Hi,
It’s more likely that a hacker specifically hacked that file, so you would be less likely to find it.
I’ve worked with hundreds of websites all around the world who have used that theme and my experience says that file is not a hacker file.
You can confirm this by downloading a virgin copy of the theme and compare yours with the original (and I believe you’ll see your post is in error).
@THRG is right, wp-archive can be a victim, but rather not a gate.
You should check files by modification time – look them in server log. Also check for files which is not in the original wp package.
@THRG Thanks, but ‘twentyeleven’ remained untouched from upload to my server. It’s exactly as WP made it. It was just there as a ‘virgin’ itself.
My active theme is another one entirely.
I recommend deleting all inactive themes and plugins.
Themes and plugins are easy enough to reinstall if needed in future. Leaving old themes or plugins installed may degrade the security of your website (so why take a chance…).