This backdoor is a .DLL component dropped by other malware to serve as its backdoor component. It is usually dropped in the system folder and registered as system service to ensure its automatic execution every system startup. It is then injected as thread into running processes to remain memory resident and makes it difficult to terminate.
This backdoor connects to a certain URL via a random port and executes commands locally on affected machines.
However, it requires its main component to run properly.
More...
