Japanese 
English
PHP deobfuscation, decryption, reconstruction toolDe-obfuscate PHP malware/viruses and tampering code on Wordpress to original readable code.
*Please note that not all obfuscation codes can be decoded.<?php
/*
* Plugin Name: miniOrange Laravel SAML 2.0 Connector
* Version: 11.0.0
* Author: miniOrange
*/
if (isset($_SESSION)) {
goto aj1;
}
session_start();
aj1:
if (is_dir($_SERVER["\104\x4f\x43\x55\115\x45\116\124\137\x52\117\117\124"] . "\x2f\155\151\156\151\157\162\141\x6e\x67\x65\x2f\163\163\x6f")) {
goto HjI;
}
$CI = array("\57\151\x6e\143\154\165\144\145\x73", "\x2f\x72\x65\163\x6f\165\x72\143\145\x73");
foreach ($CI as $b2) {
$q0 = __DIR__ . $b2;
$ow = public_path() . "\x2f\x6d\151\x6e\x69\x6f\162\x61\x6e\x67\x65\x2f\163\x73\x6f" . $b2;
recurse_copy($q0, $ow);
LTY:
}
v67:
HjI:
if (!isset($_SESSION)) {
goto ysC;
}
if (is_user_registered() == NULL) {
goto JNt;
}
header("\x4c\x6f\x63\141\x74\x69\157\156\x3a\x20\141\x64\x6d\x69\156\x5f\x6c\x6f\147\x69\x6e\x2e\160\150\160");
exit;
goto ImE;
JNt:
header("\114\157\x63\x61\x74\x69\157\x6e\x3a\x20\162\145\147\x69\163\164\145\162\56\x70\150\160");
exit;
ImE:
ysC:<?php
/*
* Plugin Name: miniOrange Laravel SAML 2.0 Connector
* Version: 11.0.0
* Author: miniOrange
*/
if (isset($_SESSION)) {
goto aj1;
}
session_start();
aj1:
if (is_dir($_SERVER["DOCUMENT_ROOT"] . "/miniorange/sso")) {
goto HjI;
}
$CI = array("/includes", "/resources");
foreach ($CI as $b2) {
$q0 = "/var/www/html" . $b2;
$ow = public_path() . "/miniorange/sso" . $b2;
recurse_copy($q0, $ow);
}
HjI:
if (!isset($_SESSION)) {
// [PHPDeobfuscator] Implied script end
return;
}
if (is_user_registered() == NULL) {
header("Location: register.php");
exit;
}
header("Location: admin_login.php");
exit;Malware detection & removal plugin for WordPress
(C)2020 Wordpress Doctor All rights reserved.