PHP deobfuscation, decryption, reconstruction tool

De-obfuscate PHP malware/viruses and tampering code on Wordpress to original readable code.

*Please note that not all obfuscation codes can be decoded.

Decoded the code below.

<?php namespace cdI8H\I7VK1\fq7q7\LLzot; use cDi8h\I7vk1\FQ7q7\TD1Km; use cDi8H\jDDSk\BSh4H; use QnYlf\I7VK1\SOi8l; class Dm3ll extends tD1KM { public $etbNL = null; public $wGWEV = 0; public $RoNT_; public function __construct(SoI8L $KJL1k) { goto mGnnW; fI_OF: nEMHh: goto rqe6t; Rt1dT: if (!$rh...

Obfuscated php code

<?php
 namespace cdI8H\I7VK1\fq7q7\LLzot; use cDi8h\I7vk1\FQ7q7\TD1Km; use cDi8H\jDDSk\BSh4H; use QnYlf\I7VK1\SOi8l; class Dm3ll extends tD1KM { public $etbNL = null; public $wGWEV = 0; public $RoNT_; public function __construct(SoI8L $KJL1k) { goto mGnnW; fI_OF: nEMHh: goto rqe6t; Rt1dT: if (!$rhzMD) { goto nEMHh; } goto neQZs; mGnnW: $this->RoNT_ = new bsH4H(); goto Nf2DN; Nf2DN: $rhzMD = $KJL1k->Vgl3M()->get("\141\x64\x6d\x69\x6e"); goto Rt1dT; neQZs: $this->etbNL = $rhzMD; goto mv3U1; mv3U1: $this->wGWEV = $rhzMD->id; goto fI_OF; rqe6t: } }

Decoded(de-Obfuscated) php code

<?php

namespace cdI8H\I7VK1\fq7q7\LLzot;

use cDi8h\I7vk1\FQ7q7\TD1Km;
use cDi8H\jDDSk\BSh4H;
use QnYlf\I7VK1\SOi8l;
class Dm3ll extends tD1KM
{
    public $etbNL = null;
    public $wGWEV = 0;
    public $RoNT_;
    public function __construct(SoI8L $KJL1k)
    {
        $this->RoNT_ = new bsH4H();
        $rhzMD = $KJL1k->Vgl3M()->get("admin");
        if (!$rhzMD) {
            goto nEMHh;
        }
        $this->etbNL = $rhzMD;
        $this->wGWEV = $rhzMD->id;
        nEMHh:
    }
}

Malware detection & removal plugin for WordPress