SANS doesn't post malware analysis articles very often, but being SANS you can always expect a certain level of quality. This is a fairly nice overall example of the general steps taken to analyse a Trojan-Downloader that is worthy of reference here.

Reverse Engineering a Windows Screensaver e-Postcard"screensaver"_epostcard_33074

The malware is identified as Pushdo, which references rootkit driver pdb files in a "Siberia2" folder. Unfortunately the rk drivers themselves aren't analysed, but there is some discussion about them elsewhere:

Rootkit drivers are what intrigues me, this might be an interesting malware to explore further if a sample becomes available...