If i remember, it used a .net wrapper to unravel the malicious code. This was the main reason nothing was detected. not a bad idea. last I remember, it was building a huge botnet. there were other fake groups releasing these trojans too, which had the trojan included in the installer for the release.