To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.

Malware Overview
This Trojan may be dropped by other malware. It may be downloaded unknowingly by a user when visiting malicious Web sites.
It creates registry entries to enable its automatic execution at every system startup.
It opens a port and acts as a proxy server. As a proxy server, it is an intermediary between a remote malicious user and a target server.
Through its opened port, it can receive incoming requests from the said remote user, which it then forwards to the target server. The said requests can very well be components of malicious routines that may harm other systems.
It hides the real location of where the requests are coming from because the connection can only be traced to the system affected with this Trojan.
This Trojan also tries to connect to certain sites. It may be used by other malware to send spam.
It is used to construct an email message, which is sent out to a list of target email address using its own Simple Mail Transfer Protocol (SMTP) engine. With its own SMTP engine, it is capable of sending email messages without using mailing applications, such as Microsoft Outlook. However, the email message this Trojan sends out does not contain a copy of the Trojan or any other malware. It is also capable of collecting email addresses from files with certain extensions.


More...