Download Link: hxxp://www.lineagecojp.com/tmsn/tmsn.exe
File Name: tmsn.exe
File size: 45568 bytes
MD5...: bcc22dedb9d2ae01bf13a4aa6d4e7c5e
SHA1..: c09a2b0fcf5cb45a349b22a600fb9ca73325ec9b
SHA256: a82eb6c134fb357f3f95ebfea06ab45e32bd7ec105609c8528ce790a87ecd7d5
SHA512: e94f7570c68d8526d635b7391ca25fd0859ae11af9a148e0ee3c4cb1270f0519
69203cc284ae74ac8235d34a57fba5b3da62dc2bcfdd1946afa3a5febf298fcd

VirusTotal Result: 29/31 (93.55%)
Scanned on 05.11.2008 10:13:55 (CET)
AhnLab-V3 2008.5.10.0 2008.05.10 Win-Trojan/Agent.45568.AA
AntiVir 7.8.0.17 2008.05.09 TR/PSW.Agent.KA
Authentium 4.93.8 2008.05.11 W32/PWStealer.KCB
Avast 4.8.1169.0 2008.05.10 Win32:Agent-EXL
AVG 7.5.0.516 2008.05.10 PSW.Agent.EKF
BitDefender 7.2 2008.05.08 Trojan.PWS.Delf.DA
CAT-QuickHeal 9.50 2008.05.10 TrojanPSW.Agent.ka
ClamAV 0.92.1 2008.05.10 Trojan.Spy-387
DrWeb 4.44.0.09170 2008.05.10 Trojan.PWS.MSNPass
eSafe 7.0.15.0 2008.05.09 Win32.Agent.ka
Ewido 4.0 2008.05.10 Trojan.Agent.ka
F-Prot 4.4.2.54 2008.05.10 W32/PWStealer.KCB
F-Secure 6.70.13260.0 2008.05.10 Trojan-PSW.Win32.Agent.ka
Fortinet 3.14.0.0 2008.05.11 W32/Agent.KA!tr.pws
Ikarus T3.1.1.26.0 2008.05.11 Trojan-PWS.Win32.OnLineGames.jj
Kaspersky 7.0.0.125 2008.05.11 Trojan-PSW.Win32.Agent.ka
McAfee 5292 2008.05.10 Generic PWS.y
NOD32v2 3090 2008.05.09 Win32/PSW.Lineage.ON
Norman 5.80.02 2008.05.09 W32/Agent.AWHL
Panda 9.0.0.4 2008.05.10 Trj/Lineage.CCP
Prevx1 V2 2008.05.11 Malicious Software
Rising 20.43.60.00 2008.05.11 Trojan.PSW.Agent.ism
Sophos 4.29.0 2008.05.11 Troj/Lineag-AIL
Sunbelt 3.0.1097.0 2008.05.07 Trojan-PWS.Delf.DA
Symantec 10 2008.05.11 Infostealer
TheHacker 6.2.92.307 2008.05.11 Trojan/PSW.Agent.ka
VBA32 3.12.6.5 2008.05.10 Trojan.PWS.MSNPass
VirusBuster 4.3.26:9 2008.05.10 Trojan.PWS.Agent.RWC
Webwasher-Gateway 6.6.2 2008.05.09 Trojan.PSW.Agent.KA

PE Structure information

( base data )
entrypointaddress.: 0x404a0c
timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)
machinetype.......: 0x14c (I386)

( 8 sections )
name viradd virsiz rawdsiz ntrpy md5
CODE 0x1000 0x3a28 0x3c00 6.41 421ad02955e2e68da1ce7e45d58d8b2f
DATA 0x5000 0xb4 0x200 2.07 52c610a22c294857a77cf948a8328afa
BSS 0x6000 0x671 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.idata 0x7000 0x6c6 0x800 3.90 84cc22c9276bae1b15a87ac16cdc392f
.tls 0x8000 0x8 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rdata 0x9000 0x18 0x200 0.20 85a628617cb3cf1d4f392444aca2f86a
.reloc 0xa000 0x3ec 0x400 6.48 a2dcd33dc5f50e4d969bf7a4fa5da2e7
.rsrc 0xb000 0x6200 0x6200 6.18 ae93655ff2367c7fe9cf8561014a3a04

( 8 imports )
> kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetVersion, GetCurrentThreadId, GetThreadLocale, GetStartupInfoA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCommandLineA, FreeLibrary, ExitProcess, WriteFile, UnhandledExceptionFilter, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, CreateFileA, CloseHandle
> user32.dll: GetKeyboardType, MessageBoxA, CharNextA
> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey
> kernel32.dll: TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA
> advapi32.dll: RegSetValueExA, RegCreateKeyExA, RegCloseKey
> kernel32.dll: WriteFile, WinExec, SizeofResource, SetFileAttributesA, LockResource, LoadResource, LoadLibraryA, GetVersionExA, GetSystemDirectoryA, GetShortPathNameA, GetProcAddress, GetModuleFileNameA, GetCurrentProcessId, FreeResource, FreeLibrary, FindResourceA, DeleteFileA, CreateProcessA, CreateFileA, CopyFileA, CloseHandle
> user32.dll: TranslateMessage, GetMessageA, DispatchMessageA
> shlwapi.dll: PathFileExistsA