A file keeps re-appearing in the root of a site I maintain:
settings_backup-gsmhotqmkyui0pikmt3ovg9n2krek7kr.php
It is generated possibly on a daily basis.
The last time was 11:56 (GMT +2:00)
The content of the file has encrypted data. I'm developer, not a security specialist so I can't say for sure whether it's definitely malicious or something generated by a plugin.
Sucuri plugin notices that a file has been added, but doesn't flag it as malicious after a malware scan. A WordFence scan doesn't notice it at all.
Does this look malicious?
How can I trace what is generating it?
[removed, please don't post potential malware here]