As a shellcode used a xor decoder nepenthes did not know, it was unrecognized. So I had a look myself and after adding the xor chain Nepenthes was able to download the file.
But some words about the file downloaded from http://rcb.medbod.com/seed/ftcn32a.exe.
As it was only 6656 bytes in size, i simply ran strings on it, and voila:
seem'd like the file was upto download another file from http://rc.medbod.com/seed/nwaa32.exe.
As domain rc.medbod.com could not be resolved, i tried rcb.medbod.com as used to download the previous file, and it worked.
Obviously somebody mistyped the domain where to download the next stage in the ftcn32a.exe downloader.
nwaa32.exe has 48198 bytes size and as Im lazy i just threw it in normans sandbox, it turned out nwaa32.exe was about to download http://upseek.org/u/upd_0002.exe but the domain does not resolve any longer.