This malware take commands from web interface here:http://212.7.214.59/web/getcommand.php
u can list files here:
http://212.7.214.59/web/
The data identified by the following URLs was then requested from the remote web server:
http://212.7.214.59/web/getcommand.php?getcmd=1
http://212.7.214.59/web/report.php?p=26319&n=1
exe file here:
http://adf.ly/38d3H