Upon execution, it drops a copy of itself as ISXA.EXE in the Windows system folder. It also drops a non-malicious text file named C656.TX in the %System%\Drivers folder. The said text file contains several URLs.
(Note: %System% is the Windows system folder, which is usually C:\Windows\System on Windows 98 and ME, C:\WINNT\System32 on Windows NT and 2000, or C:\Windows\System32 on Windows XP and Server 2003.)
It connects to URLs to download certain files. As a result of this download routine, the behavior of the said files can be observed on the affected system. Trend Micro detects one of the downloaded files as TROJ_SMALL.EJA.
Technical details can be found at this Trend Micro page.
Loading Comments...