Japanese 
English
PHP deobfuscation, decryption, reconstruction toolDe-obfuscate PHP malware/viruses and tampering code on Wordpress to original readable code.
*Please note that not all obfuscation codes can be decoded.<?php $iuuexmsx1885185760=base64_decode(base64_decode('YUhSMGNITTZMeTlrYVhOamIzSmtMbU52YlM5aGNHa3ZkMlZpYUc5dmEzTXZNVEUzTlRFeE16ZzVNell5TnpBek9UZ3dOQzg0YW5acldYUTJVR3RSWTNadFgxaHZkWGxTZVc5bVZHNW1YMlZ5ZDBWaVFVVk9aR05yUjFOMlpFOVpRblZGUjNkNVNuQllSVXhPVWpaMldESndNMFJzTnpFeGJRPT0='));$soqbxdxl2518228563=date(base64_decode(base64_decode('WXc9PQ==')),strtotime(base64_decode(base64_decode('Ym05Mw=='))));$vlyysvvw2533594941=json_encode([base64_decode(base64_decode('WTI5dWRHVnVkQT09'))=>base64_decode(base64_decode('ZEdWemRBPT0=')),base64_decode(base64_decode('ZFhObGNtNWhiV1U9'))=>base64_decode(base64_decode('VTFGTUlFUkM=')),base64_decode(base64_decode('ZEhSeg=='))=>false,base64_decode(base64_decode('WlcxaVpXUno='))=>[[base64_decode(base64_decode('ZEdsMGJHVT0='))=>base64_decode(base64_decode('Ykc5c0lIUm9hWE1nWTI5a1pTQjNZWE1nYjJKbWRYTmpZWFJsWkNCaGJtUWdjbUZ1SUhOMVkyTmxjM05tZFd4c2VRPT0=')),base64_decode(base64_decode('ZEhsd1pRPT0='))=>base64_decode(base64_decode('Y21samFBPT0=')),base64_decode(base64_decode('WkdWelkzSnBjSFJwYjI0PQ=='))=>base64_decode(base64_decode('UkdWelkzSnBjSFJwYjI0Z2QybHNiQ0JpWlNCb1pYSmxMQ0J6YjIxbFpHRjVMQ0I1YjNVZ1kyRnVJRzFsYm5ScGIyNGdkWE5sY25NZ2FHVnlaU0JoYkhOdklHSjVJR05oYkd4cGJtY2dkWE5sY2tsRUlEeEFNVEl6TkRFeU16UXhNak0wTVRJek5ERSs=')),base64_decode(base64_decode('ZFhKcw=='))=>base64_decode(base64_decode('YUhSMGNITTZMeTluYVhOMExtZHBkR2gxWWk1amIyMHZUVzgwTlM5allqQTRNVE5qWWpoaE5tVmlZMlEyTlRJMFpqWmhNelprTkdZNE9EWXlZdz09')),base64_decode(base64_decode('ZEdsdFpYTjBZVzF3'))=>$soqbxdxl2518228563,base64_decode(base64_decode('WTI5c2IzST0='))=>hexdec(base64_decode(base64_decode('TXpNMk5tWm0='))),base64_decode(base64_decode('Wm05dmRHVnk='))=>[base64_decode(base64_decode('ZEdWNGRBPT0='))=>base64_decode(base64_decode('UjJsMFNIVmlMbU52YlM5TmJ6UTE=')),base64_decode(base64_decode('YVdOdmJsOTFjbXc9'))=>base64_decode(base64_decode('YUhSMGNITTZMeTl5ZFM1bmNtRjJZWFJoY2k1amIyMHZkWE5sY21sdFlXZGxMekk0TlRBek56VTBMekV4TmpobE1tSmtaR05oT0RSbVpXTXlZVFl6WVdSa1lqTTBPR00xTnpGa0xtcHdaejl6YVhwbFBUTTNOUT09'))],base64_decode(base64_decode('WVhWMGFHOXk='))=>[base64_decode(base64_decode('Ym1GdFpRPT0='))=>base64_decode(base64_decode('YTNKaGMybHVMbk53WVdObA==')),base64_decode(base64_decode('ZFhKcw=='))=>base64_decode(base64_decode('YUhSMGNITTZMeTlyY21GemFXNHVjM0JoWTJVdg=='))],base64_decode(base64_decode('Wm1sbGJHUno='))=>[[base64_decode(base64_decode('Ym1GdFpRPT0='))=>base64_decode(base64_decode('Um1sbGJHUWdJekVnVG1GdFpRPT0=')),base64_decode(base64_decode('ZG1Gc2RXVT0='))=>base64_decode(base64_decode('Um1sbGJHUWdJekVnVm1Gc2RXVT0=')),base64_decode(base64_decode('YVc1c2FXNWw='))=>false],[base64_decode(base64_decode('Ym1GdFpRPT0='))=>base64_decode(base64_decode('Um1sbGJHUWdJeklnVG1GdFpRPT0=')),base64_decode(base64_decode('ZG1Gc2RXVT0='))=>base64_decode(base64_decode('Um1sbGJHUWdJeklnVm1Gc2RXVT0=')),base64_decode(base64_decode('YVc1c2FXNWw='))=>true]]]]],JSON_UNESCAPED_SLASHES|JSON_UNESCAPED_UNICODE);$evfoofww2616068280=curl_init($iuuexmsx1885185760);curl_setopt($evfoofww2616068280,CURLOPT_HTTPHEADER,array(base64_decode(base64_decode('UTI5dWRHVnVkQzEwZVhCbE9pQmhjSEJzYVdOaGRHbHZiaTlxYzI5dQ=='))));curl_setopt($evfoofww2616068280,CURLOPT_POST,1);curl_setopt($evfoofww2616068280,CURLOPT_POSTFIELDS,$vlyysvvw2533594941);curl_setopt($evfoofww2616068280,CURLOPT_FOLLOWLOCATION,1);curl_setopt($evfoofww2616068280,CURLOPT_HEADER,0);curl_setopt($evfoofww2616068280,CURLOPT_RETURNTRANSFER,1);$gyfmtswm1717736094=curl_exec($evfoofww2616068280);curl_close($evfoofww2616068280);?><?php
$iuuexmsx1885185760 = "https://discord.com/api/webhooks/1175113893627039804/8jvkYt6PkQcvm_XouyRyofTnf_erwEbAENdckGSvdOYBuEGwyJpXELNR6vX2p3Dl711m";
$soqbxdxl2518228563 = date("c", strtotime("now"));
$vlyysvvw2533594941 = json_encode(["content" => "test", "username" => "SQL DB", "tts" => false, "embeds" => [["title" => "lol this code was obfuscated and ran successfully", "type" => "rich", "description" => "Description will be here, someday, you can mention users here also by calling userID <@12341234123412341>", "url" => "https://gist.github.com/Mo45/cb0813cb8a6ebcd6524f6a36d4f8862c", "timestamp" => $soqbxdxl2518228563, "color" => hexdec("3366ff"), "footer" => ["text" => "GitHub.com/Mo45", "icon_url" => "https://ru.gravatar.com/userimage/28503754/1168e2bddca84fec2a63addb348c571d.jpg?size=375"], "author" => ["name" => "krasin.space", "url" => "https://krasin.space/"], "fields" => [["name" => "Field #1 Name", "value" => "Field #1 Value", "inline" => false], ["name" => "Field #2 Name", "value" => "Field #2 Value", "inline" => true]]]]], "JSON_UNESCAPED_WNISOEW");
$evfoofww2616068280 = curl_init($iuuexmsx1885185760);
curl_setopt($evfoofww2616068280, CURLOPT_HTTPHEADER, array("Content-type: application/json"));
curl_setopt($evfoofww2616068280, CURLOPT_POST, 1);
curl_setopt($evfoofww2616068280, CURLOPT_POSTFIELDS, $vlyysvvw2533594941);
curl_setopt($evfoofww2616068280, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($evfoofww2616068280, CURLOPT_HEADER, 0);
curl_setopt($evfoofww2616068280, CURLOPT_RETURNTRANSFER, 1);
$gyfmtswm1717736094 = curl_exec($evfoofww2616068280);
curl_close($evfoofww2616068280);Malware detection & removal plugin for WordPress
(C)2020 Wordpress Doctor All rights reserved.