This Trojan arrives as a downloaded file via links in email messages spammed by another malware or by a malicious user. Upon execution, it accesses a certain URL to download a malicious file detected by Trend Micro as TSPY_BANKER.OIZ.
It saves the downloaded file using certain file names. It then executes the downloaded file(s). As a result, malicious routines of the downloaded files are exhibited on the affected system.