This malware registers system wide proxy and redirects certain traffic on IP level. It also registers it's own CA certificate making TLS MITM possible. Finally it has auto-update functionality which could be used to push different malware to selected users.