This threat is detected as New Worm with the 4150 DATs, or newer, when running with program heuristics enabled. The 4207 will detect this as W32/PetLil@MM.
When ran, if it is the 1st, 15th, 31st of the month. The worm will display a picture of a half-naked woman. On any other day, it will display a message box:
All addresses found in the Microsoft Outlook Address book are sent a message with the following information:
Subject: XXX Picture...
Body: A pretty girl waits for you. Click on attached file...
The worm copies itself to C:\XXXPic.exe. It also searches the Windows, Windows system, and My Documents directories for files with the extension .vbs, .htm, .doc, .xls, .bmp, .gif, .jpg, .pdf, or .js. If any files are found, it copies itself as the filename with an .exe extension. It adds a registry key entry for every file dropped: