This trojan may be dropped by other malware,it may spreads via Internet Relay Chat (IRC) or removable drives,it may be downloaded unknowingly by a user when visiting malicious web sites.

It injects the most important part of it's code into Explorer.exe process.The injected code contains an IRC-based backdoor, which may be used by a remote attacker to order the affected machine to participate in DDOS attacks, or to download and execute arbitrary files.

When executed,this trojan injects code into the explorer.exe process, which then copies its executable to c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhi64.exe,it also creates a harmless text file named 'Desktop.ini' in the same directory.
It may attempt to delete older versions of itself if these are present on the affected machine.
If one is found (other than in the A: or B: drive), the behavior is similar as above.In addition,it creates an autorun.inf file in the root directory of the removable drive.
 
It also creates the following registry entry:
[HKLM\Software\Microsoft\Active Setup\Installed Components\{18B0E5C2-99CB-11CF-AYX5-00401C648513}]
StubPath "c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhi64.exe"

Once installed, it attempts to connect to an IRC server at ping.q8still.net:6667 and joins the channel of #rape#, the generated outbound IRC traffic is provided below:
NICK icgnlf
USER bpzcyl "" "num" :bpzcyl
JOIN #rape# fucker