Undetected trojan downloader variant

Viruses and worms
1

Was reported to virus at avast dot com for detection.
Analysis of Trojan Downloader sinowal - aka PAK_GENERIC.012,
malware compressed using win32 VM compressing tools.
Not detected by avast, see:
http://www.virustotal.com/file-scan/report.html?id=034254c161b75bf50f367d4a2aa4ccb308272e19501a8eced8550e7caea6f46d-1311705278
Given as an unexecutable uploaded here: http://camas.comodo.com/cgi-bin/submit?file=034254c161b75bf50f367d4a2aa4ccb308272e19501a8eced8550e7caea6f46d
wepawet scan: http://wepawet.iseclab.org/view.php?hash=62fcaa4c87bf33b7b1fe20b (suspicious)
Anubis report: http://anubis.iseclab.org/?action=result&task_id=147f0d1d36bf94bc4ad7f7c00054fda57&format=html

Now some remarks on the anubis report’s data…
regsvr32.exe is a command line program used to register and unregister object linking and embedding (OLE) controls , such as dynamic-link library (DLL) or ActiveX Controls (OCX) files that are self-registerable. In malware it could be cleansed through the use of MBAM.

Aimbot hack performance as input file .dll packed by VMPROTECT.
On VMPROTECT analysis, see: http://securitylabs.websense.com/content/Blogs/2538.aspx
link article author: researcher: Nicolas Brulez for Websense Security Labs
Renaming the input file (62fcaa4c87.exe) to .\d1.tmp.dll found dll entry point at 0x100faf96. Dll is not a BHO;
Windows Media Player bug related apphelp.dll, see info on it here: http://www.bleepingcomputer.com/startups/apphelp.dll-17120.html
Some trojan malware camouflage themselves as regsvr32.exe,
particularly if they are located in c:\windows or c:\windows\system32 folder.
Windows\AppPatch\sysmain.sdb. Process Created - this is a generic trojan characteristic.
Attack code found from Aimbot hack: Command Line:…regsvr32.exe /c /s .\d1.tmp.dll
control code 0x00090028 creates crashes through library problems for OS.
AcGenral.DLL is a legit Windows file to manipulate and make changes while it is being injected to all sort of running processes.
Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll creates manifold IE crashes, and is important for flagging in generic heuristic trojan finds.
MSACM32.dll has to be present else we get a fail on start for the miscreation,

polonus