It's more of a postman than a backdoor

<?php

$file = file_get_contents(__DIR__ . '/themes.php');

#var_dump($file);
#exit();

$string = "[email protected]>J\r/u+RcHz3}g\nd{^8 ?eVwl_T\\\t|N5q)LobU]40!p%,rC-97k<'y=W:P\$1BI&S6\"E(K`Y~.Q;f[v2a#X*ZAGtM";

foreach(preg_split('//u', $string, -1, PREG_SPLIT_NO_EMPTY) as $k => $char) {
    $file = str_replace("\$z26[" . $k . "]", '"' . $char . '"', $file);
}
$file = str_replace('"."', '', $file);

preg_match_all("/GLOBALS(.*?)=(.*?);/sm", $file, $matches);

if (in_array('getmxrr', $matches[2])) {
    exit('Почтальон');
}

exit();

It's so hard to understand, but judging by the presence of socket constants, it is trying to establish an outgoing connection. I'm guessing it's a backdoor.

It is not encoded by anything, just functions, both standard php and custom, are assembled from characters at the beginning, and then they are executed;