It is a memory resident parasitic Win32 virus. The virus stays in Windows memory as an application, hooks file searching and access functions, then infects PE EXE files that are intercepted.
The virus uses polymorphic engine to encrypt its body in infected files, as well as “entry-point-obscuring” (EPO) trick to hide its entry routine (to avoid trivial detection).
The virus uses anti-debugging and anti-antivirus tricks.
The virus contains “copyright” text string:
|Find out the statistics of the threats spreading in your region|