This is not very well written, but easy to study because a commented disassembly was included in the sample that arrived from Poland. When an infected program is run, it will infect one .EXE file in the current directory. Infected programs are first padded so their length becomes a multiple of 512 bytes. Then the virus adds 637 bytes to the end of the file. It will also install a resident part that will intercept any disk write and change it into a disk read.
Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.