This trojan is a variant of the family Trojan/HTML.IFrame. It is a component of drive-by-download attack toolkits, mostly hosted by malicious site. When unsuspecting user visits certain infected web page, other malwares will be downloaded without user consent, leading to further system compromise.

It contains a bunch of hidden iframes, pointing to other remote malicious JavaScripts, which usually leverage certain vulnerabilities of operating system or 3rd party software components to execute arbitrary code. It first check where the visitor comes from via the refer, and load other malicious script accordingly. Those malicious urls are blocked by Anchiva's Malicious Site as well.