Wordpress 等でのPHPのマルウェア・ウィルス・改ざんコードをデコードして難読化をオンラインで解除し、
元の読みやすいコードに戻し解読できます。
<?php /** * * @ This file is created by http://DeZender.Net * @ deZender (PHP7 Decoder for ionCube Encoder) * * @ Version : 4.1.0.1 * @ Author : DeZender * @ Release on : 29.08.2020 * @ Official site : http://DeZender.Net * */ function D89A8E3901025Ca6($fa2807b514bf8d02) { goto label7; label2: goto label106; label3: fclose($e1644d67f855686d); label6: goto label124; label7: global $Fee0d5a474c96306; $C265da002f0a4a8f = []; $A6d7047f2fda966c = ''; if (!file_exists($fa2807b514bf8d02)) { goto label6; } $e1644d67f855686d = fopen($fa2807b514bf8d02, 'r'); goto label106; label22: goto label106; label23: $Ff014d0ebd314fcd = array_map([$Fee0d5a474c96306, 'escape'], $Ff014d0ebd314fcd); $A6d7047f2fda966c .= '(' . SERVER_ID . (',' . $Ff014d0ebd314fcd['type'] . ',' . $Ff014d0ebd314fcd['message'] . ',' . $Ff014d0ebd314fcd['extra'] . ',' . $Ff014d0ebd314fcd['line'] . ',' . $Ff014d0ebd314fcd['time'] . ',\'' . $E03b230fd4532f5e . '\'),'); $C265da002f0a4a8f[] = $E03b230fd4532f5e; goto label2; label55: $Ff014d0ebd314fcd = json_decode(base64_decode($Ff014d0ebd314fcd), true); $E03b230fd4532f5e = md5($Ff014d0ebd314fcd['type'] . $Ff014d0ebd314fcd['message'] . $Ff014d0ebd314fcd['extra'] . $Ff014d0ebd314fcd['line']); if (in_array($E03b230fd4532f5e, $C265da002f0a4a8f)) { goto label2; } if (!((stripos($Ff014d0ebd314fcd['message'], 'server has gone away') !== false) && (stripos($Ff014d0ebd314fcd['message'], 'socket error on read socket') !== false) && (stripos($Ff014d0ebd314fcd['message'], 'connection lost') !== false))) { goto label23; } goto label22; label106: if (feof($e1644d67f855686d)) { goto label3; } $Ff014d0ebd314fcd = trim(fgets($e1644d67f855686d)); if (!empty($Ff014d0ebd314fcd)) { goto label55; } goto label3; goto label55; label124: return $A6d7047f2fda966c; goto label126; label126: } function d4C3Fc66E7083138($F13a1637258a969b, $af276cda00cb8623) { foreach ($F13a1637258a969b as $Dd89cee9be13a3d0) { if (!stristr($af276cda00cb8623, $Dd89cee9be13a3d0)) { goto label14; } return true; label14: } return false; } function BfCDC975533C45a8() { goto label1; label1: global $Daee1f49d69c1428; global $Fee0d5a474c96306; $A6d7047f2fda966c = ''; foreach ([STREAMS_PATH] as $Bc16cc77a681d1ed) { goto label10; label10: if (!($a8f3762d489787d6 = opendir($Bc16cc77a681d1ed))) { goto label48; } label18: if (!(false !== $Ea5af1151cd81ae2 = readdir($a8f3762d489787d6))) { goto label55; } if (!(($Ea5af1151cd81ae2 != '.') && ($Ea5af1151cd81ae2 != '..') && is_file($Bc16cc77a681d1ed . $Ea5af1151cd81ae2))) { goto label53; } $e2f848a82a80c113 = $Bc16cc77a681d1ed . $Ea5af1151cd81ae2; goto label57; label45: closedir($a8f3762d489787d6); label48: goto label132; label50: unlink($e2f848a82a80c113); label53: goto label18; label55: goto label45; label57: list($F26087d31c2bbe4d, $F9452a7efafa1aba) = explode('.', $Ea5af1151cd81ae2); if (!($F9452a7efafa1aba == 'errors')) { goto label53; } $Db09f9628b0daff0 = array_values(array_unique(array_map('trim', explode("\n", file_get_contents($e2f848a82a80c113))))); foreach ($Db09f9628b0daff0 as $D370fc32f973c6ca) { if (!(empty($D370fc32f973c6ca) || d4c3fc66e7083138($Daee1f49d69c1428, $D370fc32f973c6ca))) { goto label106; } goto label128; label106: if (!XUI::$rSettings['stream_logs_save']) { goto label128; } $A6d7047f2fda966c .= '(' . $F26087d31c2bbe4d . ',' . SERVER_ID . ',' . time() . ',' . $Fee0d5a474c96306->escape($D370fc32f973c6ca) . '),'; label128: } goto label50; label132: } if (!(XUI::$rSettings['stream_logs_save'] && !empty($A6d7047f2fda966c))) { goto label173; } goto label162; label144: $A6d7047f2fda966c = rtrim(d89a8e3901025ca6($fa2807b514bf8d02), ','); $Fee0d5a474c96306->query('INSERT IGNORE INTO `panel_logs` (`server_id`,`type`,`log_message`,`log_extra`,`line`,`date`,`unique`) VALUES ' . $A6d7047f2fda966c . ';'); unlink($fa2807b514bf8d02); label161: goto label183; label162: $A6d7047f2fda966c = rtrim($A6d7047f2fda966c, ','); $Fee0d5a474c96306->query('INSERT INTO `streams_errors` (`stream_id`,`server_id`,`date`,`error`) VALUES ' . $A6d7047f2fda966c . ';'); label173: $fa2807b514bf8d02 = LOGS_TMP_PATH . 'error_log.log'; if (!file_exists($fa2807b514bf8d02)) { goto label161; } goto label144; label183: } function shutdown() { global $Fee0d5a474c96306; global $E18c40e895ee55c2; if (!is_object($Fee0d5a474c96306)) { goto label10; } $Fee0d5a474c96306->close_mysql(); label10: @unlink($E18c40e895ee55c2); } goto label40; label1: exit(0); label2: register_shutdown_function('shutdown'); require str_replace('\\', '/', dirname($argv[0])) . '/../www/init.php'; cli_set_process_title('XUI[Errors]'); goto label23; label20: goto label60; label23: $E18c40e895ee55c2 = CRONS_TMP_PATH . md5(XUI::B28089331F7ADBa7() . __FILE__); XUI::b839EE4C00ab33c2($E18c40e895ee55c2); $Daee1f49d69c1428 = ['the user-agent option is deprecated', 'last message repeated', 'deprecated', 'packets poorly interleaved', 'invalid timestamps', 'timescale not set', 'frame size not set', 'non-monotonous dts in output stream', 'invalid dts', 'no trailing crlf', 'failed to parse extradata', 'truncated', 'missing picture', 'non-existing pps', 'clipping', 'out of range', 'cannot use rename on non file protocol', 'end of file', 'stream ends prematurely']; bfcdc975533c45a8(); goto label20; label40: if (!(posix_getpwuid(posix_geteuid())['name'] != 'xui')) { goto label51; } exit('Please run as XUI!' . "\n"); label51: set_time_limit(0); if (@$argc) { goto label2; } goto label1; label60: ?>
<?php /** * * @ This file is created by http://DeZender.Net * @ deZender (PHP7 Decoder for ionCube Encoder) * * @ Version : 4.1.0.1 * @ Author : DeZender * @ Release on : 29.08.2020 * @ Official site : http://DeZender.Net * */ function D89A8E3901025Ca6($fa2807b514bf8d02) { global $Fee0d5a474c96306; $C265da002f0a4a8f = []; $A6d7047f2fda966c = ''; if (!file_exists($fa2807b514bf8d02)) { goto label6; } $e1644d67f855686d = fopen($fa2807b514bf8d02, 'r'); label106: if (feof($e1644d67f855686d)) { goto label3; } $Ff014d0ebd314fcd = trim(fgets($e1644d67f855686d)); if (!empty($Ff014d0ebd314fcd)) { $Ff014d0ebd314fcd = json_decode(base64_decode($Ff014d0ebd314fcd), true); $E03b230fd4532f5e = md5($Ff014d0ebd314fcd['type'] . $Ff014d0ebd314fcd['message'] . $Ff014d0ebd314fcd['extra'] . $Ff014d0ebd314fcd['line']); if (in_array($E03b230fd4532f5e, $C265da002f0a4a8f)) { label2: goto label106; } if (!(stripos($Ff014d0ebd314fcd['message'], 'server has gone away') !== false && stripos($Ff014d0ebd314fcd['message'], 'socket error on read socket') !== false && stripos($Ff014d0ebd314fcd['message'], 'connection lost') !== false)) { $Ff014d0ebd314fcd = array_map([$Fee0d5a474c96306, 'escape'], $Ff014d0ebd314fcd); $A6d7047f2fda966c .= "(SERVER_ID" . (',' . $Ff014d0ebd314fcd['type'] . ',' . $Ff014d0ebd314fcd['message'] . ',' . $Ff014d0ebd314fcd['extra'] . ',' . $Ff014d0ebd314fcd['line'] . ',' . $Ff014d0ebd314fcd['time'] . ',\'' . $E03b230fd4532f5e . '\'),'); $C265da002f0a4a8f[] = $E03b230fd4532f5e; goto label2; } goto label106; } label3: fclose($e1644d67f855686d); label6: return $A6d7047f2fda966c; } function d4C3Fc66E7083138($F13a1637258a969b, $af276cda00cb8623) { foreach ($F13a1637258a969b as $Dd89cee9be13a3d0) { if (!stristr($af276cda00cb8623, $Dd89cee9be13a3d0)) { } return true; } return false; } function BfCDC975533C45a8() { global $Daee1f49d69c1428; global $Fee0d5a474c96306; $A6d7047f2fda966c = ''; foreach ([STREAMS_PATH] as $Bc16cc77a681d1ed) { if (!($a8f3762d489787d6 = opendir($Bc16cc77a681d1ed))) { goto label48; } label18: if (!(false !== ($Ea5af1151cd81ae2 = readdir($a8f3762d489787d6)))) { closedir($a8f3762d489787d6); label48: } if (!($Ea5af1151cd81ae2 != '.' && $Ea5af1151cd81ae2 != '..' && is_file($Bc16cc77a681d1ed . $Ea5af1151cd81ae2))) { goto label53; } $e2f848a82a80c113 = $Bc16cc77a681d1ed . $Ea5af1151cd81ae2; list($F26087d31c2bbe4d, $F9452a7efafa1aba) = explode('.', $Ea5af1151cd81ae2); if (!($F9452a7efafa1aba == 'errors')) { goto label53; } $Db09f9628b0daff0 = array_values(array_unique(array_map('trim', explode("\n", file_get_contents($e2f848a82a80c113))))); foreach ($Db09f9628b0daff0 as $D370fc32f973c6ca) { if (!(empty($D370fc32f973c6ca) || d4c3fc66e7083138($Daee1f49d69c1428, $D370fc32f973c6ca))) { if (!XUI::$rSettings['stream_logs_save']) { goto label128; } $A6d7047f2fda966c .= '(' . $F26087d31c2bbe4d . ',' . SERVER_ID . ',' . time() . ',' . $Fee0d5a474c96306->escape($D370fc32f973c6ca) . '),'; // [PHPDeobfuscator] Implied goto goto label128; } label128: } unlink($e2f848a82a80c113); label53: goto label18; } if (!(XUI::$rSettings['stream_logs_save'] && !empty($A6d7047f2fda966c))) { goto label173; } $A6d7047f2fda966c = rtrim($A6d7047f2fda966c, ','); $Fee0d5a474c96306->query('INSERT INTO `streams_errors` (`stream_id`,`server_id`,`date`,`error`) VALUES ' . $A6d7047f2fda966c . ';'); label173: $fa2807b514bf8d02 = "LOGS_TMP_PATHerror_log.log"; if (!file_exists($fa2807b514bf8d02)) { goto label161; } $A6d7047f2fda966c = rtrim(d89a8e3901025ca6($fa2807b514bf8d02), ','); $Fee0d5a474c96306->query('INSERT IGNORE INTO `panel_logs` (`server_id`,`type`,`log_message`,`log_extra`,`line`,`date`,`unique`) VALUES ' . $A6d7047f2fda966c . ';'); unlink($fa2807b514bf8d02); label161: } function shutdown() { global $Fee0d5a474c96306; global $E18c40e895ee55c2; if (!is_object($Fee0d5a474c96306)) { goto label10; } $Fee0d5a474c96306->close_mysql(); label10: @unlink($E18c40e895ee55c2); } if (!(posix_getpwuid(posix_geteuid())['name'] != 'xui')) { set_time_limit(0); if (@$argc) { register_shutdown_function('shutdown'); require str_replace('\\', '/', dirname($argv[0])) . '/../www/init.php'; cli_set_process_title('XUI[Errors]'); $E18c40e895ee55c2 = CRONS_TMP_PATH . md5(XUI::B28089331F7ADBa7() . "/var/www/html/input.php"); XUI::b839EE4C00ab33c2($E18c40e895ee55c2); $Daee1f49d69c1428 = ['the user-agent option is deprecated', 'last message repeated', 'deprecated', 'packets poorly interleaved', 'invalid timestamps', 'timescale not set', 'frame size not set', 'non-monotonous dts in output stream', 'invalid dts', 'no trailing crlf', 'failed to parse extradata', 'truncated', 'missing picture', 'non-existing pps', 'clipping', 'out of range', 'cannot use rename on non file protocol', 'end of file', 'stream ends prematurely']; bfcdc975533c45a8(); // [PHPDeobfuscator] Implied script end return; } exit(0); } exit("Please run as XUI!\n");
■【無料】ワードプレス:マルウェアスキャン&セキュリティープラグイン [マルウェア・ウィルス検出と駆除]
■WordPress のマルウェア駆除、セキュリティー対策 カスタマイズや修正、引っ越し・復旧のご依頼承ります
(C)2019 ワードプレス ドクター All rights reserved.