Trojan comes attached to an email message allegedly coming from Facebook. The 20-kilobyte file is a dropper, which means that it only downloads a dll file from the web and copies it either in %USERPROFILE%Local SettingsTemp[random digits].tmp or in %SYSTEM%ifmq.kqo. If the infected system has Microsoft Office installed, the malware would attempt to run a Visual Basic script with OLE automation in the context of MS Words process.”]