This type of trojan secretly downloads malicious files from a remote server, then installs and executes the files.
Depending on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the suspect file, or ask you for a desired action.
More information on the scanning and removal options available in your F-Secure product can be found in the Help Center.
You may also refer to the Knowledge Base on the F-Secure Community site for more information.
This trojan is disguised as a DOC file. Upon executing the trojan, it will download a document from a remote site (hxxp://www.epof.ru/[...]/document.doc) and display it, furthering the deception that the trojan is legitimate. Below is a screenshot of the document displayed:
In the meantime, the trojan will attempt to download malicious files from the following URLs:
At the time of writing, the domain contacted by the malware is blocked by the Browsing Protection feature of our product.