A Trojan designed for mining electronic currency and distributed under the guise of various applications using an affiliate program called Installmonster. A dropper is written in AutoIt and contains a harmless program and a malicious program in the Install.exe file. Using the configuration file downloaded in XML format from cybercriminals' website, the malware installs an application (Tool.BtcMine.130) for mining cpuminer electronic currency. This application runs as the %APPDATA%\Intel\explorer.exe process.
To ensure its autorun, the Trojan modifies the Windows system registry as follows:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Intel(R) Common User Interface"="%APPDATA%\Intel\Intel.exe"