Hosted in USA also called Ramnit by other antiviruses
what this malware does:
Capability to send out email message(s) with the built-in SMTP client engine.
Produces outbound traffic.
Communication with a remote SMTP server and sending out email.
Downloads/requests other files from Internet.
Compromises SafeBoot registry key(s) in an attempt to disable the Safe Mode.
Creates a startup registry entry.
The data identified by the following URLs was then requested from the remote web server:
Here the panel:
http://18.104.22.168/ u have to find a way to gain access because it ask for username and passwd lol