File infector: infects files with EXE, DLL, SCR, HTM and HTML extensions by appending its code. Network propagation: Spreads via network shares and USB devices. Backdoor: Creates a backdoor where it can receive remote instructions. Steals FTP credentials and browser cookies.

The latest variant also incorporates Zeus-like Man-in-the-Browser (MitB) web inject functionality to steal Online Banking credentials. It is highly likely that some modules of the Zeus source code (leaked earlier this year) have been integrated into it.