This malware was created to carry and distribute other malware. The carried program is attached to the end of the carrier file, in encrypted form.
Upon program startup, the carrier opens itself, and then tries to decrypt the carried content. If it succeeds, it launches itself in another process, and then writes the carried content into the memory of the started process, which will thus run the carried malware.
Some instances of the malware exist in an unexecutable form. Length variations are the result of the carrier functionality. Instances shorter than the minimum length are necessarily unexecutable.
| 
