The most interesting strings are
Home ftp client,
which indicate that this program may be FTP client software.
FindNextFile indicate that the program probably searches through the victim’s
filesystem. The imports
FtpPutFile tell us that this malware may upload files from the victim
machine to a remote FTP server.
The object created at 0x004011D9 represents a .doc file. It has one virtual function at offset 0x00401440, which uploads the file to a remote FTP server.
The virtual function call at 0x00401349 will call one of the virtual functions at 0x00401380, 0x00401440, or 0x00401370.
This malware ...