Technical Information
Malicious functions:
Removes itself
Launches itself as a daemon
Substitutes application name for:
- osbcf18d2s
Network activity:
Awaits incoming connections on ports:
- 127.0.0.1:3902
Establishes connection:
- <LOCAL_DNS_SERVER>
- 18#.##1.97.249:5600
HTTP GET requests:
- http://##.##.27.206/
DNS ASK:
- i.##ppr.cc
Sends data to the following servers:
- 22#.##0.169.99:80
- 95.##3.76.51:80
- 31.##.17.174:80
- 87.##0.31.99:80
- 24#.##6.181.188:80
- 4.###.136.91:80
- 87.##.44.130:80
- 10#.##.85.251:80
- 10#.##.23.243:80
- 51.###.31.170:80
- 24#.##4.29.26:80
- 93.##8.1.72:80
- 16#.##4.19.93:80
- 17#.##0.113.71:80
- 17#.##1.143.186:80
- 60.##3.69.20:80
- 9.###.43.93:80
- 12#.##.76.123:80
- 66.##.142.53:80
- 8.###.83.212:80
- 24#.#5.63.65:80
- 64.###.168.19:80
- 14#.#5.74.73:80
- 4.###.196.191:80
- 21#.##6.21.242:80
- 10#.##5.38.184:80
- 37.###.145.172:80
- 13#.##2.65.138:80
- 32.###.14.113:80
- 87.###.242.113:80
- 50.###.100.13:80
- 34.###.144.150:80
- 17#.##3.112.119:80
- 10#.##.188.106:80
- 23#.##5.148.147:80
- 19#.##1.175.36:80
- 99.##0.13.70:80
- 50.##.206.6:80
- 20#.##0.146.26:80
- 17#.##.14.236:80
- 72.##.109.244:80
- 97.###.131.108:80
- 10#.#.195.184:80
- 16#.##5.111.59:80
- 19#.#9.239.0:80
- 3.##.6.139:80
- 24#.##4.189.21:80
- 13.###.130.55:80
- 73.###.126.143:80
- 16#.#.251.14:80
- 89.###.228.227:80
- 17#.#7.98.87:80
- 21.##.253.204:80
- 17#.##2.141.235:80
- 16#.##3.217.8:80
- 17#.##4.97.199:80
- 11#.##.209.233:80
- 20#.##4.48.13:80
- 75.###.91.110:80
- 24#.##4.200.244:80
- 10#.##5.58.161:80
- 92.##.78.97:80
- 12#.##1.47.213:80
- 22#.##9.140.77:80
- 19#.#.125.142:80
- 58.###.12.215:80
- 22#.##.57.194:80
- 92.##0.1.13:80
- 10#.#.24.3:80
- 18#.##.217.47:80
- 2.###.126.47:80
- 13#.##.10.235:80
- 12#.##.73.232:80
- 47.##0.90.2:80
- 14#.##.247.161:80
- 21#.##2.106.150:80
- 42.###.131.71:80
- 17#.##0.24.246:80
- 20#.##2.100.216:80
- 60.###.44.212:80
- 25#.##1.134.103:80
- 12#.##5.223.59:80
- 10#.##0.21.176:80
- 85.##.55.31:80
- 19#.##8.5.148:80
- 15#.##.211.139:80
- 15#.##.154.66:80
- 6.##.80.4:80
- 11#.##.241.190:80
- 20#.##8.29.175:80
- 17#.#.175.231:80
- 22.###.88.150:80
- 12#.#.151.101:80
- 11#.##2.202.96:80
- 13#.##.102.26:80
- 12#.##6.125.89:80
- 34.##7.5.55:80
- 20#.##3.23.151:80
- 17.##.15.118:80
- 77.##.34.7:80
- 6.###.228.96:80
- 16#.##.21.151:80
- 24#.##9.141.47:80
- 55.###.227.147:80
- 18#.##.173.75:80
- 31.##.62.149:80
- 25#.##2.213.93:80
- 13#.##.34.154:80
- 24#.##.163.107:80
- 20#.##8.139.111:80
- 16#.##8.72.65:80
- 37.##.163.223:80
- 43.##.9.55:80
- 2.##.102.38:80
- 10#.##9.182.93:80
- 17#.##6.78.178:80
- 41.##.99.156:80
- 22#.##2.150.197:80
- 88.##.167.135:80
- 21#.##6.32.61:80
- 11#.##3.189.172:80
- 69.###.237.113:80
- 41.###.176.40:80
- 93.##.246.69:80
- 10#.##6.90.141:80
- 23#.#.57.82:80
- 67.###.190.120:80
- 19#.##.226.111:80
- 30.###.242.115:80
- 20#.##.30.139:80
- 14.###.84.246:80
- 12#.##.75.253:80
- 19#.#3.64.58:80
- 11#.##.194.85:80
- 24#.##3.231.100:80
- 40.###.203.68:80
- 13#.##.15.229:80
- 25#.##4.144.187:80
- 67.###.104.156:80
- 17.###.207.24:80
- 20#.##9.32.153:80
- 17#.##9.65.209:80
- 21#.##2.39.213:80
- 25#.##4.119.22:80
- 23#.##3.130.197:80
- 17#.##.219.198:80
- 21.##0.97.53:80
- 64.###.147.34:80
- 60.###.156.107:80
- 18#.##5.205.52:80
- 44.##.76.242:80
- 1.###.250.143:80
- 6.###.153.166:80
- 31.###.143.51:80
- 18#.##1.64.48:80
- 21#.##.243.114:80
- 11#.##2.147.254:80
- 22#.##.128.59:80
- 24.##.142.4:80