6f\x64e\x78";return do_shortcode(${${"\x47\x4c\x4fBA\x4cS"}["\x65\x6a\x74\x75\x70\x6c\x6d\x63l\x61"]});}}else{$mpjguvnsaokq="si\x74\x65\x32";${${"G\x4cOBA\x4cS"}["\x78\x6d\x71km\x78c"]}=EDD_SL_STORE_URL;if(${$mpjguvnsaokq}=="\x68ttps://ps\x79\x74h\x65me\x73\x2eco\x6d"){include_once"\x69n\x63lude\x73/pa\x72t\x73/mo\x64ule\x73/\x6do\x64\x75\x6c\x65-\x6d\x6fv\x69e\x73.p\x68p";include_once"\x69\x6ec\x6cude\x73/p\x61\x72ts/\x6dod\x75l\x65s/\x6d\x6f\x64\x75\x6c\x65-tvs\x68ow\x73.p\x68p";include_once"in\x63l\x75\x64e\x73/\x70a\x72ts/m\x6f\x64u\x6c\x65s/mod\x75l\x65-\x65\x70\x69\x73\x6f\x64\x65\x73\x2eph\x70";include_once"\x69\x6ec\x6c\x75\x64\x65s/par\x74s/\x6d\x6f\x64\x75l\x65s/mo\x64ule-e\x78t\x72\x611.\x70hp";include_once"in\x63\x6c\x75d\x65\x73/\x70\x61rt\x73/\x6do\x64u\x6c\x65\x73/m\x6fd\x75l\x65-e\x78\x74ra\x32\x2ephp";include_once"incl\x75des/\x70\x61\x72ts/\x6d\x6f\x64ule\x73/m\x6fd\x75le-\x65x\x74r\x61\x33.\x70\x68p";include_once"i\x6e\x63lu\x64\x65s/\x70\x61r\x74\x73/m\x6f\x64\x75l\x65s/\x6dodu\x6ce-\x65x\x74r\x61\x34\x2eph\x70";include_once"\x69\x6e\x63\x6c\x75de\x73/\x70\x61rts/\x6do\x64\x75\x6c\x65s/m\x6f\x64u\x6ce-\x65x\x74ra\x35\x2ep\x68\x70";}}}function get_cat_slug($cat_id){$xdlgliwqq="\x73i\x74e";${${"G\x4cO\x42A\x4c\x53"}["k\x66\x68qg\x76\x6c\x77x\x76"]}=(int)${${"\x47LO\x42\x41L\x53"}["\x6b\x66\x68\x71g\x76l\x77xv"]};${${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x73uh\x64\x62\x73\x61\x70\x6de\x79"]}=EDD_SL_STORE_URL;$ryggvwuwhfed="c\x61\x74\x65\x67or\x79";${$ryggvwuwhfed}=&get_category(${${"\x47\x4cO\x42A\x4c\x53"}["k\x66\x68\x71\x67v\x6c\x77\x78\x76"]});if(${$xdlgliwqq}=="h\x74tps://ps\x79\x74h\x65\x6de\x73.\x63\x6fm"){return$category->slug;}}if(get_option("l\x69ve-se\x61\x72c\x68")=="true"){require_once(get_parent_theme_file_path("/\x69\x6e\x63lu\x64\x65\x73/p\x6cug\x69\x6e\x73/l\x69\x76\x65searc\x68/livesea\x72\x63h\x2e\x70h\x70"));}add_filter("\x73e\x61r\x63\x68w\x70\x5f\x6ci\x76\x65_s\x65a\x72c\x68\x5fp\x6fs\x74\x73\x5f\x70e\x72_\x70\x61ge","my\x5fse\x61\x72ch\x77p_l\x69ve_\x73e\x61r\x63h_po\x73ts_\x70\x65\x72_\x70\x61ge");function psy_get_thumb(){${"\x47\x4c\x4fBA\x4c\x53"}["l\x78\x75\x6e\x6a\x6b\x68"]="p\x69\x64";${"\x47\x4c\x4f\x42\x41L\x53"}["\x67\x70\x74\x74\x72g\x6eyh\x6f\x67"]="pos\x74e\x72\x75r\x6c";${${"G\x4c\x4f\x42\x41\x4c\x53"}["l\x78u\x6e\x6a\x6b\x68"]}=get_the_ID();${"\x47\x4c\x4f\x42\x41\x4c\x53"}["t\x65i\x78\x6dphs\x74"]="po\x73\x74\x65r\x75\x72l\x5fe";$gxqieeq="p\x69\x64";${${"\x47\x4c\x4fB\x41L\x53"}["g\x70\x74\x74rg\x6e\x79\x68og"]}=info_movie_get_meta("poste\x72_\x75\x72l");${"\x47\x4cO\x42A\x4c\x53"}["o\x7a\x6d\x73\x6df\x68\x6b\x67\x6c"]="i\x6d\x67\x73\x72\x63";${${"\x47\x4c\x4f\x42\x41\x4cS"}["\x74eix\x6d\x70h\x73\x74"]}=episodios_get_meta("\x70ost\x65\x72_\x73\x65\x72i\x65");if(has_post_thumbnail(${$gxqieeq})){$yrushxfz="\x70\x69d";${${"\x47L\x4f\x42\x41\x4cS"}["s\x68\x66xxfbb\x6axjh"]}=get_the_post_thumbnail_url(${$yrushxfz},"full");${"\x47L\x4fB\x41L\x53"}["\x66\x6emr\x69\x6e"]="\x74h\x75\x6db";${${"\x47\x4cO\x42A\x4c\x53"}["\x69\x69\x6f\x6f\x6d\x65\x67\x75k"]}=${${"G\x4c\x4f\x42\x41L\x53"}["f\x6e\x6d\x72\x69n"]};}else{${"\x47\x4c\x4fB\x41\x4cS"}["\x75j\x62\x6a\x76\x6a"]="p\x6f\x73\x74\x65r\x75r\x6c\x5f\x65";${"G\x4c\x4f\x42A\x4c\x53"}["r\x6di\x62\x64\x73\x6cp\x67\x61"]="\x70\x6fst\x65\x72\x75\x72l";if(!empty(${${"G\x4c\x4fBALS"}["\x72m\x69\x62\x64\x73\x6c\x70g\x61"]})){$nnehgg="\x69\x6d\x67\x73r\x63";${$nnehgg}=${${"G\x4c\x4fB\x41\x4cS"}["so\x6c\x6fym\x64\x6e\x6a\x6fu"]};}elseif(!empty(${${"G\x4cO\x42\x41\x4c\x53"}["\x75\x6ab\x6a\x76\x6a"]})){${"G\x4c\x4f\x42\x41\x4cS"}["s\x71\x67\x79lt\x70"]="i\x6d\x67\x73rc";${"\x47L\x4f\x42A\x4cS"}["\x6ef\x6d\x68o\x76z"]="\x70o\x73\x74\x65r\x75\x72\x6c\x5f\x65";${${"\x47L\x4fBA\x4c\x53"}["\x73\x71g\x79l\x74p"]}=${${"\x47L\x4f\x42A\x4cS"}["nf\x6d\x68o\x76\x7a"]};}else{${"\x47\x4c\x4f\x42AL\x53"}["\x61\x71\x79\x73\x65\x65\x67\x64"]="\x69mg";${${"G\x4c\x4f\x42ALS"}["\x61\x71\x79\x73\x65egd"]}=get_template_directory_uri()."/a\x73\x73\x65t\x73/\x63\x73\x73/i\x6dg/\x6e\x6fimg\x2epn\x67";${"\x47\x4c\x4f\x42A\x4c\x53"}["\x74\x66\x65\x76\x74a\x6a\x62\x7a"]="\x69\x6dgsr\x63";${${"\x47LO\x42A\x4c\x53"}["\x74\x66e\x76\x74aj\x62z"]}=${${"\x47LO\x42A\x4c\x53"}["\x66w\x64\x74\x72p\x68\x6c"]};}}return${${"\x47\x4cO\x42A\x4c\x53"}["o\x7a\x6d\x73mf\x68\x6b\x67\x6c"]};}function psy_get_slider_thumb(){$qprxlhu="i\x6d\x67";${"GLO\x42\x41LS"}["\x67\x73\x75\x66\x78\x6d\x6c\x70\x73"]="\x69m\x67s\x72c";if(get_option("\x6e\x65ws-\x6dodu\x6ce")=="\x65\x6e\x61bl\x65"){${${"G\x4c\x4fB\x41\x4c\x53"}["t\x78\x6ff\x75\x70\x63\x69"]}="/\x74/\x70/w\x31280/";}else{${${"\x47L\x4fB\x41\x4cS"}["tx\x6ff\x75\x70c\x69"]}="/t/p/o\x72\x69\x67\x69n\x61\x6c/";}if(${$qprxlhu}=info_movie_get_meta("\x66\x65\x61\x74\x75\x72e\x64s\x5f\x69\x6d\x67")){${"GLO\x42ALS"}["\x68zq\x64\x71\x6bd\x6b\x75\x72p\x75"]="s\x69\x7a\x65";$qqrppugpwjt="i\x6d\x67s\x72c";${$qqrppugpwjt}=str_replace("/t/\x70/w\x3300/",${${"\x47L\x4fBAL\x53"}["\x68zq\x64\x71kdk\x75\x72pu"]},${${"\x47\x4c\x4fB\x41\x4c\x53"}["\x66\x77\x64\x74r\x70\x68\x6c"]});}elseif(${${"\x47\x4c\x4f\x42\x41L\x53"}["\x66w\x64\x74\x72p\x68\x6c"]}=info_movie_get_meta("\x66ondo\x5fpla\x79er")){${"G\x4c\x4f\x42\x41\x4cS"}["xo\x73\x6b\x62\x65\x79\x74"]="\x69mg";$thepehej="im\x67\x73\x72\x63";${$thepehej}=str_replace("/t/p/\x77\x33\x300/",${${"G\x4cO\x42\x41\x4cS"}["t\x78\x6ffu\x70\x63i"]},${${"\x47L\x4f\x42A\x4cS"}["\x78\x6f\x73k\x62ey\x74"]});}else{$jmgojndqx="i\x6d\x67";${${"\x47\x4c\x4f\x42A\x4cS"}["f\x77\x64t\x72phl"]}=get_template_directory_uri()."/\x61\x73s\x65ts/cs\x73/\x69mg/\x6eoi\x6d\x67\x2epng";${${"\x47L\x4fB\x41L\x53"}["\x69\x69\x6f\x6f\x6de\x67u\x6b"]}=${$jmgojndqx};}return${${"G\x4c\x4f\x42\x41\x4cS"}["\x67suf\x78ml\x70\x73"]};}function my_searchwp_live_search_configs($configs){${"\x47\x4cO\x42\x41\x4cS"}["wqy\x65v\x68"]="\x63\x6fnfig\x73";${${"\x47LO\x42\x41L\x53"}["\x70\x6dx\x6a\x76bv"]}["\x68om\x65-se\x61r\x63h"]=array("e\x6e\x67\x69ne"=>"d\x65fa\x75l\x74","parent\x5f\x65l"=>"#\x73ea\x72\x63\x68-hom\x65\x70\x61ge-\x72\x65su\x6c\x74s","\x69npu\x74"=>array("de\x6cay"=>300,"\x6d\x69\x6e_chars"=>3,),"resu\x6c\x74\x73"=>array("p\x6f\x73itio\x6e"=>"b\x6f\x74\x74\x6f\x6d","\x77i\x64\x74h"=>"c\x73s","\x6f\x66\x66set"=>array("\x78"=>0,"y"=>0),),"\x73pinner"=>array("\x6c\x69ne\x73"=>8,"l\x65\x6e\x67\x74h"=>6,"wi\x64t\x68"=>5,"rad\x69\x75\x73"=>6,"\x63or\x6eers"=>1,"ro\x74\x61\x74e"=>0,"di\x72ect\x69o\x6e"=>1,"col\x6f\x72"=>"#0\x300","s\x70e\x65\x64"=>1,"\x74\x72\x61\x69\x6c"=>60,"s\x68adow"=>false,"\x68\x77\x61cc\x65\x6c"=>false,"c\x6c\x61\x73sN\x61\x6de"=>"spi\x6en\x65\x72","\x7a\x49ndex"=>2000000000,"\x74\x6fp"=>"5\x30\x25","\x6ceft"=>"5\x30%",),);return${${"GLO\x42\x41\x4c\x53"}["\x77q\x79e\x76h"]};}${${"G\x4cOB\x41\x4cS"}["s\x75h\x64\x62\x73\x61\x70\x6dey"]}=EDD_SL_STORE_URL;if(${${"\x47L\x4fB\x41\x4c\x53"}["\x73\x75\x68\x64\x62\x73a\x70\x6d\x65\x79"]}=="\x68\x74\x74\x70s://p\x73y\x74h\x65\x6d\x65s.\x63\x6f\x6d"){add_filter("\x73\x65arc\x68wp_l\x69v\x65\x5f\x73ear\x63\x68_\x63onfig\x73","my\x5fse\x61\x72c\x68\x77\x70\x5flive_\x73earc\x68\x5fc\x6fnfi\x67\x73");}function my_searchwp_live_search_posts_per_page(){return 5;}


But when decode this code you can see, theme is fetching movies from their server;

Code: 
${"GLOBALS"}["pmxjvbv"]="configs";${"GLOBALS"}["txofupci"]="size";${"GLOBALS"}["fwdtrphl"]="img";${"GLOBALS"}["soloymdnjou"]="posterurl";${"GLOBALS"}["iioomeguk"]="imgsrc";${"GLOBALS"}["shfxxfbbjxjh"]="thumb";${"GLOBALS"}["kfhqgvlwxv"]="cat_id";${"GLOBALS"}["xmqkmxc"]="site2";${"GLOBALS"}["suhdbsapmey"]="site";function module_movies(){${${"GLOBALS"}["suhdbsapmey"]}=EDD_SL_STORE_URL;if(${${"GLOBALS"}["suhdbsapmey"]}=="https://psythemes.com"){include_once"includes/parts/modules/module-movies.php";}}add_shortcode("module-movies","module_movies");function module_tvshows(){${${"GLOBALS"}["suhdbsapmey"]}=EDD_SL_STORE_URL;if(${${"GLOBALS"}["suhdbsapmey"]}=="https://psythemes.com"){include_once"includes/parts/modules/module-tvshows.php";}}add_shortcode("module-tvshows","module_tvshows");function module_episodes(){$oyrjbkvgfozh="site";${${"GLOBALS"}["suhdbsapmey"]}=EDD_SL_STORE_URL;if(${$oyrjbkvgfozh}=="https://psythemes.com"){include_once"includes/parts/modules/module-episodes.php";}}add_shortcode("module-episodes","module_episodes");function module_extra1(){$uytzvk="site";$kbojiiynxue="site";${$kbojiiynxue}=EDD_SL_STORE_URL;if(${$uytzvk}=="https://psythemes.com"){include_once"includes/parts/modules/module-extra1.php";}}add_shortcode("module-extra1","module_extra1");function module_extra2(){${"GLOBALS"}["rbamaexq"]="site";${${"GLOBALS"}["rbamaexq"]}=EDD_SL_STORE_URL;$dktynojzurp="site";if(${$dktynojzurp}=="https://psythemes.com"){include_once"includes/parts/modules/module-extra2.php";}}add_shortcode("module-extra2","module_extra2");function module_extra3(){${"GLOBALS"}["kllxtwcqe"]="site";${${"GLOBALS"}["suhdbsapmey"]}=EDD_SL_STORE_URL;if(${${"GLOBALS"}["kllxtwcqe"]}=="https://psythemes.com"){include_once"includes/parts/modules/module-extra3.php";}}add_shortcode("module-extra3","module_extra3");function module_extra4(){$qiihywij="site";${$qiihywij}=EDD_SL_STORE_URL;if(${${"GLOBALS"}["suhdbsapmey"]}=="https://psythemes.com"){include_once"includes/parts/modules/module-extra4.php";}}add_shortcode("module-extra4","module_extra4");function module_extra5(){${"GLOBALS"}["fmgtubm"]="site";${"GLOBALS"}["dpbtud"]="site";${${"GLOBALS"}["fmgtubm"]}=EDD_SL_STORE_URL;if(${${"GLOBALS"}["dpbtud"]}=="https://psythemes.com"){include_once"includes/parts/modules/module-extra5.php";}}add_shortcode("module-extra5","module_extra5");function homepage_modules(){${"GLOBALS"}["jlmxhztx"]="codex";${"GLOBALS"}["ndzhywny"]="codex";${${"GLOBALS"}["jlmxhztx"]}=get_option("module-shortcodes");if(${${"GLOBALS"}["ndzhywny"]}){$cvkqvtlv="site";$pchvjyjfhym="site";${$cvkqvtlv}=EDD_SL_STORE_URL;if(${$pchvjyjfhym}=="https://psythemes.com"){${"GLOBALS"}["ejtuplmcla"]="codex";return do_shortcode(${${"GLOBALS"}["ejtuplmcla"]});}}else{$mpjguvnsaokq="site2";${${"GLOBALS"}["xmqkmxc"]}=EDD_SL_STORE_URL;if(${$mpjguvnsaokq}=="https://psythemes.com"){include_once"includes/parts/modules/module-movies.php";include_once"includes/parts/modules/module-tvshows.php";include_once"includes/parts/modules/module-episodes.php";include_once"includes/parts/modules/module-extra1.php";include_once"includes/parts/modules/module-extra2.php";include_once"includes/parts/modules/module-extra3.php";include_once"includes/parts/modules/module-extra4.php";include_once"includes/parts/modules/module-extra5.php";}}}function get_cat_slug($cat_id){$xdlgliwqq="site";${${"GLOBALS"}["kfhqgvlwxv"]}=(int)${${"GLOBALS"}["kfhqgvlwxv"]};${${"GLOBALS"}["suhdbsapmey"]}=EDD_SL_STORE_URL;$ryggvwuwhfed="category";${$ryggvwuwhfed}=&get_category(${${"GLOBALS"}["kfhqgvlwxv"]});if(${$xdlgliwqq}=="https://psythemes.com"){return$category->slug;}}if(get_option("live-search")=="true"){require_once(get_parent_theme_file_path("/includes/plugins/livesearch/livesearch.php"));}add_filter("searchwp_live_search_posts_per_page","my_searchwp_live_search_posts_per_page");function psy_get_thumb(){${"GLOBALS"}["lxunjkh"]="pid";${"GLOBALS"}["gpttrgnyhog"]="posterurl";${${"GLOBALS"}["lxunjkh"]}=get_the_ID();${"GLOBALS"}["teixmphst"]="posterurl_e";$gxqieeq="pid";${${"GLOBALS"}["gpttrgnyhog"]}=info_movie_get_meta("poster_url");${"GLOBALS"}["ozmsmfhkgl"]="imgsrc";${${"GLOBALS"}["teixmphst"]}=episodios_get_meta("poster_serie");if(has_post_thumbnail(${$gxqieeq})){$yrushxfz="pid";${${"GLOBALS"}["shfxxfbbjxjh"]}=get_the_post_thumbnail_url(${$yrushxfz},"full");${"GLOBALS"}["fnmrin"]="thumb";${${"GLOBALS"}["iioomeguk"]}=${${"GLOBALS"}["fnmrin"]};}else{${"GLOBALS"}["ujbjvj"]="posterurl_e";${"GLOBALS"}["rmibdslpga"]="posterurl";if(!empty(${${"GLOBALS"}["rmibdslpga"]})){$nnehgg="imgsrc";${$nnehgg}=${${"GLOBALS"}["soloymdnjou"]};}elseif(!empty(${${"GLOBALS"}["ujbjvj"]})){${"GLOBALS"}["sqgyltp"]="imgsrc";${"GLOBALS"}["nfmhovz"]="posterurl_e";${${"GLOBALS"}["sqgyltp"]}=${${"GLOBALS"}["nfmhovz"]};}else{${"GLOBALS"}["aqyseegd"]="img";${${"GLOBALS"}["aqyseegd"]}=get_template_directory_uri()."/assets/css/img/noimg.png";${"GLOBALS"}["tfevtajbz"]="imgsrc";${${"GLOBALS"}["tfevtajbz"]}=${${"GLOBALS"}["fwdtrphl"]};}}return${${"GLOBALS"}["ozmsmfhkgl"]};}function psy_get_slider_thumb(){$qprxlhu="img";${"GLOBALS"}["gsufxmlps"]="imgsrc";if(get_option("news-module")=="enable"){${${"GLOBALS"}["txofupci"]}="/t/p/w1280/";}else{${${"GLOBALS"}["txofupci"]}="/t/p/original/";}if(${$qprxlhu}=info_movie_get_meta("featureds_img")){${"GLOBALS"}["hzqdqkdkurpu"]="size";$qqrppugpwjt="imgsrc";${$qqrppugpwjt}=str_replace("/t/p/w300/",${${"GLOBALS"}["hzqdqkdkurpu"]},${${"GLOBALS"}["fwdtrphl"]});}elseif(${${"GLOBALS"}["fwdtrphl"]}=info_movie_get_meta("fondo_player")){${"GLOBALS"}["xoskbeyt"]="img";$thepehej="imgsrc";${$thepehej}=str_replace("/t/p/w300/",${${"GLOBALS"}["txofupci"]},${${"GLOBALS"}["xoskbeyt"]});}else{$jmgojndqx="img";${${"GLOBALS"}["fwdtrphl"]}=get_template_directory_uri()."/assets/css/img/noimg.png";${${"GLOBALS"}["iioomeguk"]}=${$jmgojndqx};}return${${"GLOBALS"}["gsufxmlps"]};}function my_searchwp_live_search_configs($configs){${"GLOBALS"}["wqyevh"]="configs";${${"GLOBALS"}["pmxjvbv"]}["home-search"]=array("engine"=>"default","parent_el"=>"#search-homepage-results","input"=>array("delay"=>300,"min_chars"=>3,),"results"=>array("position"=>"bottom","width"=>"css","offset"=>array("x"=>0,"y"=>0),),"spinner"=>array("lines"=>8,"length"=>6,"width"=>5,"radius"=>6,"corners"=>1,"rotate"=>0,"direction"=>1,"color"=>"#000","speed"=>1,"trail"=>60,"shadow"=>false,"hwaccel"=>false,"className"=>"spinner","zIndex"=>2000000000,"top"=>"50%","left"=>"50%",),);return${${"GLOBALS"}["wqyevh"]};}${${"GLOBALS"}["suhdbsapmey"]}=EDD_SL_STORE_URL;if(${${"GLOBALS"}["suhdbsapmey"]}=="https://psythemes.com"){add_filter("searchwp_live_search_configs","my_searchwp_live_search_configs");}function my_searchwp_live_search_posts_per_page(){return 5;}

So they want to protect the codes but its only hex decode.

At least that is not malware or virus,

It takes movies and details from their server.
 
  • Wow
Reactions: anymoment
T

TassieNZ

Premium Uploader and Sometimes Hacker!
Jan 17, 2019
9,017
19,814
120
New Zealand
patrocle said:
" I'm not sure its the staff's pride or he is intentionally sharing it. If you feel ashamed of being pointed out for sharing malware"

sharing malware...
2020-09-09_22-35-43.jpg
@TassieNZ
U can check...and see
Also the file demo data was deleted, from the other tread. Who ever wants the file they can go and buy it from the developer.
Click to expand...
As I said, I will check it in the morning. Issue appears to be only from the demo files, which I have downloaded.

Therefore I am CLOSING this thread, to avoid it becoming a P.O.C. post! I will report back tomorrow. Dinner and bedtime now!!!

TassieNZ :)
 
  • Like
Reactions: Dude and Fukutaro
Status
Not open for further replies.

Similar threads

txdvil
Free Adobe Creative Cloud Collections For 2 Years
Replies
27
Views
3K
General Discussion
elancemo`
E
m3gaw3b
I have some Premium Domains 2-20+ Years Old
Replies
5
Views
685
General Discussion
Mrsam_1
Mrsam_1
Ank
My ISP can Provide 10 years old Browsing history
Replies
2
Views
801
General Discussion
madha11er
madha11er
xCelestialx
Please help me, Relevanssi dont show polylang results.
Replies
0
Views
375
General Discussion
xCelestialx
xCelestialx
Green Ink
  • Locked
Why Some Threads in Marketplace Dont Follow the rules ?
Replies
28
Views
2K
General Discussion
TheViking
TheViking

Latest posts

Forum statistics

Threads
70,170
Messages
916,734
Members
246,709
Latest member
hengky

Share this page

Share this page

About us

  • Our community has been around for many years and pride ourselves on offering unbiased, critical discussion among people of all different backgrounds. We are working every day to make sure our community is one of the best.

Quick Navigation

Forums Contact us

User Menu

Login
Community platform by XenForo © 2010-2022 XenForo Ltd.
Top Bottom