recently some hacked into my WP website an uploaded 4 encrypted files (additionally one file named ntunel_mysql.php (no encryption) seems suspicious, not sure if it was by hacker ),
Which decodes the array of gibberish into the malicious code that actually runs. However, without a closer inspection, I’m not entirely sure what it does (displays ads, maybe?). Either way, I wouldn’t recommend running it, though.
Reverting to backup before this intrusion happened would probably be the best option, since you never know what other malicious pieces of code would’ve been left behind.
I would also take a closer look at what your file permissions are set at, and also locking down wordpress better.
i’m not sure what the code does, but the hacker was able to create admin users and change my affiliate links to his in a script i use. i have traced down several accesses to the malicious files from someone in vietnam. here is a series of accesses made to the above file (timing: bottom to top):
a quick look at it reveals that it decodes into chinese - now I’m not so familiar with the language but it looks like (looks like gibberish nonsense) maybe forum posts… or news stuffing… hard to tell without knowing more or speaking the language…