Japanese English

PHP deobfuscation, decryption, reconstruction tool

De-obfuscate PHP malware/viruses and tampering code on Wordpress to original readable code.

*Please note that not all obfuscation codes can be decoded.

Decoded the code below.

<?php namespace Mgt\Varnish\Controller\Adminhtml\Purge; class Single extends \Magento\Backend\App\Action { public function execute() { goto d4488; E94c0: goto D108b; goto C3792; B9c1b: D108b: goto Aab48; d1f77: try { goto C30a5; f32cf: $cachePurger->purgeUrlRequest($url); goto C6a87; C30a5: $c...



Obfuscated php code

<?php
 namespace Mgt\Varnish\Controller\Adminhtml\Purge; class Single extends \Magento\Backend\App\Action { public function execute() { goto d4488; E94c0: goto D108b; goto C3792; B9c1b: D108b: goto Aab48; d1f77: try { goto C30a5; f32cf: $cachePurger->purgeUrlRequest($url); goto C6a87; C30a5: $cachePurger = $this->_objectManager->get("\x5c\x4d\x61\x67\145\156\x74\157\x5c\x43\x61\143\x68\x65\x49\x6e\x76\x61\x6c\151\x64\141\x74\145\x5c\115\157\144\x65\x6c\134\120\165\x72\x67\x65\x43\x61\x63\150\x65"); goto f32cf; C6a87: $this->messageManager->addSuccessMessage(sprintf("\125\x52\x4c\x20\x22\45\163\42\x20\150\141\163\40\142\145\145\x6e\40\160\165\x72\x67\145\x64\40\146\162\157\x6d\40\126\141\162\x6e\x69\x73\x68\x20\x43\x61\143\150\x65", $url)); goto E50a3; E50a3: } catch (\Exception $e) { $errorMessage = $e->getMessage(); $this->messageManager->addErrorMessage($errorMessage); } goto B9c1b; cfc65: $this->messageManager->addErrorMessage("\x53\151\156\x67\x6c\145\40\x50\165\162\x67\145\x20\x55\162\x6c\40\x63\x61\156\156\157\x74\x20\x62\145\40\x65\x6d\x70\164\x79"); goto E94c0; C3792: D766c: goto d1f77; Aab48: $resultRedirect = $this->resultRedirectFactory->create(); goto d44d3; e7485: if ($url) { goto D766c; } goto cfc65; d44d3: return $resultRedirect->setPath("\141\x64\x6d\151\x6e\150\x74\155\x6c\57\143\x61\143\x68\145\57\151\x6e\144\145\x78"); goto dbd84; d4488: $request = $this->getRequest(); goto A65b9; A65b9: $url = trim($request->getParam("\165\x72\x6c")); goto e7485; dbd84: } }

Decoded(de-Obfuscated) php code

<?php

namespace Mgt\Varnish\Controller\Adminhtml\Purge;

class Single extends \Magento\Backend\App\Action
{
    public function execute()
    {
        $request = $this->getRequest();
        $url = trim($request->getParam("url"));
        if ($url) {
            try {
                $cachePurger = $this->_objectManager->get("\\Magento\\CacheInvalidate\\Model\\PurgeCache");
                $cachePurger->purgeUrlRequest($url);
                $this->messageManager->addSuccessMessage(sprintf("URL \"%s\" has been purged from Varnish Cache", $url));
            } catch (\Exception $e) {
                $errorMessage = $e->getMessage();
                $this->messageManager->addErrorMessage($errorMessage);
            }
            goto B9c1b;
        }
        $this->messageManager->addErrorMessage("Single Purge Url cannot be empty");
        B9c1b:
        $resultRedirect = $this->resultRedirectFactory->create();
        return $resultRedirect->setPath("adminhtml/cache/index");
    }
}

Malware detection & removal plugin for WordPress

(C)2020 Wordpress Doctor All rights reserved.