It gets code from a remote location (http://www.linos.cc/code.php) and stores it within a temporary file using sys_get_temp_dir() – http://php.net/manual/en/function.sys-get-temp-dir.php – and then creates a wp-tmp.php file with the before-mentioned code within your WordPress installation in the following locations:
/wp-includes/wp-tmp.php
and
/wp-content/themes/your-theme-name/wp-tmp.php
The code that’s stored in this file (http://www.linos.cc/code.php) appears to append content to your WordPress sites pages using the the_content WordPress filter – https://codex.wordpress.org/Plugin_API/Filter_Reference/the_content.
Ps. The domain name linos.cc is registered with NameCheap – https://www.namecheap.com/ – so you could always report the domain to them as being used for abuse/malicious purposes. You can view details of the domain and get the domain registrars abuse reporting email here: http://whois.domaintools.com/linos.cc