We will explain how to restore (decode) a malware file that has infected WordPress.
Obfuscated malware files
The program files of malware infecting WordPress are often unrecognizable at first glance, as shown in the figure, because it is difficult to tell what they are processing.
This process is called obfuscation, and it is the process of processing or rearranging the order of program strings to make them difficult for humans to read without changing their behavior.
Obfuscation is performed using a variety of software (obfuscation programs and scripts are often distributed for free on GitHub and elsewhere).
Hackers obfuscate files to avoid detection of malware and to prevent exposure of which sites and email addresses they are connecting to (and sending data to).
Restore obfuscated PHP and JAVASCRIPT files to their original, readable code
Although it may not be possible to reproduce the complete program, there are web services that can de-obfuscate such files.
Manual compounding is also possible in some cases.
For example
eval (base64_decode('string
), you can turn the executable function called eval into an output function called echo to see what the malware code was trying to execute.
echo (base64_decode('string
We hope this helps.
Free WordPress:Malware Scanning & Security Plugin [Malware and Virus Detection and Removal].