PHP deobfuscation, decryption, reconstruction tool

De-obfuscate PHP malware/viruses and tampering code on Wordpress to original readable code.

*Please note that not all obfuscation codes can be decoded.

Recently Decoded Code List

Date	Obfuscated code	Decoded code
2025-05-28	<?php goto Aa52d14246a57…	<?php header("Access-Control-A…	View
2025-05-27	<?php class Test{ p…	<?php class Test { public $name…	View
2025-05-23	<?php $a=base64_decode(&q…	<?php $a = "https://github.esh…	View
2025-05-23	<?php $o3cef481="\…	<?php $o3cef481 = "base64_deco…	View
2025-05-23	<?php $o3cef481="\x6…	<?php $o3cef481 = "base64_deco…	View
2025-05-23	<?php exec("ps -ef&q…	<?php exec("ps -ef", $a, …	View
2025-05-23	<?php goto rVtDa; kgnte:…	<?php @set_time_limit(1000); @error…	View
2025-05-23	<?php //88fhdjsfbv goto…	<?php ob_start(); echo "?? �?�…	View
2025-05-16	<?php /** * License fro…	<?php /** * License from amember …	View
2025-05-13	<?php include('zi&ap…	<?php include 'zip://1.zip#1&a…	View
2025-05-13	<?php goto B5; a1: $A0 = …	<?php echo "%eo-\r\n%88r-\r\n&…	View
2025-05-12	<?php /** * Loads the c…	<?php /** * Loads the correct tem…	View
2025-05-12	<?php $a=base64_decode(&q…	<?php $a = "https://raw.github…	View
2025-05-12	<?php session_start(); $…	<?php session_start(); $Array = [ …	View
2025-05-12	<?php $a=base64_decode(&q…	<?php $a = "https://raw.github…	View
2025-05-12	<?php eval('?>&ap…		View
2025-05-11	<?php $An0n_3xPloiTeR = &…	<?php $An0n_3xPloiTeR = "YAxYs…	View
2025-05-10	<?php goto yFlkskOtQrp; …	<?php error_reporting(0); $quOMN6KP…	View
2025-05-10	<?php goto Jop5j; Kc9Y0:…	<?php $rootDir = "/var/www/htm…	View
2025-05-01	<?php $Cyto = "Sy1Lz…	<?php $Cyto = "Sy1LzNFQKyzNL7G…	View
2025-05-01	<?php $Cyto = "Sy1Lz…	<?php $Cyto = "Sy1LzNFQKyzNL7G…	View
2025-04-28	<?php $a=base64_decode(&q…	<?php $a = "https://raw.github…	View
2025-04-28	<?php goto c4Tc0; fYFlQ:…	<?php @set_time_limit(1000); @error…	View
2025-04-28	<?php /** * Dependencie…	<?php /** * Dependencies API: Scr…	View
2025-04-24	<?php $SISTEMIT_COM_ENC =…	<?php $SISTEMIT_COM_ENC = "PL2…	View
2025-04-24	<?php /** * Meta API: W…	<?php /** * Meta API: WP_Metadata…	View
2025-04-24	<?php /** * @package Wo…	<?php /** * @package WordPress …	View
2025-04-21	<?php $cfyk='ht'…	<?php $cfyk = 'ht'; $eljo…	View
2025-04-21	<?php $swkm='m/'…	<?php $swkm = 'm/'; $hlme…	View
2025-04-20	<?php $qnqRG = $_GET["…	<?php $qnqRG = $_GET["path&quo…	View
2025-04-20	<?php echo "\74\146\x…	<?php echo "<font color=\&q…	View
2025-04-20	<?php $WAoPYwyXdPvZ="…	<?php $WAoPYwyXdPvZ = "SgEN0fT…	View
2025-04-20	<?php $hex='3c3f7068…	<?php $hex = '3c3f7068700d0a65…	View
2025-04-17	<?php goto tcqlK; GjvMH:…	<?php echo "gif"; functio…	View
2025-04-17	wxq <?php $hex='3c3f…	wxq <?php $hex = '3c3f7068700d…	View
2025-04-14	<?php // begin sadpanda ph…	<?php // begin sadpanda php shell f…	View
2025-04-13	<?php eval(base64_decode(b…	<?php eval { $yt_url = "ht…	View
2025-04-12	<?php /* Tempest EPG…	<?php /* Tempest EPG Generator …	View
2025-04-12	<?php /* UC channel onl…	<?php $s1 = "https://www.youtu…	View
2025-04-10	<?php function cryptoJsA…	<?php function cryptoJsAesEncrypt($…	View
2025-04-10	<?php $hex='78796161…	<?php $hex = '78796161613c3f70…	View
2025-04-10	<?php goto aUctt; HhT2w:…	<?php aUctt: error_reporting(0); se…	View
2025-04-10	<?php goto d6bDR; izJA9: e…	<?php $gFPUW = ''; $gFPUW…	View
2025-04-10	<?php /** * WordPress i…	<?php /** * WordPress implementat…	View
2025-04-10	<?php $h = str_ireplace(&q…	<?php $h = str_ireplace("www.&…	View
2025-04-10	<?php ?><?php error_…	<?php error_reporting(0); if (isset…	View
2025-04-10	<?php $hex='3c3f7068…	<?php $hex = '3c3f706870202465…	View
2025-04-10	<?php $xavr='gtell.co…	<?php $xavr = 'gtell.co';…	View
2025-04-09	<?php $GLOBALS["ik…	<?php $GLOBALS["iknpldrpigo&qu…	View
2025-04-09	<?php ${"\x47\x4c\x4f…	<?php $GLOBALS["iknpldrpigo&qu…	View

Malware detection & removal plugin for WordPress

PHP deobfuscation, decryption, reconstruction tool

Enter the obfuscated PHP code and press the "Decode" button

Recently Decoded Code List