How about running that backdoor from a honeypot and check what it is trying to do?