This backdoor may be dropped by other malware, specifically TROJ_WORDROP.A.
Upon execution, this backdoor drops several files. Once a certain file is executed, it drops more files into the system.
The time and date stamp of a non-malicious file is copied to a dropped DLL file. It then modifies a registry entry to enable the dropped DLL file to run on every windows start up.
This backdoor opens a random port to allow a remote user to connect to the affected system. Once a successful connection is established, a remote user may be able to execute the following commands on the affected system:
However, due to an error in its code, it fails to perform these backdoor routines.


More...