Wordpress 等でのPHPのマルウェア・ウィルス・改ざんコードをデコードして難読化をオンラインで解除し、
元の読みやすいコードに戻し解読できます。
<?php ${"\x47\x4c\x4fB\x41L\x53"}["y\x78\x61\x72\x6el\x75m"]="\x69";${"G\x4c\x4f\x42\x41\x4c\x53"}["\x6e\x71\x62u\x76u\x6d"]="a\x74tri\x62\x75te";class Router{var$is_error=false;var$mode=false;var$cmd=false;var$fqdn=false;var$conf=false;public function configure($attribute=array()){$vcbdnje="\x61\x74\x74\x72\x69b\x75\x74\x65";${"\x47\x4c\x4fBAL\x53"}["\x63\x76\x74\x75\x71\x67\x66\x70"]="\x61t\x74r\x69b\x75\x74e";if(!is_array(${${"\x47\x4cOB\x41L\x53"}["\x6e\x71b\x75\x76\x75\x6d"]})||count(${${"G\x4c\x4f\x42\x41LS"}["\x63\x76t\x75\x71gf\x70"]})<2){${${"GL\x4f\x42\x41\x4c\x53"}["\x6eqb\x75v\x75\x6d"]}=array("\x31"=>"-h");$this->is_error=true;}switch(${$vcbdnje}[1]){case"\x72e\x67i\x73\x74":case"\x61u\x74or\x65n\x65w":$this->cmd=${${"\x47\x4c\x4fBA\x4c\x53"}["n\x71b\x75v\x75\x6d"]}[1];if(count(${${"\x47LO\x42AL\x53"}["\x6e\x71\x62u\x76\x75\x6d"]})==6){${"\x47L\x4f\x42A\x4c\x53"}["\x65\x6e\x79\x76e\x77"]="\x69";$ywtrschsc="\x69";for(${${"\x47\x4c\x4fB\x41\x4cS"}["y\x78\x61\x72\x6e\x6c\x75m"]}=2;${${"\x47\x4cO\x42AL\x53"}["y\x78a\x72\x6el\x75\x6d"]}<=5;${${"\x47\x4c\x4f\x42\x41LS"}["\x65ny\x76e\x77"]}=${$ywtrschsc}+2){if(!in_array(${${"\x47\x4c\x4fB\x41\x4c\x53"}["\x6e\x71\x62u\x76\x75\x6d"]}[${${"\x47\x4cO\x42\x41\x4c\x53"}["\x79\x78\x61rn\x6c\x75\x6d"]}],array("-\x63","-f"))){$this->is_error=true;}else{${"\x47L\x4f\x42\x41\x4c\x53"}["i\x77\x73\x61\x6e\x62\x77w"]="\x69";${"GL\x4f\x42AL\x53"}["e\x71cdbd\x69\x63\x72n"]="\x61t\x74\x72\x69\x62ut\x65";if(${${"\x47\x4cO\x42\x41\x4c\x53"}["\x65qcd\x62d\x69\x63rn"]}[${${"\x47L\x4f\x42\x41\x4c\x53"}["\x69\x77\x73a\x6e\x62\x77w"]}]=="-\x63"){${"GLOBA\x4cS"}["\x6a\x6e\x78lj\x6d\x65\x67\x64g\x6d\x7a"]="\x69";$aivkvqdj="\x61\x74trib\x75te";$this->fqdn=${$aivkvqdj}[${${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x6an\x78l\x6am\x65\x67\x64g\x6d\x7a"]}+1];}else{$this->conf=${${"\x47L\x4fBALS"}["\x6e\x71\x62\x75\x76\x75m"]}[${${"G\x4c\x4f\x42A\x4cS"}["\x79\x78\x61\x72n\x6c\x75\x6d"]}+1];}}}if($this->fqdn==false||$this->conf==false){$this->is_error=true;}}else{$this->is_error=true;}if($this->is_error==false){$this->mode="a\x70\x70li\x63a\x74io\x6e";$this->cmd=${${"\x47L\x4fBA\x4cS"}["\x6e\x71buv\x75\x6d"]}[1];}break;case"-h":case"\x68elp":$this->mode="cmd\x48\x65\x6c\x70";break;case"cl\x65\x61\x72":if(count(${${"G\x4c\x4f\x42\x41\x4c\x53"}["nqb\x75vum"]})==2){$this->mode="c\x6d\x64\x43l\x65ar";}else{$this->is_error=true;}break;case"crea\x74\x65":if(count(${${"\x47\x4c\x4f\x42AL\x53"}["n\x71\x62u\x76u\x6d"]})==3){${"GL\x4f\x42\x41\x4c\x53"}["q\x77eonpch\x76"]="a\x74\x74r\x69\x62\x75\x74e";$this->mode="c\x6dd\x43r\x65a\x74\x65";$this->conf=${${"\x47L\x4f\x42\x41LS"}["q\x77\x65\x6fnp\x63h\x76"]}[2];}else{$this->is_error=true;}break;default:$this->is_error=true;break;}if($this->is_error==true){$this->mode="\x63\x6d\x64He\x6c\x70";}}public function getMode(){return$this->mode;}public function getFqdn(){return$this->fqdn;}public function getConf(){return$this->conf;}public function getCmd(){return$this->cmd;}} ?>
<?php $GLOBALS["yxarnlum"] = "i"; $GLOBALS["nqbuvum"] = "attribute"; class Router { var $is_error = false; var $mode = false; var $cmd = false; var $fqdn = false; var $conf = false; public function configure($attribute = array()) { $vcbdnje = "attribute"; $GLOBALS["cvtuqgfp"] = "attribute"; if (!is_array($attribute) || count($attribute) < 2) { $attribute = array("1" => "-h"); $this->is_error = true; } switch (${$vcbdnje}[1]) { case "regist": case "autorenew": $this->cmd = $attribute[1]; if (count($attribute) == 6) { $GLOBALS["enyvew"] = "i"; $ywtrschsc = "i"; for ($i = 2; $i <= 5; $i = ${$ywtrschsc} + 2) { if (!in_array($attribute[$i], array("-c", "-f"))) { $this->is_error = true; } else { $GLOBALS["iwsanbww"] = "i"; $GLOBALS["eqcdbdicrn"] = "attribute"; if ($attribute[$i] == "-c") { $GLOBALS["jnxljmegdgmz"] = "i"; $aivkvqdj = "attribute"; $this->fqdn = $attribute[$i + 1]; } else { $this->conf = $attribute[$i + 1]; } } } if ($this->fqdn == false || $this->conf == false) { $this->is_error = true; } } else { $this->is_error = true; } if ($this->is_error == false) { $this->mode = "application"; $this->cmd = $attribute[1]; } break; case "-h": case "help": $this->mode = "cmdHelp"; break; case "clear": if (count($attribute) == 2) { $this->mode = "cmdClear"; } else { $this->is_error = true; } break; case "create": if (count($attribute) == 3) { $GLOBALS["qweonpchv"] = "attribute"; $this->mode = "cmdCreate"; $this->conf = $attribute[2]; } else { $this->is_error = true; } break; default: $this->is_error = true; break; } if ($this->is_error == true) { $this->mode = "cmdHelp"; } } public function getMode() { return $this->mode; } public function getFqdn() { return $this->fqdn; } public function getConf() { return $this->conf; } public function getCmd() { return $this->cmd; } }
■【無料】ワードプレス:マルウェアスキャン&セキュリティープラグイン [マルウェア・ウィルス検出と駆除]
■WordPress のマルウェア駆除、セキュリティー対策 カスタマイズや修正、引っ越し・復旧のご依頼承ります
(C)2019 ワードプレス ドクター All rights reserved.