Let me be clear. I am neither the developer of StealRAT botnet nor in any way affiliated with the developer(s).
I contacted a sys-admin who gave me a couple of mail logs and a php file. I quickly realised that the code was part of the StealRAT because of the error reporting method implemented.
Just in case this tells you something: The StealRAT was found inside a compromised Joomla 2.5 installation operating during March 2014. A little more descriptive post is here About the repo
Well, not much really. Two files, the first is the obfuscated one and the second is what I deobfuscated.
Hopefully you will use it for education. At least I find it fun to try and figure out what other people thought during the development process and figure out why they did it that way.
There is one function that is never used throughout the file. If everything works fine I may get the rest of the files as well.