To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.
This file infector may be dropped by other malware.It may be downloaded unknowingly by a user when visiting malicious Web sites.
It registers itself as a Browser Helper Object (BHO) to ensure its automatic execution every time Internet Explorer is run by creating registry keys/entries.It modifies registry entries to enable its automatic execution at every system startup.
It drops a DLL component file detected by Trend Micro as TROJ_TRATS.A which is injected into certain running processes to remain memory resident.
It infects EXE files by placing victim files between its own code and TROJ_TRATS.A then replaces the original file.
When one of infected files is executed, it drops the original victim file in the current path and executes it normally.
More...