Japanese 
English
PHP deobfuscation, decryption, reconstruction toolDe-obfuscate PHP malware/viruses and tampering code on Wordpress to original readable code.
*Please note that not all obfuscation codes can be decoded.<?php
use OTP\Helper\FormList;
use OTP\Helper\FormSessionData;
use OTP\Helper\MoUtility;
use OTP\Objects\FormHandler;
use OTP\Objects\IFormHandler;
use OTP\MoOTPSplClassLoader;
use OTP\LicenseLibrary\Classes\Mo_License_Library;
use OTP\Helper\MoConstants;
if (defined("\101\x42\123\120\101\124\x48")) {
goto Fe;
}
exit;
Fe:
define("\115\x4f\126\137\104\x49\x52", plugin_dir_path(__FILE__));
define("\x4d\x4f\126\137\125\122\114", plugin_dir_url(__FILE__));
$F8 = json_decode(initialize_package_json());
define("\x4d\x4f\126\137\x56\105\x52\123\x49\117\116", $F8->version);
define("\115\117\126\137\x54\x59\120\105", $F8->type);
define("\x4d\x4f\126\x5f\x48\117\x53\x54", $F8->hostname);
define("\115\x4f\126\137\x50\x4f\122\x54\101\x4c", $F8->portal);
define("\x4d\x4f\126\x5f\104\x45\106\x41\125\114\124\x5f\103\125\x53\124\x4f\x4d\x45\x52\113\x45\131", $F8->dcustomerkey);
define("\x4d\x4f\x56\137\104\x45\x46\x41\x55\114\124\137\101\120\111\x4b\x45\x59", $F8->dapikey);
define("\x4d\117\x56\137\x53\123\114\137\x56\105\x52\111\x46\x59", $F8->sslverify);
define("\x4d\x4f\126\x5f\x43\x53\x53\137\125\x52\114", MOV_URL . "\x69\156\143\x6c\x75\x64\145\x73\x2f\143\163\x73\x2f\155\157\137\143\x75\163\164\157\155\145\x72\137\x76\141\x6c\x69\x64\x61\x74\x69\157\x6e\137\x73\x74\171\154\x65\56\155\151\x6e\x2e\x63\163\x73\x3f\166\145\x72\x73\x69\x6f\156\75" . MOV_VERSION);
define("\x4d\117\x56\137\106\117\122\115\137\x43\x53\x53", MOV_URL . "\x69\x6e\x63\x6c\165\144\145\163\57\143\x73\x73\57\155\157\x5f\x66\157\x72\155\x73\137\x63\163\163\56\155\x69\x6e\56\x63\163\163\77\166\x65\162\x73\151\157\x6e\75" . MOV_VERSION);
define("\115\117\x5f\x49\x4e\124\124\105\114\x49\x4e\x50\125\124\137\x43\x53\123", MOV_URL . "\x69\156\143\154\165\144\145\163\x2f\143\163\163\x2f\x69\x6e\164\x6c\x54\145\x6c\x49\x6e\160\165\164\x2e\x6d\x69\156\56\x63\x73\163\77\166\145\162\x73\x69\x6f\x6e\75" . MOV_VERSION);
define("\x4d\117\x56\x5f\112\x53\x5f\125\122\114", MOV_URL . "\151\x6e\143\x6c\x75\x64\145\163\x2f\x6a\163\x2f\163\x65\x74\164\151\156\147\163\56\x6d\x69\156\x2e\x6a\x73\77\166\x65\162\163\151\x6f\x6e\75" . MOV_VERSION);
define("\x56\x41\x4c\111\x44\101\x54\x49\x4f\x4e\x5f\112\123\x5f\125\122\114", MOV_URL . "\x69\156\143\x6c\x75\x64\x65\163\x2f\x6a\x73\x2f\146\x6f\x72\x6d\126\x61\x6c\151\x64\x61\x74\x69\157\x6e\x2e\155\151\x6e\x2e\x6a\x73\x3f\x76\x65\x72\x73\151\x6f\156\75" . MOV_VERSION);
define("\x4d\117\x5f\x49\x4e\124\x54\105\x4c\111\116\x50\x55\x54\137\112\x53", MOV_URL . "\x69\x6e\x63\x6c\x75\144\x65\x73\x2f\x6a\x73\x2f\x69\156\164\154\x54\145\154\x49\156\160\x75\x74\56\155\151\156\56\152\163\77\166\145\162\x73\151\x6f\x6e\x3d" . MOV_VERSION);
define("\x4d\117\137\104\122\117\120\x44\x4f\x57\116\137\x4a\123", MOV_URL . "\x69\156\x63\x6c\x75\144\x65\x73\57\152\163\x2f\144\162\x6f\160\x64\157\x77\156\56\155\151\x6e\x2e\152\163\77\166\x65\162\163\x69\157\156\x3d" . MOV_VERSION);
define("\x4d\x4f\126\x5f\x4c\117\x41\x44\105\x52\x5f\x55\x52\114", MOV_URL . "\151\156\143\x6c\x75\x64\x65\163\57\151\x6d\x61\x67\145\x73\57\x6c\x6f\x61\144\145\x72\56\x67\151\146");
define("\115\x4f\x56\x5f\104\x4f\116\x41\x54\x45", MOV_URL . "\x69\156\x63\154\x75\x64\145\x73\57\151\x6d\x61\x67\x65\x73\x2f\144\x6f\156\x61\x74\x65\x2e\160\x6e\147");
define("\x4d\x4f\x56\x5f\120\101\131\120\x41\114", MOV_URL . "\151\x6e\x63\154\x75\144\145\163\x2f\151\155\x61\x67\145\163\x2f\160\141\171\x70\141\x6c\56\160\156\147");
define("\115\117\x56\x5f\106\x49\x52\x45\102\101\123\x45", MOV_URL . "\151\x6e\143\154\165\x64\145\x73\x2f\151\x6d\141\147\145\163\57\x66\x69\162\145\142\x61\163\145\x2e\x70\x6e\147");
define("\115\x4f\x56\x5f\x4e\105\124\x42\101\116\113", MOV_URL . "\151\x6e\143\x6c\x75\144\x65\163\57\x69\x6d\x61\x67\145\163\57\x6e\x65\164\x62\x61\x6e\153\151\x6e\147\x2e\160\156\147");
define("\x4d\117\126\137\103\x41\x52\104", MOV_URL . "\x69\156\x63\154\x75\144\145\163\57\x69\155\x61\147\x65\x73\x2f\143\x61\162\144\56\160\x6e\x67");
define("\x4d\117\126\x5f\x4c\x4f\x47\x4f\x5f\x55\x52\x4c", MOV_URL . "\151\156\143\154\165\x64\x65\163\57\151\x6d\141\x67\145\x73\57\x6c\157\x67\x6f\x2e\x70\156\x67");
define("\x4d\x4f\x56\x5f\x49\x43\x4f\116", MOV_URL . "\151\156\143\x6c\x75\144\145\163\x2f\x69\155\x61\x67\145\x73\x2f\155\151\x6e\x69\x6f\162\141\156\x67\x65\x5f\151\143\x6f\x6e\56\x70\x6e\x67");
define("\115\117\126\x5f\111\103\117\116\x5f\107\111\x46", MOV_URL . "\x69\x6e\143\x6c\165\144\x65\x73\x2f\151\x6d\x61\147\145\x73\57\x6d\x6f\x5f\x69\143\157\156\56\x67\x69\146");
define("\x4d\117\137\103\125\x53\124\x4f\x4d\x5f\106\x4f\x52\x4d", MOV_URL . "\151\x6e\143\x6c\165\144\x65\x73\57\152\x73\57\x63\165\163\x74\x6f\x6d\106\157\162\155\56\152\x73\77\166\x65\162\x73\x69\157\156\75" . MOV_VERSION);
define("\115\x4f\x56\137\101\104\104\117\x4e\137\x44\111\x52", MOV_DIR . "\x61\x64\x64\157\x6e\x73\x2f");
define("\x4d\117\126\x5f\x55\x53\105\137\120\x4f\114\131\x4c\x41\x4e\107", true);
define("\115\x4f\137\124\105\123\x54\x5f\115\117\104\105", $F8->testmode);
define("\115\x4f\137\x46\101\111\x4c\137\x4d\117\104\105", $F8->failmode);
define("\x4d\x4f\126\x5f\x53\x45\x53\123\111\117\116\137\124\131\120\x45", $F8->session);
define("\x4d\117\x56\x5f\x4d\101\111\114\x5f\x4c\x4f\x47\x4f", MOV_URL . "\151\156\143\x6c\165\x64\145\163\57\x69\x6d\141\147\x65\163\x2f\155\157\x5f\x73\x75\160\160\x6f\162\x74\137\x69\143\x6f\x6e\56\x70\156\147");
define("\115\117\126\137\117\106\106\x45\x52\x53\x5f\114\x4f\x47\117", MOV_URL . "\x69\x6e\143\154\x75\144\145\163\x2f\151\x6d\x61\147\x65\x73\x2f\155\157\137\163\141\154\145\137\x69\143\157\x6e\56\160\x6e\x67");
define("\x4d\117\126\x5f\x46\x45\101\x54\125\x52\x45\x53\x5f\107\122\x41\120\110\x49\x43", MOV_URL . "\151\x6e\x63\x6c\165\x64\145\x73\57\x69\155\141\x67\145\163\57\x6d\157\137\146\145\x61\164\x75\162\x65\163\137\x67\162\x61\x70\x68\151\143\x2e\x70\156\x67");
define("\115\117\x56\x5f\x54\x59\x50\105\x5f\x50\114\101\x4e", $F8->typeplan);
define("\x4d\117\x56\137\x4c\x49\103\105\116\123\105\x5f\x4e\x41\115\x45", $F8->licensename);
define("\115\x4f\126\137\115\101\111\116\x5f\x43\x53\x53", MOV_URL . "\151\156\143\x6c\x75\x64\145\x73\x2f\x63\163\x73\x2f\155\157\x2d\x6d\x61\151\x6e\x2e\155\x69\x6e\56\143\x73\x73");
require "\143\x6c\141\x73\x73\55\x6d\x6f\x6f\x74\x70\x73\160\154\x63\154\141\163\x73\x6c\157\x61\x64\145\162\56\160\x68\x70";
$FF = new MoOTPSplClassLoader("\x4f\x54\120", realpath(__DIR__ . DIRECTORY_SEPARATOR . "\x2e\56"));
$FF->register();
require_once "\166\151\x65\167\x73\x2f\143\x6f\155\155\x6f\156\55\x65\154\145\155\x65\x6e\x74\163\x2e\x70\150\160";
initialize_forms();
if (!file_exists(MOV_DIR . MoConstants::LICENCE_SERVICE_FILE)) {
goto po;
}
new Mo_License_Library();
po:
function initialize_forms()
{
$EH = new RecursiveIteratorIterator(new RecursiveDirectoryIterator(MOV_DIR . "\x68\141\x6e\x64\x6c\145\x72\57\x66\157\162\155\x73", RecursiveDirectoryIterator::SKIP_DOTS), RecursiveIteratorIterator::LEAVES_ONLY);
foreach ($EH as $Zq) {
$d3 = $Zq->getFilename();
$d3 = str_replace("\143\x6c\x61\x73\163\55", '', $d3);
$sG = "\x4f\124\x50\x5c\x48\x61\156\x64\154\145\x72\x5c\106\x6f\162\155\x73\134" . str_replace("\x2e\x70\150\x70", '', $d3);
$Jd = FormList::instance();
$Xk = $sG::instance();
$Jd->add($Xk->get_form_key(), $Xk);
Gs:
}
KL:
}
function admin_post_url()
{
return admin_url("\x61\x64\155\151\x6e\55\x70\x6f\163\x74\x2e\160\x68\x70");
}
function wp_ajax_url()
{
return admin_url("\x61\144\x6d\151\156\x2d\141\152\141\x78\x2e\x70\x68\160");
}
function mo_($CW)
{
$CW = preg_replace("\x2f\x5c\x73\x2b\x2f\x53", "\x20", $CW);
return is_scalar($CW) ? MoUtility::is_polylang_installed() && MOV_USE_POLYLANG ? pll__($CW) : __($CW, "\x6d\151\x6e\151\157\x72\x61\x6e\147\x65\55\x6f\x74\x70\55\x76\145\162\151\x66\151\143\141\164\151\157\x6e") : $CW;
}
function mo_esc_string($CW, $Nf)
{
if ("\x61\164\164\162" === $Nf) {
goto qv;
}
if ("\165\162\154" === $Nf) {
goto L_;
}
goto Q4;
qv:
return esc_attr($CW);
goto Q4;
L_:
return esc_url($CW);
Q4:
return esc_attr($CW);
}
function get_mo_option($CW, $ve = null)
{
$CW = (null === $ve ? "\155\157\137\143\x75\x73\164\x6f\x6d\145\x72\x5f\x76\x61\154\x69\144\141\x74\151\x6f\x6e\137" : $ve) . $CW;
return apply_filters("\x67\x65\x74\137\x6d\x6f\137\157\x70\x74\151\x6f\156", get_site_option($CW));
}
function update_mo_option($CW, $Co, $ve = null)
{
$CW = (null === $ve ? "\155\157\x5f\x63\165\x73\x74\157\x6d\x65\x72\x5f\166\141\x6c\x69\x64\141\x74\151\x6f\x6e\x5f" : $ve) . $CW;
update_site_option($CW, apply_filters("\x75\x70\144\x61\x74\145\137\x6d\x6f\137\x6f\160\164\151\157\156", $Co, $CW));
}
function delete_mo_option($CW, $ve = null)
{
$CW = (null === $ve ? "\155\x6f\137\x63\165\163\x74\x6f\155\x65\162\x5f\x76\141\x6c\x69\144\141\164\x69\x6f\x6e\137" : $ve) . $CW;
delete_site_option($CW);
}
function get_mo_class($bd)
{
$HW = get_class($bd);
return substr($HW, strrpos($HW, "\x5c") + 1);
}
function initialize_package_json()
{
$ry = wp_json_encode(array("\156\x61\155\x65" => "\155\x69\156\x69\x6f\x72\x61\x6e\x67\x65\x2d\157\x74\160\x2d\166\x65\x72\151\x66\151\x63\x61\164\x69\157\x6e\x2d\157\x6e\160\x72\x65\155", "\x76\x65\x72\x73\x69\157\x6e" => "15.2.3", "\x74\171\x70\145" => "\103\x75\x73\x74\157\155\107\x61\164\145\167\x61\171\127\x69\x74\150\x41\144\x64\x6f\x6e\163", "\164\x65\163\x74\x6d\157\144\145" => false, "\x66\141\151\x6c\155\x6f\144\x65" => false, "\150\157\163\x74\x6e\141\155\145" => "\150\x74\x74\160\x73\72\57\57\x6c\157\147\151\x6e\x2e\x78\145\143\165\x72\151\146\171\x2e\x63\157\x6d", "\x70\x6f\162\x74\141\154" => "\x68\164\164\160\163\x3a\57\x2f\160\157\162\164\x61\154\x2e\155\x69\156\151\157\x72\141\156\147\x65\56\143\157\x6d", "\144\143\165\x73\164\x6f\x6d\x65\x72\153\145\x79" => "\61\x36\65\65\65", "\x64\141\160\x69\x6b\145\171" => "\x66\106\144\x32\130\143\166\x54\x47\x44\145\x6d\x5a\166\142\x77\x31\142\x63\x55\x65\163\116\112\127\x45\x71\x4b\142\x62\125\x71", "\x73\163\x6c\x76\x65\162\x69\x66\171" => false, "\x73\145\x73\163\151\157\x6e" => "\x54\122\101\116\x53\x49\105\x4e\x54", "\x74\x79\x70\145\x70\x6c\141\156" => "\x77\160\137\x65\x6d\x61\x69\x6c\x5f\x76\145\162\x69\146\x69\143\141\x74\151\x6f\156\137\151\x6e\164\x72\141\156\145\x74\x5f\x62\141\x73\x69\143\x5f\x70\x6c\x61\x6e", "\154\151\143\x65\156\163\145\156\141\155\145" => "\x57\120\x5f\117\x54\120\x5f\126\x45\x52\111\x46\111\x43\x41\124\x49\117\x4e\137\111\x4e\x54\122\x41\x4e\105\x54\137\120\x4c\x55\x47\111\x4e"));
return $ry;
}<?php
use OTP\Helper\FormList;
use OTP\Helper\FormSessionData;
use OTP\Helper\MoUtility;
use OTP\Objects\FormHandler;
use OTP\Objects\IFormHandler;
use OTP\MoOTPSplClassLoader;
use OTP\LicenseLibrary\Classes\Mo_License_Library;
use OTP\Helper\MoConstants;
if (defined("ABSPATH")) {
define("MOV_DIR", plugin_dir_path("/var/www/html/input.php"));
define("MOV_URL", plugin_dir_url("/var/www/html/input.php"));
$F8 = json_decode(initialize_package_json());
define("MOV_VERSION", $F8->version);
define("MOV_TYPE", $F8->type);
define("MOV_HOST", $F8->hostname);
define("MOV_PORTAL", $F8->portal);
define("MOV_DEFAULT_CUSTOMERKEY", $F8->dcustomerkey);
define("MOV_DEFAULT_APIKEY", $F8->dapikey);
define("MOV_SSL_VERIFY", $F8->sslverify);
define("MOV_CSS_URL", "MOV_URLincludes/css/mo_customer_validation_style.min.css?version=MOV_VERSION");
define("MOV_FORM_CSS", "MOV_URLincludes/css/mo_forms_css.min.css?version=MOV_VERSION");
define("MO_INTTELINPUT_CSS", "MOV_URLincludes/css/intlTelInput.min.css?version=MOV_VERSION");
define("MOV_JS_URL", "MOV_URLincludes/js/settings.min.js?version=MOV_VERSION");
define("VALIDATION_JS_URL", "MOV_URLincludes/js/formValidation.min.js?version=MOV_VERSION");
define("MO_INTTELINPUT_JS", "MOV_URLincludes/js/intlTelInput.min.js?version=MOV_VERSION");
define("MO_DROPDOWN_JS", "MOV_URLincludes/js/dropdown.min.js?version=MOV_VERSION");
define("MOV_LOADER_URL", "MOV_URLincludes/images/loader.gif");
define("MOV_DONATE", "MOV_URLincludes/images/donate.png");
define("MOV_PAYPAL", "MOV_URLincludes/images/paypal.png");
define("MOV_FIREBASE", "MOV_URLincludes/images/firebase.png");
define("MOV_NETBANK", "MOV_URLincludes/images/netbanking.png");
define("MOV_CARD", "MOV_URLincludes/images/card.png");
define("MOV_LOGO_URL", "MOV_URLincludes/images/logo.png");
define("MOV_ICON", "MOV_URLincludes/images/miniorange_icon.png");
define("MOV_ICON_GIF", "MOV_URLincludes/images/mo_icon.gif");
define("MO_CUSTOM_FORM", "MOV_URLincludes/js/customForm.js?version=MOV_VERSION");
define("MOV_ADDON_DIR", "MOV_DIRaddons/");
define("MOV_USE_POLYLANG", true);
define("MO_TEST_MODE", $F8->testmode);
define("MO_FAIL_MODE", $F8->failmode);
define("MOV_SESSION_TYPE", $F8->session);
define("MOV_MAIL_LOGO", "MOV_URLincludes/images/mo_support_icon.png");
define("MOV_OFFERS_LOGO", "MOV_URLincludes/images/mo_sale_icon.png");
define("MOV_FEATURES_GRAPHIC", "MOV_URLincludes/images/mo_features_graphic.png");
define("MOV_TYPE_PLAN", $F8->typeplan);
define("MOV_LICENSE_NAME", $F8->licensename);
define("MOV_MAIN_CSS", "MOV_URLincludes/css/mo-main.min.css");
require "class-mootpsplclassloader.php";
$FF = new MoOTPSplClassLoader("OTP", realpath("/var/www/htmlDIRECTORY_SEPARATOR.."));
$FF->register();
require_once "views/common-elements.php";
initialize_forms();
if (!file_exists(MOV_DIR . MoConstants::LICENCE_SERVICE_FILE)) {
goto po;
}
new Mo_License_Library();
po:
function initialize_forms()
{
$EH = new RecursiveIteratorIterator(new RecursiveDirectoryIterator("MOV_DIRhandler/forms", RecursiveDirectoryIterator::SKIP_DOTS), RecursiveIteratorIterator::LEAVES_ONLY);
foreach ($EH as $Zq) {
$d3 = $Zq->getFilename();
$d3 = str_replace("class-", '', $d3);
$sG = "OTP\\Handler\\Forms\\" . str_replace(".php", '', $d3);
$Jd = FormList::instance();
$Xk = $sG::instance();
$Jd->add($Xk->get_form_key(), $Xk);
}
}
function admin_post_url()
{
return admin_url("admin-post.php");
}
function wp_ajax_url()
{
return admin_url("admin-ajax.php");
}
function mo_($CW)
{
$CW = preg_replace("/\\s+/S", " ", $CW);
return is_scalar($CW) ? MoUtility::is_polylang_installed() && MOV_USE_POLYLANG ? pll__($CW) : __($CW, "miniorange-otp-verification") : $CW;
}
function mo_esc_string($CW, $Nf)
{
if ("attr" === $Nf) {
return esc_attr($CW);
}
if ("url" === $Nf) {
return esc_url($CW);
}
return esc_attr($CW);
}
function get_mo_option($CW, $ve = null)
{
$CW = (null === $ve ? "mo_customer_validation_" : $ve) . $CW;
return apply_filters("get_mo_option", get_site_option($CW));
}
function update_mo_option($CW, $Co, $ve = null)
{
$CW = (null === $ve ? "mo_customer_validation_" : $ve) . $CW;
update_site_option($CW, apply_filters("update_mo_option", $Co, $CW));
}
function delete_mo_option($CW, $ve = null)
{
$CW = (null === $ve ? "mo_customer_validation_" : $ve) . $CW;
delete_site_option($CW);
}
function get_mo_class($bd)
{
$HW = get_class($bd);
return substr($HW, strrpos($HW, "\\") + 1);
}
function initialize_package_json()
{
$ry = wp_json_encode(array("name" => "miniorange-otp-verification-onprem", "version" => "15.2.3", "type" => "CustomGatewayWithAddons", "testmode" => false, "failmode" => false, "hostname" => "https://login.xecurify.com", "portal" => "https://portal.miniorange.com", "dcustomerkey" => "16555", "dapikey" => "fFd2XcvTGDemZvbw1bcUesNJWEqKbbUq", "sslverify" => false, "session" => "TRANSIENT", "typeplan" => "wp_email_verification_intranet_basic_plan", "licensename" => "WP_OTP_VERIFICATION_INTRANET_PLUGIN"));
return $ry;
}
// [PHPDeobfuscator] Implied script end
return;
}
exit;Malware detection & removal plugin for WordPress
(C)2020 Wordpress Doctor All rights reserved.