Antivirus XP 2008 Hidden Installer

Trojan downloaders sometimes use tricks to hide stuff they download. This picture of a lemur is downloaded from antivirusxp-08.net host. But the size is to heavy for it (1,47Mo).



Looking at the data, we can see some hidden code after and the decipher routine (XOR 0x6B) in the Trojan-Downloader.
Removing the picture data, applying a decipher home made tool, we get the Antivirus XP 2008 rogue installer.

Edit: This trick is not new, it has been seen on many other infections like tibs or with this Desktop Hijack.