Sample from the blog post
http://blog.trendmicro.com/trendlabs-se ... ce+Blog%29
Dropped or Downloaded FilesDropped or Downloaded Files
File Threat Size (bytes) SHA-1
kl32.exe TSPY_FASTPOS.A 95232 1165790BCB5F8A1AF51F1C215B315788849DDB05
kbd.exe TSPY64_FASTPOS.A 123904 F948944463358C0D364B0EBBD9EFF3D240FEC3C7
proc32.exe TSPY_FASTPOS.A 131072 DAF82BD9E88EA097D89438E223EA280C9B82EDED
proc64.exe TSPY64_FASTPOS.A 159744 EFF7300008EA86F23283C1DFB159E7F4F55297A6
service.exe TSPY_FASTPOS.A 135168 D89067EBCBAA62DD0E77D6F693868897CB42C1A9
kl64.exe TSPY64_FASTPOS.A 123904 F948944463358C0D364B0EBBD9EFF3D240FEC3C7
serv32.exe TSPY_FASTPOS.A 135168 D89067EBCBAA62DD0E77D6F693868897CB42C1A9
servproc.exe TSPY64_FASTPOS.A 159744 EFF7300008EA86F23283C1DFB159E7F4F55297A6
servhelp.exe TSPY_FASTPOS.A 876032 8E7761E123026D9CE6A108E77DD677EE5D6245E4
http://blog.trendmicro.com/trendlabs-se ... ce+Blog%29
Dropped or Downloaded FilesDropped or Downloaded Files
File Threat Size (bytes) SHA-1
kl32.exe TSPY_FASTPOS.A 95232 1165790BCB5F8A1AF51F1C215B315788849DDB05
kbd.exe TSPY64_FASTPOS.A 123904 F948944463358C0D364B0EBBD9EFF3D240FEC3C7
proc32.exe TSPY_FASTPOS.A 131072 DAF82BD9E88EA097D89438E223EA280C9B82EDED
proc64.exe TSPY64_FASTPOS.A 159744 EFF7300008EA86F23283C1DFB159E7F4F55297A6
service.exe TSPY_FASTPOS.A 135168 D89067EBCBAA62DD0E77D6F693868897CB42C1A9
kl64.exe TSPY64_FASTPOS.A 123904 F948944463358C0D364B0EBBD9EFF3D240FEC3C7
serv32.exe TSPY_FASTPOS.A 135168 D89067EBCBAA62DD0E77D6F693868897CB42C1A9
servproc.exe TSPY64_FASTPOS.A 159744 EFF7300008EA86F23283C1DFB159E7F4F55297A6
servhelp.exe TSPY_FASTPOS.A 876032 8E7761E123026D9CE6A108E77DD677EE5D6245E4
Attachments
pw virus
(431.15 KiB) Downloaded 51 times
(431.15 KiB) Downloaded 51 times
