Backdoor.Win32.Wollf.16 malware creates and runs a service named contime.exe with SYSTEM integrity and listens on port 5240. The malware uses a weak hardcoded password of 12345678 which can easily be viewed in the binary using strings utility.
4dfcf5cb5dd13d22e26f7d3ce2548607b9ec1c758f0824815af486ad3a4a2471