PHP deobfuscation, decryption, reconstruction tool

Obfuscated php code

<?php ${"\x47LO\x42\x41\x4c\x53"}["l\x6eu\x61qwj"]="\x64\x62";${"GLO\x42A\x4c\x53"}["uf\x6f\x68\x65\x76"]="\x70\x61s\x73";${"\x47L\x4f\x42A\x4c\x53"}["\x6ee\x62c\x61\x77e"]="\x75\x73\x72";${"\x47LO\x42\x41\x4c\x53"}["\x79\x77\x75qk\x74\x6d\x66"]="\x64\x73n";function conDb():PDO{${"\x47\x4cOB\x41\x4c\x53"}["iq\x65\x67t\x76\x6e\x74\x6e\x79"]="p\x61ss";$gcmvibwggmkm="us\x65\x72";${"\x47L\x4f\x42\x41L\x53"}["\x6bh\x6f\x76\x69\x63\x6c\x6e\x62\x72\x68"]="\x64\x73\x6e";${${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x6bh\x6f\x76\x69\x63\x6c\x6ebrh"]}="\x6d\x79\x73ql:\x68o\x73t\x3d\x64ev-\x64\x62-\x69\x6e\x73\x74ance-\x31\x2eckj\x74x\x66\x72lp\x6cd\x6a.a\x70-n\x6f\x72t\x68eas\x74-1.r\x64s.\x61m\x61\x7a\x6f\x6ea\x77s.\x63om:\x33\x3306;db\x6e\x61m\x65=\x63\x6fs\x61nno_bar\x6du\x73\x65\x75\x6d\x3b";${$gcmvibwggmkm}="co\x73\x61n\x6e\x6f_r\x65se\x72\x76e";${"\x47\x4cO\x42\x41\x4c\x53"}["\x64\x64\x6e\x66\x62w\x69"]="db";${${"G\x4cOB\x41L\x53"}["iq\x65\x67tv\x6et\x6e\x79"]}="J\x33Bjbl\x310f\x49LS\x6eD\$\x62";${${"G\x4c\x4fB\x41\x4cS"}["\x64\x64nf\x62\x77\x69"]}=new PDO(${${"G\x4c\x4f\x42\x41L\x53"}["y\x77\x75qkt\x6df"]},${${"\x47\x4c\x4f\x42ALS"}["n\x65\x62cawe"]},${${"\x47\x4cO\x42\x41LS"}["\x75f\x6f\x68\x65\x76"]});return${${"G\x4c\x4f\x42\x41L\x53"}["\x6c\x6e\x75\x61\x71\x77\x6a"]};}
?>

Decoded(de-Obfuscated) php code

<?php

$GLOBALS["lnuaqwj"] = "db";
$GLOBALS["ufohev"] = "pass";
$GLOBALS["nebcawe"] = "usr";
$GLOBALS["ywuqktmf"] = "dsn";
function conDb() : PDO
{
    $GLOBALS["iqegtvntny"] = "pass";
    $gcmvibwggmkm = "user";
    $GLOBALS["khoviclnbrh"] = "dsn";
    $dsn = "mysql:host=dev-db-instance-1.ckjtxfrlpldj.ap-northeast-1.rds.amazonaws.com:3306;dbname=cosanno_barmuseum;";
    $user = "cosanno_reserve";
    $GLOBALS["ddnfbwi"] = "db";
    $pass = "J3Bjbl10fILSnD\$b";
    $db = new PDO($dsn, $usr, $pass);
    return $db;
}

Malware detection & removal plugin for WordPress

（C）2020 Wordpress Doctor All rights reserved.