Sample details: da9f1fd295967bda72c3dbc74f3b7d00 --

Hashes
MD5: da9f1fd295967bda72c3dbc74f3b7d00
SHA1: 09f533f16e314183769de661006c68d767a23962
SHA256: 32910cbf73c795e253347595326944b1e074fe40c77e75b2a0ee22c408cba540
SSDEEP: 6144:OeUvl/6N00rxDOdZdGcEtsCa1NktK2IPx/I1yTCEhC3:ellOD8ZdGcEUwtIPxAIG53
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Studio_NET | YRP/Microsoft_Visual_C_v70_Basic_NET_additional | YRP/Microsoft_Visual_C_Basic_NET | YRP/Microsoft_Visual_Studio_NET_additional | YRP/Microsoft_Visual_C_v70_Basic_NET | YRP/NET_executable_ | YRP/NET_executable | YRP/NETexecutableMicrosoft | YRP/IsPE32 | YRP/IsNET_EXE | YRP/IsWindowsGUI | YRP/domain | YRP/IP | YRP/contentis_base64 |
Source
http://prosciuttiamo.it/ice/zoro.exe
http://prosciuttiamo.it/ice/zoro.exe
Strings
		!This program cannot be run in DOS mode.
`.rsrc
@.reloc
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
\System.Object[], mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089PA)iY
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
I>\Q3}
"iBZs6
l$MID>WE
1C]'=O
ZvFuRT
?|7ajC
oL)-vl
PaM8?~
8{C9=]
sk:revi
kZ7,8"@
0T6EFo:%
>)d`c18#V
]VL^k$
5V.Kwg
a[{2_`x
:Niys4
?fVI\4h
nQWqsF
T8HXf/
qDUGlr
@hzEng
SR&PV[y
B}@K6Z
3Y8T?>g
+&n'T8
(#afT&F
)JaeH4
v!G9Vl'i
]H@_eAv	
W9rP;>
o5lY?.=
X5Ot\S
)=S(?N
58,Kwf
CP"mWe
6jBgJi
$9Tf7\
[u';I_c
U"JV?B
`]`b![
IDATx^
7NZRRR
 wv[\8,
|hgOD~
z|j*(c
OWBkE(5
{a	;+c
#K2xGE
Gp7@yi1G
Y"?j5%
>3!j5B`
.UAn`^
04pC1'
~_k!T0
^-Wg&.v_
'UD&VO!
G%Crlt*(
~`rg+j
437+)=
`}hfb/
/mY<$l
gEE6I`
?."A1$
@i%o!Q#
98_K94J
ePzyQUQ
33z$i]A
	x08np
!OyuYLS
g;5-gB
; [rI-q	40L
|nRgg!
L(L:1;
"r6R)s
'J=B\=&
F-pb;)X
E0;&G,
.:r)jfr
Jw9Kk8>
&5!5MC
qc*fm(;g
n_t<F_N
Kn	F8@K
c9OVZ2
tfw$,'
W4	pIV
'Ge$>-
T`|Hx~
o91..y
M\,Ef4
^[u@AI9
+$P<-RS
HLYjVZ~
DKv=E<D
H%MLAZ
/5Ul_M
{yM4`'
sr8UE-y
07pdK{.w
"79KfT
MMF!Q=
5nRu|P
~7$>(*
Uj9CE+
`SPre`m
95AI}c
/N+0A\
Di< SVT
V%" BP
J>>egQz
V r9zH%
2/i=*yu
`m@v=e8
oT^?fD
C5qm0yL
T>7rK3
ld^GUfz
n{,>8S
3fg;l$
~/l	U/
h2i$f|
{;Mo`m
0#YJ&x
{a's1m+
LK\eAfB
en[b%8
s;f?;d
ww+taQ
!T{VHnW
fs~EHuh%
c@e@@G
hbD3K 
2F="q9
)"/#Ts
pUQ'FX
K>[4VB
I,0rW'
q{+B{~'
d.@uTD C
IMRW1|
vG`..G5
>X^KhY
83-4qd
8@!fz@
XN);nu`
IDATcw
nN+xKB#
7/=%u3:
j@jVDz
sQul-j
h%#k2"
I(b\?W+
o&YGMa
@"b2D&
R"^)6C
v+TL[X4
>qs<8 
[9H%oHPv
-zWBW8
g9k4?#5%
JWQwj3
5@2?|X
g4\9V7&N$e'iQE
_yoQEN
rnCsi@-<
2j`3+G
.vW|rS
WZ@xHt^
N9IVPR
V![L0l
|2bEoXF
m33Ik/
G`",3CU
#!}|#i
2xA]9E
4x"=MS
$=A,A 
.NYeJt
$lFN$SN-
:G;?r?,
&Z/E}}
tE)mz0
9M#0&qr
|JKv}/giu
{MaN*~H
Zs-#)B
hq6^):
dd-3.R
P`QbP)T
nCUoO(
,V\n>SQ
o1sD[}
rM.<&}
;8Y,(I
h<.AE$
RkAAqCP+
#tT<J1m
=jz48,
O`<:R;
#g6)'|
kA.:)>
T:.;Iq
>tP^el
n3(T'1E
l@cM?r"
-qZiSm
UVOX7|'
n#g+	V
4in@7:
<z{3bs
)IarARv
tB7e<#y
M}z|^pO
9Td;]V
E<zF.o
$T'EyQ_
'oy@VGq}J
,{v>GC
5WO\p3
8|.$ZP/&
X\6wN\
c_8]qt
rhfrW+
A\[C-y
ia-16a
k{jDuQ=
K^UAGk
0b[At&wS
F?wV0$:'
:;th3d.n
xDNN<Iws%X'-'
(,AKgs
9sv!=B
7e{ovF
b5"GRrn
jMoAQ`
~@yf|u
/bDL_A
]MZG%c
t?~	W0`-
AgCJte
e+|iZQ
47Q%aq
u16@Cu96
*5<qx005
#",>p%
gPB_8>
ZMQq:S
3|\Z4}+t^@W
@$&z>0
lLhykJ
V+[(Wk
 qew'lG^
|2 g&A9
^cj$=}6
,a4<$>
898,r*3
-A2k0O
$wP1`B
6"VMn*
-g:oEs
d%YQ#O
g=oc>uEv
re)^b:
[?'Dt/.
CLsHb)
M=O\[^
#k;SY"
"Av<5 
=~Cm>EX
\ST9=*
#L>`O~w
=-NizP
/>p#rX
}Z<mH[
K&	xV 
0Ogan&
pU[a,XI
h0j.#(
"M"*]	
|Y=qK!
a=oR>	
:,@]fU
AJcW*nW
/^6TKkr
JQVwp5
b5MM(X
%/RAYI
tqnUm$
kud*H:
.RqY#q*Q
bh=18(
~v]$p,
~?6:q0
~90\#=
eXriP{It
o4L]TK
$)3b%m8GX
.3WPHw
H9dR[mVX
Wi{;@L
}Y)u,o)h	
08}%;F2
$\+vWZPh
">9,~z
J:8*v#:@
[~!jrx
	$~`%Z|
v&KK:o|e
	U"T3A
	9GXZdH
FjU^^\
i+ p	~;r
/F)sP{
vkt)w8
]%\y9f
'WOtx%B
{KuR9ra
w!$<B@
8<_tfb
?.HchW
`<M	Aw
UO[:LP
B^z	1v^
xMwvZr
Aeovz)
)[!ULr
GNpCSI
J3m*bS
l$lK6Z
Q(im[6
TN-?xf
QdL5hO
$5rBaM
RMbu=:i
-(7d-]
Fg4	!1N=C
8	n.@-
oBE=#Z(z
{}otS/
4(=sDb
mFT>]C
0q\HJ3
 !A-*,3
N$c4	G
X]IN~".
RVVTp!JR
]<.Ri*
<P2^.B#
g6@hJU]
Frk*LX
YF7$S!
z	:(UH)
.2x\l!
{(*i-0g
e-MgOE
rprE(N
))NBw=J
s&eU	48(DR<@
&8fB"B
|Tgn!i+
Y*mhic
="6_l\u
^qUHi"
$Xnh9S
R{IDATL
sQHs=E
$czq96
KpM@n;4q
(*x{nO
l(U0:G
7RVn$z
*dT0iE%D
Ond9I/
BN&%]S
u_Up>K
Wm`I84
,8kO8'
&.h:u#
#fKgN^
r5+vyU
$yeg\a
.v:c>C
$OEl:u
2(0js8
%A#>Y3
_S#%~6
9,}OFg
-UGH	>
B[G=b;
'5bm3_
L.=t0Q
I4a\u:
Vr~XTG
v2.0.50727
#Strings
<Module>
mscorlib
Microsoft.VisualBasic
MyApplication
MyComputer
MyProject
MyWebServices
ThreadSafeObjectProvider`1
Microsoft.VisualBasic.ApplicationServices
ApplicationBase
Microsoft.VisualBasic.Devices
Computer
System
Object
.cctor
get_Computer
m_ComputerObjectProvider
get_Application
m_AppObjectProvider
get_User
m_UserObjectProvider
get_WebServices
m_MyWebServicesObjectProvider
Application
WebServices
Equals
GetHashCode
GetType
ToString
Create__Instance__
instance
Dispose__Instance__
get_GetInstance
m_ThreadStaticValue
GetInstance
System.ComponentModel
EditorBrowsableAttribute
EditorBrowsableState
System.CodeDom.Compiler
GeneratedCodeAttribute
System.Diagnostics
DebuggerHiddenAttribute
Microsoft.VisualBasic.CompilerServices
StandardModuleAttribute
HideModuleNameAttribute
System.ComponentModel.Design
HelpKeywordAttribute
System.Runtime.CompilerServices
RuntimeHelpers
GetObjectValue
RuntimeTypeHandle
GetTypeFromHandle
Activator
CreateInstance
MyGroupCollectionAttribute
System.Runtime.InteropServices
ComVisibleAttribute
ThreadStaticAttribute
CompilerGeneratedAttribute
System.Text
Encoding
get_Default
GetString
Conversions
NewLateBinding
LateGet
LateIndexGet
Operators
ConcatenateObject
String
System.IO
WriteAllText
SubtractObject
ToInteger
AddObject
ModObject
ToByte
STAThreadAttribute
RZvn.Resources.resources
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
System.Reflection
AssemblyFileVersionAttribute
AssemblyCopyrightAttribute
AssemblyProductAttribute
AssemblyCompanyAttribute
AssemblyDescriptionAttribute
AssemblyTitleAttribute
zoro.exe
MyTemplate
8.0.0.0
My.Application
My.WebServices
My.Computer
My.User
4System.Web.Services.Protocols.SoapHttpClientProtocol
Create__Instance__
Dispose__Instance__
WrapNonExceptionThrows
11.0.16.12
(c) 2017 AFLAC Incorporated
AFLAC Incorporated New Taker
AFLAC Incorporated
AFLAC Incorporated Take
_CorExeMain
mscoree.dll