Sample details: c8fb97a8a400781bf8f7e3d2ab66e95a --

Hashes
MD5: c8fb97a8a400781bf8f7e3d2ab66e95a
SHA1: 2f42b75e629ddd394e6cbefea073ad6671882e5a
SHA256: 2f8db7ebe4e9de5f49fba5d9ff8eeb7e758aff7a1514d7de7d68d9869c95e135
SSDEEP: 12288:UspTLZTkTJSUahgEV5zjch2QfqfBeZQERAj:np5TkQgEV5zD4qfji
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Studio_NET | YRP/Microsoft_Visual_C_v70_Basic_NET_additional | YRP/Microsoft_Visual_C_Basic_NET | YRP/Microsoft_Visual_Studio_NET_additional | YRP/Microsoft_Visual_C_v70_Basic_NET | YRP/NET_executable_ | YRP/NET_executable | YRP/IsPE32 | YRP/IsNET_EXE | YRP/IsWindowsGUI | YRP/domain | YRP/IP | YRP/contentis_base64 |
Source
http://prosciuttiamo.it/tmp/khalifer.exe
http://prosciuttiamo.it/tmp/khalifer.exe
Strings
		!This program cannot be run in DOS mode.
`.rsrc
@.reloc
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
\System.Object[], mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089PA
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
sLk{)CD
FE?'fV
#[6nIv]
gV5>7J
8 !6_a
CBIGj(7A|
s*YK)#q|
TgbUiI-
h<"3lg
!te]-a
O@3\l95K
O:JjW4
Af;JN~)
"sEy\C
6GRBAQ
B6*pd[
.}vY&:
V~u&OI
wJ	i9'
j	h<:3
Jj(7]TIm
QWf}<?z#.
pNWdJYc@j
h]oHr}4n
3: 3Ty
{= j;A
a_4T)5
tGWL[k
6g/C}q
IDATx^
ItWL[)
xh6gP+@
ed(Tvy
w3!hzL
{p4.T(F1
0KB3J7o
Tx3AE_}E
bQ"SeB
 zyp16A
lnb:O(
rqY^w/
5]~p\V	
nnq"B*
W(Ln~>V
d#jD=<
]..OZ:8
(T.,qK
<b ,oW
~!eZ,\
?isNO'
Q/- Cr
FN&IkI ^A
2zHHVJ2
2Od/[<
giHjm&Z
"skA49
<y,%i\-
em4\xKS
T`){";
m\M*\F
6M#nS=3
R@:(Z;
R7xt7ZQ_AE
q`?~5u>
P*w'7t
J!j,Zx	
a1dvJq
33R,uZ
U$Hl8B#
zvWddG
p]_]i@
XggL=/
G4J+Q[
f)r"/CN
,Q#kD(Oe
_Sw"d%
;LTMp-
p@D8lIy
xZ)S\c
+M_c8Z
+\v~9,
#G#CIG
;*%0G-
h&7C*hv
BWk)93
:/K'lz
zlW;ut
'0|5W/
7TmamH
5~!5)S
vF%MIh
?r6m""uu
:sFn(p
\eO*Cc[	r
eq~s@N
ph27p=
+ex)I+
x[3j#=
|No=?L
g>QXuI
H{@I&k
|4bSE(
7%OF'st
5tKXdy
ybU':E 
W~Nv)P&
Tzg]NY
p!rus^
I2k^5V
#'bJ]U
'<JhIf(
7mlJF(
MoEYnT
{2zv"|
G$S(wvz+
<`G});P
9fg>q8vpf
@@+/}z
G_z(6x
L`Cy~$
Dq>]&R
 ~#6[Y
#<G1;y
PbjNSk7
YD]6Ya
X(s"::z;
O,c|7.:
h04hLq
G=*DoPN[
}@$U)>
r	fqj<6E
F4r#M:qV
VA/FSL
;&51cQ
pSh-c'
K5=SQ>
HT{'Ps!f
Bvs%bvR
3kEj+M
iN#~KZ6
G]$)B~s
2Zy0[:
6mVn#Y)Z
N$-@!OS
2s{}8C!}.
a M3Bsm
k(2oXyf
OHB'jeo
&DfqC`8
:_#/Y5z
,*gh0GWg
/}vt8%
8"3R{,
zzcF>F8
pe3Bb1Q]$
v8Z2$O2
xT]g~%
yl:y*2
v871/+4
/,s9g 
Dd-`eP
[`Kh!g
BvL)y&
uoNWOV
3:8.Nz
51Ml6V
$cFk_E
26Rv-/
~-ylKO
vpZt._D22
kJpt8	9
~[q2>-h
.j7&VwxA
-w{f$(
8q[^QE
>Pr 5S
<;jo7B
p[<AyUG
)aUaLH
J`TN}>'r8
2"'cUY
UqZ++)
oOW}QE
ah/C32<
qBlXC,
3aY1_D$}
:$Ar'7
K-Ccl"
Gz:hx!
N<]J>j
/j}Nss
->(K:9
R+(vrJN
?jN_`J
;IdDAWD
VxFbTS
|ZwC}G
pl	9)I
%'wn^w
@#EJAtq
+nl6)t
jO2]3(mOT
3aFz_E$}
7$Br'(
QUwNsF`
52k=f!
~Q232K
F%#A"*;)@
C1K!tS
joIi)A:
{h~ GV
t!#]rz
Pn`Gcu
:IP*!@uq
%w#BVw
V!(gp0I
pg/q%5
.E!gjV
-KT W:
.ajDqW
fB{dk@G%,d
ihFf&8
PH=,+{+
G.E0l*
iziL7n
^8bvd?
O^`|YJ
'CWSSq
"!yEs+
}6$,/YJ
Q23`3~
Xm$P6Qz
,:Cq_Y
M`!k.a
=/Z@-`u
u@Z2qr
a2V&K.*J|
ixy}uc
wD&WU"
P4sN?u*9	
EFFQ`F
Q[IX~]y
g~WOy$]
mwY3o/
:p<	e|j
RQQw"<
#LZURtz:
Tm&{4:
+B@~l}
5O~Ame
>]3[xmu
bcn]nx
i;=	A7sj7
L,'Bbofq
Epr%^	
vjy2H98
'r-j]~
4hC/]I
]z*xbWtx.
L4Z<Q.O
G\[9l<q
KVYWKe
t 5?PZ
rNY@vd
L~ml(e
b|5fq2
cY23&c
eg/h#0
/!SKVH
?kjdM}
9Z\5CB
D?tncW
lxA9CQ
"'OhDz
-Xp'Ey
# D_AN
/jx	Ih
xk"kz<
9~_$oOK}
N!d%N<:>
6p@W?V+g
~Xf}sW 
cP%=tB
S@|-je
5%x>jj
xmqB5L/{
Q1w$Cou9c
t+z?qC
NPt&90Q<
w|p|:e{l
nmyQJYW
xAqh&S
FSlC*BV
sK.0Qp
q!f<'x
nOk	jW\(u;
AlH=HF
w%IHnE@
${Yh[) 4
]XGRQi
{:wT%K
.0W>HV
~g6MY"
[B/$O.]
SN^*$3_[
S\u;Q#
5ua,xoSO
p.oZXO
;6z Y,1
U>j^-?
JQ	7iLV
PPo8$Z
QIDqZN
^~&~{D
V\Z!_X
8fTk0D
mE\wYO"
4X"ddn
&bgS;y
NaM	aK
3rl	Rn
(r)VKw\
EPahN7
/o:!Jp
3o%CU]F
+%smr]
uz.x~<
6Mwx<T
33lGXA%
3s*'^6
3 tosyv
jhCH"M
fGh%PK
~|kOin
g#-rep
Ad$k:F
4Jrxup
JiO-/*_
?WMvHe
e uQyS
K.O6F:
I:"'gg
QN,jb'
?W~1+r
_ ZNZ;>
Vs*,9M
=]3/X/
_B(qgM:
Wmt]~	
c9}M:9
M1ZNp>
iDK^~Z
`X|?-,
F L#=6;
@Y:@6|gX 
tXTfxm
y?AXd`#r5
'f2%8v
j}mb(qr
rscag_]
.lM:U9
DtVA%&
XP<`>@
m4G!n4V
08^j& 3
H%$ryj
v2.0.50727
#Strings
<Module>
mscorlib
Microsoft.VisualBasic
MyApplication
MyComputer
MyProject
MyWebServices
ThreadSafeObjectProvider`1
Microsoft.VisualBasic.ApplicationServices
ApplicationBase
Microsoft.VisualBasic.Devices
Computer
System
Object
.cctor
get_Computer
m_ComputerObjectProvider
get_Application
m_AppObjectProvider
get_User
m_UserObjectProvider
get_WebServices
m_MyWebServicesObjectProvider
Application
WebServices
Equals
GetHashCode
GetType
ToString
Create__Instance__
instance
Dispose__Instance__
get_GetInstance
m_ThreadStaticValue
GetInstance
MulticastDelegate
TargetObject
TargetMethod
IAsyncResult
AsyncCallback
BeginInvoke
appName
DelegateCallback
DelegateAsyncState
EndInvoke
DelegateAsyncResult
Invoke
System.ComponentModel
EditorBrowsableAttribute
EditorBrowsableState
System.CodeDom.Compiler
GeneratedCodeAttribute
System.Diagnostics
DebuggerHiddenAttribute
Microsoft.VisualBasic.CompilerServices
StandardModuleAttribute
HideModuleNameAttribute
System.ComponentModel.Design
HelpKeywordAttribute
System.Runtime.CompilerServices
RuntimeHelpers
GetObjectValue
RuntimeTypeHandle
GetTypeFromHandle
Activator
CreateInstance
MyGroupCollectionAttribute
System.Runtime.InteropServices
ComVisibleAttribute
ThreadStaticAttribute
CompilerGeneratedAttribute
Conversions
ToByte
System.Text
Encoding
get_Default
GetString
String
get_Length
NewLateBinding
LateGet
LateIndexGet
Operators
ConcatenateObject
STAThreadAttribute
pTN.Resources.resources
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
System.Reflection
AssemblyFileVersionAttribute
AssemblyCopyrightAttribute
AssemblyProductAttribute
AssemblyCompanyAttribute
AssemblyDescriptionAttribute
AssemblyTitleAttribute
khalifer
khalifer.exe
MyTemplate
8.0.0.0
My.Application
My.WebServices
My.Computer
My.User
4System.Web.Services.Protocols.SoapHttpClientProtocol
Create__Instance__
Dispose__Instance__
WrapNonExceptionThrows
	12.1.19.7
(c) 2018 Watsco Inc
Watsco Inc Newer Product
Watsco Inc
_CorExeMain
mscoree.dll
Ghlk1L-
[q0k *[
S2-(AziW
+qGSp%
K/`X-i
^#7u@?Y
xBZu	r
=NU4z<
\lL)s'p
	=`>\^
8W+s_?
%otK`WI
&\^)Wo
sW9%|RfQ
2d07g^*
u]Rv<1
N[ owK
Rss0s/
XEcibl
xU;/8*l
LsCY&3
*lxop<
p[I3 {
L%Z	?r
V558*H
}|e<Nj
))6Gj)8
.}xw%F
0aFuU'
ppc6q{xd
ZwVex)
Z(>V{fU
,@N-~e
|KY2!k
7lU'4-
J$(a I]
s5}bTug6
Zn8J6y
AZNg9Eu
b`FV>!
-`mW	+?
I)}Pj`
b;$.dl
)3;vO;!7
,_lfOY
kFy	+z
Z%ICCHn.
AXbv,9
J{L`^/3N
X-TnXxCT
PL$2t0
qEzWT,
#9-y/g
#{2l50
 .BES>
{/ }opv
5rpId&g
g4`Sx&
h?V	z`
J"&V"=
rfhkh8X>
_S}ZQ3
mGl.fPt
 :I0RA
@5'zqs
\r7H5t
'9PKAc
(n"N2<^
TP}_uo
`Rod9@
a@0IAN
23\tr.
;6dAPG%7
%9*8{]
EdqFf;X
)LS,-[
bkXZ(x
A!g5XH
g?d[1m
VED4V]
mU~n>X
Ghlk1L-
[q0k *[
S2-(AziW
]`o<*pN
+qGSp%
K/`X-i
^#7u@?Y
xBZu	r
=NU4z<
\lL)s'p
	=`>\^
8W+s_?
%otK`WI
&\^)Wo
sW9%|RfQ
2d07g^*
u]Rv<1
N[ owK
Rss0s/
XEcibl
xU;/8*l
LsCY&3
*lxop<
p[I3 {
V558*H
}|e<Nj
))6Gj)8
.}xw%F
0aFuU'
ppc6q{xd
ZwVex)
Z(>V{fU
,@N-~e
|KY2!k
7lU'4-
J$(a I]
s5}bTug6
Zn8J6y
AZNg9Eu
b`FV>!
-`mW	+?
I)}Pj`
b;$.dl
)3;vO;!7
,_lfOY
kFy	+z
Z%ICCHn.
AXbv,9
J{L`^/3N
X-TnXxCT
PL$2t0
qEzWT,
#9-y/g
#{2l50
 .BES>
{/ }opv
5rpId&g
g4`Sx&
h?V	z`
J"&V"=
rfhkh8X>
_S}ZQ3
mGl.fPt
 :I0RA
@5'zqs
\r7H5t
'9PKAc
(n"N2<^
TP}_uo
`Rod9@
a@0IAN
23\tr.
;6dAPG%7
%9*8{]
EdqFf;X
U)LS,-[
bkXZ(x
A!g5XH
g?d[1m
VED4V]
mU~n>X
KKLOO308H
D"NOO/[
h2==M(
14!XZZ
VJzzzx
SSSTk5
e188xM
R255Mq
|@H)9}
f!^^^f
2)+Bcj
 6:@sj
"XYF8.
ta2kAR
Bk?[A?rm
?RX.P-Wx
{{i\Y <
 X]g.h'
J4$d3x
<w	sl;
T	'cx+
sss,//
x.~:Ax
N ri*S
[2+Oqg
sujqy]
0zr4gg!h"=w]
j\M@+g3
u+WlP%
C!zz{y
344DOO
T*UVVV
+p#TV`
PA1 VERSIONINFO
FILEVERSION 0,0,0,0
PRODUCTVERSION 0,0,0,0
FILEOS 0x4
FILETYPE 0x1
BLOCK "StringFileInfo"
	BLOCK "000004b0"
		VALUE "Comments", "Watsco Inc Newer Product"
		VALUE "CompanyName", "Watsco Inc"
		VALUE "FileDescription", "Watsco Inc"
		VALUE "FileVersion", "12.6.11.9"
		VALUE "InternalName", "WatscoInc.exe"
		VALUE "LegalCopyright", "(c) 2018 Watsco Inc"
		VALUE "OriginalFilename", "WatscoInc.exe"
		VALUE "ProductName", "Watsco Inc Newer Product"
		VALUE "ProductVersion", "12.6.11.9"
		VALUE "Assembly Version", "6.5.9.2"
BLOCK "VarFileInfo"
	VALUE "Translation", 0x0000 0x04B0  
}PADPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING