Technical Information
Malicious functions:
Removes itself
Launches itself as a daemon
Substitutes application name for:
- bphekotvft
Network activity:
Awaits incoming connections on ports:
- 127.0.0.1:3902
Establishes connection:
- <LOCAL_DNS_SERVER>
- 18#.##1.97.249:5600
- 23.###.50.205:80
HTTP GET requests:
- http://###.#33.2.213/
DNS ASK:
- i.##ppr.cc
Sends data to the following servers:
- 14#.##9.157.250:80
- 25#.##6.250.86:80
- 31.##.113.181:80
- 11#.##4.90.20:80
- 18.##.206.190:80
- 19#.##1.47.70:80
- 23.###.50.205:80
- 22#.##6.200.89:80
- 25#.##0.163.153:80
- 21#.##.158.180:80
- 22#.##3.239.158:80
- 15#.##1.247.125:80
- 14#.##9.92.202:80
- 24#.##9.161.148:80
- 15#.##8.225.103:80
- 24#.##2.105.217:80
- 13#.##1.157.252:80
- 21#.##9.107.29:80
- 21#.##.246.106:80
- 22#.##.201.78:80
- 84.##.116.140:80
- 21#.##1.64.114:80
- 53.###.130.75:80
- 19#.##5.231.162:80
- 12.###.96.151:80
- 25#.##7.175.148:80
- 23#.##.54.228:80
- 57.##0.53.6:80
- 19#.##8.41.177:80
- 16#.##4.119.100:80
- 39.###.229.15:80
- 20#.##6.123.131:80
- 71.##.244.161:80
- 22#.##5.57.90:80
- 22#.##1.105.119:80
- 22#.##1.220.221:80
- 10#.##.146.134:80
- 24.##.33.185:80
- 10#.#.183.14:80
- 76.###.170.22:80
- 25.###.168.186:80
- 25.###.197.80:80
- 16#.##5.166.8:80
- 15#.##.84.144:80
- 95.###.170.201:80
- 60.##.20.129:80
- 18#.##7.70.100:80
- 19#.##.116.194:80
- 21#.##.232.119:80
- 11#.##6.77.180:80
- 19#.##9.126.91:80
- 54.###.183.189:80
- 11#.##.156.117:80
- 27.###.156.234:80
- 29.###.194.39:80
- 10#.##.199.52:80
- 12#.##1.250.143:80
- 78.###.216.222:80
- 18#.##.246.92:80
- 18#.#.13.241:80
- 13#.##.116.95:80
- 22#.##4.215.231:80
- 24#.##2.155.254:80
- 56.##9.2.18:80
- 90.###.154.56:80
- 11#.##2.196.235:80
- 17#.##2.41.207:80
- 16#.##6.141.140:80
- 15#.##.102.201:80
- 18#.##3.235.39:80
- 17#.##2.39.251:80
- 75.##.41.235:80
- 14#.##2.21.251:80
- 14#.##3.65.191:80
- 24#.##6.176.148:80
- 44.##4.9.167:80
- 24#.##7.157.250:80
- 20#.##9.204.5:80
- 13#.##5.209.95:80
- 24#.##7.222.103:80
- 16#.##.31.148:80
- 24#.##.219.243:80
- 37.###.164.93:80
- 40.##.145.26:80
- 78.##.115.109:80
- 23#.##5.115.19:80
- 17#.#6.44.37:80
- 70.##7.91.13:80
- 98.###.145.225:80
- 11#.##.206.134:80
- 49.###.151.209:80
- 22#.##3.35.25:80
- 20#.##.232.201:80
- 20#.##.137.103:80
- 10#.##3.109.136:80
- 10#.##4.223.204:80
- 19#.##.97.225:80
- 23#.##5.194.216:80
- 17#.##9.46.206:80
- 17.##1.229.4:80
- 56.##5.6.113:80
- 10#.##1.80.42:80
- 18.###.213.125:80
- 27.##.243.170:80
- 23#.#.141.168:80
- 22#.##1.235.223:80
- 13#.##.250.117:80
- 67.###.140.122:80
- 19#.##2.202.203:80
- 62.###.211.78:80
- 20#.##4.4.157:80
- 25#.##2.72.224:80
- 16#.##7.243.120:80
- 6.###.34.224:80
- 16#.#.168.185:80
- 71.##.152.133:80
- 26.###.249.91:80
- 17#.##4.93.47:80
- 32.##6.1.208:80
- 24#.##.222.251:80
- 24#.##8.131.123:80
- 13#.##.109.245:80
- 17#.##.85.166:80
- 24#.##1.225.196:80
- 22#.##2.84.204:80
- 19#.#.120.213:80
- 20#.##4.212.165:80
- 17#.##.183.145:80
- 15#.##1.184.4:80
- 22#.##8.58.188:80
- 12#.##4.189.27:80
- 19#.##8.28.72:80
- 14#.##0.119.163:80
- 23#.##8.227.66:80
- 21#.##2.8.154:80
- 13#.##.248.107:80
- 36.###.136.47:80
- 16#.##0.11.251:80
- 55.###.219.98:80
- 19#.##5.146.77:80
- 24#.##9.2.173:80
- 6.###.27.94:80
- 70.###.172.230:80
- 53.##.252.236:80
- 11#.##9.97.189:80
- 51.###.163.40:80
- 54.###.59.154:80
- 2.###.22.74:80
- 18#.##6.237.170:80
- 83.###.47.212:80
- 12#.##1.243.124:80
- 17#.#3.43.82:80
- 4.###.97.194:80
- 21#.##.190.59:80
- 19#.##.238.226:80
- 21#.##8.241.139:80
- 13.##.122.204:80
- 16.###.253.119:80
- 29.##.27.91:80
- 18#.##1.97.249:5600