Hi, this malware is a Web Shell, have a function to the malicious attacker have all control of your website and execute commands, edit files, delete, and probly is not the only location of malware.
The attacker edited the ROIS plugin, or that's the entry point of him on your website.
I'm a Ethical Hacker acting on a IT Company and i do freelancer on my freetime.
I will find and remove all malware from your website, i will search for vulnerabilities (this is for prevent, we don't need more further attacks), and fix all vulnerabilities, and show you how you can secure all of your websites, servers and future projects on internet to prevent this issues.
Is really sad being hacked, but in this case, is a easy thing.
Hope we can work together!