See this post:
This: ‘\x63\x72\x65\x61\x74\x65\x5f\x66\x75\x6e\x63\x74\x69\x6f\x6e’ is hex encoded “create_function” string. This is a PHP function that creates a function dynamically from a string. This is a backdoor. What can it do, for example?
- It can upload arbitrary files
- It can execute mysql queries
- Its can shell command
Others have detected the following as a Trojan function.
‘function letmein() {die’
