I just received it. The description was given by Kaspersky.
Password: malware

TDSS group are packed that way, i many uploaded here..

I took the briefest look at this, let it run and got the following DbgPrint error message, which comes from kernel32.dll
(this is the full message string, the actual format values were all 0's)

"SXS: Invalid parameter(s) passed to FindActCtxSection*()
dwFlags = 0x%08lx
ReturnedData = %p
->cbSize = %u"


Not sure why,.. the malware groups' Quality Control Dept. might be slacking off..

Its funny, i came up with the same problem when trying to load it as a DLL, but once i turned it into an EXE. it loaded fine and i could debug it and catch the dropped .sys file.

There is a french article which explains the inner workings of a similar TDSS malware
http://mad.internetpol.fr/archives/3-Etude-de-cas-Infection-rootkit-TDSS.html

One thing i found interesting was the method used to drop the DLL via knowndll cache poisoning. This menthod was first talked about in 1999 by the L0pth Group
http://lists.jammed.com/ISN/1999/02/0070.html

Source code to the article can be found at
http://www.securityfocus.com/bid/234/info