Once running, the server will attempt to open a HTTP connection to a specific web server (port 80), and post details of the victim machine to a script there in order to mail those details to the desired mailbox.
The posted details will typically include:

* victim IP address
* port number (for client connection)
* port number (for file uploading/downloading)
* system date and time

Also, the following characteristics were observed:

- enumerate logical drives
- get access to file system
- upload files
- download and execute additional malware
- delete/rename/move file
- enumerate and terminate choosen processes

This BackDoor will also answer the following commands:

SPLITTERFILE
CMDSHOW
CMDSTOP
CMDSTART
BROWSERDIR
UPLOAD
UPREQUEST
DIRECTDOWNLOAD
DOWNLOAD || FASTDOWNLOAD
DOWNREQUEST || FASTDOWNREQUEST
TERMINATEPROCESS
GETPROCESS
EXECUTE
RENAME
DEL
CREATEDIR
LOOKDIR
LOGOUT