is a trojan that allows unauthorized access and control of your computer. It could connect to a command and control (C&C) server to receive commands to perform certain payloads, such as remote file execution, data theft and downloading other malware.
is installed by other malware, such as TrojanDropper:Win32/Glacid.A, and may be present with other malware such as the following:
Note: <system folder> refers to a variable location that is determined by the malware by querying the operating system. The default installation location for the System folder for Windows 2000 and NT is C:\Winnt\System32; and for XP, Vista, and 7 is C:\Windows\System32.
Communicates with a remote server
This trojan attempts to connect to a C&C server named "updating.vicp.cc" using TCP port 443. The server sends instructions to the backdoor trojan to perform any of the following payloads:
- Execute a specified application
- Delete a file
- Kill process by its process ID (PID)
- Enumerate processes
- Upload a file from the affected computer to the C&C server
- Terminate connection
- Get disk drive information
- Locate file
- Download a file to affected computer
Analysis by Vincent Tiu