Technical Information
Malicious functions:
Removes itself
Launches itself as a daemon
Network activity:
Awaits incoming connections on ports:
- 127.0.0.1:3902
Establishes connection:
- <LOCAL_DNS_SERVER>
- 95.###.62.169:5600
- 17#.##.113.203:80
HTTP GET requests:
- http://##.##0.138.221/
Sends data to the following servers:
- 20#.#7.16.2:80
- 10#.##3.54.94:80
- 20#.##1.114.241:80
- 64.###.115.225:80
- 29.#.209.79:80
- 45.##.87.112:80
- 23#.##1.23.129:80
- 11#.##5.181.35:80
- 44.###.120.212:80
- 15#.##.90.238:80
- 13#.##7.241.25:80
- 92.###.66.179:80
- 41.###.221.22:80
- 24#.##6.142.145:80
- 11#.##9.236.150:80
- 14#.##.146.89:80
- 13.##.129.7:80
- 37.##.208.153:80
- 81.##.53.177:80
- 3.###.223.97:80
- 22#.##.176.47:80
- 20#.##7.89.138:80
- 11#.##2.17.149:80
- 68.###.138.28:80
- 10#.##.125.163:80
- 16#.##6.40.58:80
- 3.##.75.173:80
- 17#.##.90.207:80
- 13#.##.229.72:80
- 40.###.118.119:80
- 16#.##.154.147:80
- 7.###.222.31:80
- 20#.##1.143.88:80
- 68.###.138.17:80
- 69.##1.58.15:80
- 48.###.214.163:80
- 67.##.72.97:80
- 30.###.203.159:80
- 17.##4.110.4:80
- 21#.##9.204.224:80
- 78.###.231.99:80
- 39.##6.5.2:80
- 19#.##.95.245:80
- 68.###.222.245:80
- 12.###.34.227:80
- 19#.##.228.177:80
- 10#.##8.16.172:80
- 96.###.51.103:80
- 91.##6.9.95:80
- 14#.#6.41.96:80
- 30.#.212.229:80
- 54.###.167.230:80
- 17#.##8.204.235:80
- 23#.##3.219.196:80
- 2.###.222.185:80
- 39.##.41.181:80
- 24#.##6.155.58:80
- 70.###.78.140:80
- 45.###.254.163:80
- 24#.#7.38.94:80
- 17#.#5.180.3:80
- 86.###.175.239:80
- 16#.#7.230.5:80
- 83.###.192.56:80
- 34.##9.129.6:80
- 13#.##.126.238:80
- 24#.##0.254.31:80
- 38.###.130.206:80
- 65.##.116.190:80
- 77.#.114.35:80
- 10.##.124.34:80
- 12#.##.134.91:80
- 59.###.111.249:80
- 81.##3.129.3:80
- 26.##.67.41:80
- 11#.##3.177.17:80
- 22.###.211.204:80
- 73.##.246.20:80
- 14#.##3.41.77:80
- 22#.##7.16.125:80
- 14#.##8.4.228:80
- 15#.#3.3.18:80
- 44.###.118.85:80
- 32.###.149.44:80
- 13.##5.27.18:80
- 75.##8.40.22:80
- 18.##4.52.37:80
- 16.##7.18.44:80
- 20#.##9.65.155:80
- 24#.##9.220.247:80
- 96.##1.24.2:80
- 11#.##8.186.97:80
- 13#.##.225.154:80
- 30.##.60.206:80
- 12#.##5.130.185:80
- 18.##.14.56:80
- 17#.##0.130.77:80
- 70.###.126.134:80
- 86.##6.22.46:80
- 21#.##6.211.136:80
- 10#.##.79.232:80
- 15#.##.182.200:80
- 17#.##.113.203:80
- 20#.##7.24.15:80
- 15#.##4.128.195:80
- 58.##.99.53:80
- 13#.##7.75.37:80
- 18.###.101.218:80
- 20#.##.100.104:80
- 19#.#24.5.38:80
- 68.##.201.59:80
- 23#.##.227.234:80
- 17#.##9.68.40:80
- 17#.##4.22.147:80
- 23#.#.159.108:80
- 23#.##.46.193:80
- 19#.##4.205.231:80
- 17#.##6.131.67:80
- 94.###.171.115:80
- 78.###.119.58:80
- 59.###.212.57:80
- 15#.##6.56.147:80
- 95.###.253.116:80
- 47.###.243.211:80
- 56.###.96.221:80
- 82.###.132.70:80
- 22#.##7.153.182:80
- 61.##.164.200:80
- 22.##.205.4:80
- 39.##.222.183:80
- 63.##8.24.83:80
- 61.##1.93.90:80
- 18.###.209.126:80
- 70.###.245.208:80
- 11#.##7.22.202:80
- 3.###.113.158:80
- 10#.##.140.217:80
- 11#.##2.235.58:80
- 74.###.85.179:80
- 52.#.66.238:80
- 13#.##1.50.107:80
- 91.#.156.44:80
- 21#.##.125.58:80
- 23#.##.67.125:80
- 21#.##.234.79:80
- 22#.##4.36.45:80
- 16#.##1.137.49:80
- 19#.##4.20.189:80
- 10.###.231.122:80
- 15#.##2.65.170:80
- 22#.##6.205.104:80
- 20#.##8.171.124:80
- 13#.##.242.22:80
- 15#.##0.242.167:80
- 18#.##1.138.34:80
- 82.###.154.105:80
- 43.##.7.118:80
- 14#.##1.139.192:80
- 99.##.61.174:80