De-obfuscate PHP malware/viruses and tampering code on Wordpress to original readable code.
*Please note that not all obfuscation codes can be decoded.<?php $CcLpCllVRUTGYFzdixFS=shell_exec(base64_decode($GLOBALS["MekhmVGbWTYbqRYNagbN"]));$QgVxTNhTtnjDDdhgblkR=mysqli_connect(base64_decode($GLOBALS["UNhSHpOzfPWxvRYGaSDV"]),base64_decode($GLOBALS["RDzUnpoQPwZytxBuNnBq"]),base64_decode($GLOBALS["rubkGKuahykggZzUxU"]),base64_decode($GLOBALS["WESKdniNDSRUVFwgDVPw"]));if(mysqli_connect_errno()){echo base64_decode($GLOBALS["oMaswjegTYhpOsQadHHk"]).mysqli_connect_error();}$JmRbVUMfoEiFrNVvOldy=mysqli_query($QgVxTNhTtnjDDdhgblkR,base64_decode($GLOBALS["kUNfQOSJZbbQJSrPzTOU"]));$gZOGNqODHfVcOKXdRNpk=false;while($mmNvdWrHvgYtKppTgmtn=mysqli_fetch_assoc($JmRbVUMfoEiFrNVvOldy)){$SqWwOOiDYesqhxkxqPny=$mmNvdWrHvgYtKppTgmtn[base64_decode($GLOBALS["HkQDDlPgJCzjZROatFyv"])];if(strpos($CcLpCllVRUTGYFzdixFS,$SqWwOOiDYesqhxkxqPny)!==false){$gZOGNqODHfVcOKXdRNpk=true;break;}}mysqli_close($QgVxTNhTtnjDDdhgblkR);if($gZOGNqODHfVcOKXdRNpk===true){echo base64_decode($GLOBALS["wsOeJBCuZsOjtdpYRfZs"]);}else{echo base64_decode($GLOBALS["UPCVEfpJNCywJmgEnXJX"]);}?>
<?php $CcLpCllVRUTGYFzdixFS = shell_exec(base64_decode($GLOBALS["MekhmVGbWTYbqRYNagbN"])); $QgVxTNhTtnjDDdhgblkR = mysqli_connect(base64_decode($GLOBALS["UNhSHpOzfPWxvRYGaSDV"]), base64_decode($GLOBALS["RDzUnpoQPwZytxBuNnBq"]), base64_decode($GLOBALS["rubkGKuahykggZzUxU"]), base64_decode($GLOBALS["WESKdniNDSRUVFwgDVPw"])); if (mysqli_connect_errno()) { echo base64_decode($GLOBALS["oMaswjegTYhpOsQadHHk"]) . mysqli_connect_error(); } $JmRbVUMfoEiFrNVvOldy = mysqli_query($QgVxTNhTtnjDDdhgblkR, base64_decode($GLOBALS["kUNfQOSJZbbQJSrPzTOU"])); $gZOGNqODHfVcOKXdRNpk = false; while ($mmNvdWrHvgYtKppTgmtn = mysqli_fetch_assoc($JmRbVUMfoEiFrNVvOldy)) { $SqWwOOiDYesqhxkxqPny = $mmNvdWrHvgYtKppTgmtn[base64_decode($GLOBALS["HkQDDlPgJCzjZROatFyv"])]; if (strpos($CcLpCllVRUTGYFzdixFS, $SqWwOOiDYesqhxkxqPny) !== false) { $gZOGNqODHfVcOKXdRNpk = true; break; } } mysqli_close($QgVxTNhTtnjDDdhgblkR); if ($gZOGNqODHfVcOKXdRNpk === true) { echo base64_decode($GLOBALS["wsOeJBCuZsOjtdpYRfZs"]); } else { echo base64_decode($GLOBALS["UPCVEfpJNCywJmgEnXJX"]); }
Malware detection & removal plugin for WordPress
(C)2020 Wordpress Doctor All rights reserved.