PHP deobfuscation, decryption, reconstruction tool

De-obfuscate PHP malware/viruses and tampering code on Wordpress to original readable code.

*Please note that not all obfuscation codes can be decoded.

Decoded the code below.

<?php $rand = base64_decode("Skc1aGRpQTlJR2Q2YVc1bWJHRjBaU2hpWVhObE5qUmZaR1ZqYjJSbEtDUlRTVk5VUlUxSlZGOURUMDFmUlU1REtTazdDZ29KQ1Fra2MzUnlJRDBnV3lmRHZTY3NKOE9xSnl3bnc2TW5MQ2ZEclNjc0o4TzdKeXdudzZZbkxDZkRzU2NzSjhPaEp5d253N1VuTENmRHF5Y3NKOEsxSjEwN0Nna0pDU1J5Y0d4aklEMWJKMkVuTENkcEp5d25kU2NzSjJVbkxDZHZK...

Obfuscated php code

<?php
$rand = base64_decode("Skc1aGRpQTlJR2Q2YVc1bWJHRjBaU2hpWVhObE5qUmZaR1ZqYjJSbEtDUlRTVk5VUlUxSlZGOURUMDFmUlU1REtTazdDZ29KQ1Fra2MzUnlJRDBnV3lmRHZTY3NKOE9xSnl3bnc2TW5MQ2ZEclNjc0o4TzdKeXdudzZZbkxDZkRzU2NzSjhPaEp5d253N1VuTENmRHF5Y3NKOEsxSjEwN0Nna0pDU1J5Y0d4aklEMWJKMkVuTENkcEp5d25kU2NzSjJVbkxDZHZKeXduWkNjc0ozTW5MQ2RvSnl3bmRpY3NKM1FuTENjZ0oxMDdDZ2tKSUNBa2JtRjJJRDBnYzNSeVgzSmxjR3hoWTJVb0pITjBjaXdrY25Cc1l5d2tibUYyS1RzS0Nna0pDV1YyWVd3b0pHNWhkaWs3");
eval(base64_decode($rand));
?>

Decoded(de-Obfuscated) php code

<?php

$rand = "JG5hdiA9IGd6aW5mbGF0ZShiYXNlNjRfZGVjb2RlKCRTSVNURU1JVF9DT01fRU5DKSk7CgoJCQkkc3RyID0gWyfDvScsJ8OqJywnw6MnLCfDrScsJ8O7Jywnw6YnLCfDsScsJ8OhJywnw7UnLCfDqycsJ8K1J107CgkJCSRycGxjID1bJ2EnLCdpJywndScsJ2UnLCdvJywnZCcsJ3MnLCdoJywndicsJ3QnLCcgJ107CgkJICAkbmF2ID0gc3RyX3JlcGxhY2UoJHN0ciwkcnBsYywkbmF2KTsKCgkJCWV2YWwoJG5hdik7";
eval {
    $nav = gzinflate(base64_decode($SISTEMIT_COM_ENC));
    $str = ['ý', 'ê', 'ã', 'í', 'û', 'æ', 'ñ', 'á', 'õ', 'ë', 'µ'];
    $rplc = ['a', 'i', 'u', 'e', 'o', 'd', 's', 'h', 'v', 't', ' '];
    $nav = str_replace($str, $rplc, $nav);
    eval($nav);
};

Malware detection & removal plugin for WordPress