free60 has all the information on this. LINK
In short the first 16 bytes is the hash of the decrypted file, hash these bytes to get the RC4 key(again resized to 16).
the rest of the file(388 bytes) is just a rc4 encrypted, I use this rc4 function.
When ever you hash data you should use retail or dev key in .net's HMACSHA1 class.