Ok, it looks like that code is self-executing. It's actually rather clever, actually.
The second line essentially spits out this:
Which decodes the array of gibberish into the malicious code that actually runs. However, without a closer inspection, I'm not entirely sure what it does (displays ads, maybe?). Either way, I wouldn't recommend running it, though.
Reverting to backup before this intrusion happened would probably be the best option, since you never know what other malicious pieces of code would've been left behind.
I would also take a closer look at what your file permissions are set at, and also locking down wordpress better.