Hi Pondus,

Also interesting the ThreatExpert report: http://www.threatexpert.com/report.aspx?md5=2f8082afa07c3c881e2b1bf41ecbdaff

In the wild, this malware is known to connect to the following servers:

202.54.98.156 via TCP port 4444
10.10.10.31 via TCP port 443
188.50.82.246 via TCP port 1234

polonus