The plugin downloads malicious code, hijacks your admin account and grants the plugin author full access to your WordPress site. As reported by wordfence.com:

A backdoor file allows an attacker, or in this case, a plugin author, to gain unauthorized administrative access to your website. This backdoor creates a session with user ID 1 (the default admin user that WordPress creates when you first install it), sets authentication cookies, and then deletes itself.

Installing a random WordPress plugin is risky. Be careful out there.