Thanks for reporting back. This was first held to be a test run for Spy-eye,
but as seen from the point of the analysis done at Anubis’s,
it is certainly a “winlock-trojan.ransom” variant
(also Merjidoc and Xilitol report this type of malware at VT’s).
As this type of malware is constantly being launched morphed to go under the anti-malware radar,
it can be best detected from observing the separate characteristics found through analysing,
e.g.: for pa.exe, mutexes, other executables etc.: