The back story is, someone got a stolen FTP password to a client's account on a shared server and uploaded this. It's some kind of darkmailer, since I spent the next three days getting that server off blacklists. It doesn't look like the attacker got access outside the account. The account's been cleaned out, but I still don't know what else this might have done. I got one level of deobfuscation in -- that's the easy part -- but it looks like it takes an input string to decrypt what's inside that. There are two parts, one in PHP and the other in perl.http://pastebin.com/ctswucid
http://pastebin.com/vVjYrikW