Technical Information
Malicious functions:
Removes itself
Launches itself as a daemon
Substitutes application name for:
- p42pntsdupta
Network activity:
Awaits incoming connections on ports:
- 127.0.0.1:49018
Establishes connection:
- 8.#.8.8:53
- 0.0.0.0:0
Sends data to the following servers:
- 18#.##6.81.235:5555
- 94.##.125.236:5555
- 19.##.167.29:5555
- 43.##.131.235:5555
- 14#.###.195.135:5555
- 14#.##6.224.79:5555
- 10#.##1.10.185:5555
- 16#.##8.114.92:5555
- 62.##.246.154:5555
- 12#.##.13.184:5555
- 16#.##8.154.88:5555
- 16#.###.113.223:5555
- 14#.###.158.203:5555
- 16#.##7.94.171:5555
- 16#.#.169.176:5555
- 23.###.189.24:5555
- 19#.##5.199.94:5555
- 13#.###.127.254:5555
- 88.##.247.161:5555
- 17#.##0.56.135:5555
- 92.###.224.53:5555
- 18#.##6.81.161:5555
- 14#.##4.66.158:5555
- 18#.##.39.29:5555
- 73.##.49.243:5555
- 43.###.222.216:5555
- 16#.##.254.231:5555
- 38.#.#05.126:5555
- 10#.##.227.226:5555
- 43.###.21.208:5555
- 42.###.247.222:5555
- 25.###.140.183:5555
- 51.###.51.99:5555
- 83.##.59.224:5555
- 19#.##6.145.37:5555
- 22#.##0.73.92:5555
- 11#.##.114.100:5555
- 12#.##.93.57:5555
- 13#.##.149.122:5555
- 10#.##.73.170:5555
- 14#.##.133.231:5555
- 21#.#.36.142:5555
- 37.##.125.26:5555
- 16#.##6.78.95:5555
- 18.###.171.189:5555
- 9.#.#44.14:5555
- 45.###.217.245:5555
- 90.##.76.17:5555
- 11#.##.213.171:5555
- 18#.##.250.242:5555
- 57.##.38.88:5555
- 11#.##4.231.81:5555
- 12#.#.254.183:5555