This backdoor may be downloaded from remote sites by other malware. It may be dropped by other malware.
It drops copies of itself. It terminates the initially executed copy and executes the dropped copy.
It opens a random port to allow a remote user to connect to the affected system. Once a successful connection is established, the remote user gathers information from the affected system and stores them on a file.
It terminates certain processes, if found running in memory.
It deletes itself after execution.