Hey @remark789,
This isn’t a file that’s distributed with WordPress. It may in fact be the symptom of a compromise. Can you please share the contents of the file in a pastebin.com so we can take a closer look?
In the meantime, I’d suggest changing all passwords including WordPress, sFTP, database, and hosting control panel. It can’t hurt, just_in_case.
Also, the guide below may help in cleaning the site if it’s compromised. Though, if you’re not comfortable with this, or the infection returns, I’d suggest reaching out to a professional hack repair service to have the site cleaned, and the point of entry patched.
https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/
Thanks,
Gerroald
