It is remarkable how creative pig-people become to acquire power and wealth while exploiting other’s (computers in this case).
This message received me today… let me say this: WhatsApp messages and pictures will NEVER be delivered to you through your e-Mail address, only through your mobile phone where the application is installed.
https://malwr.com/analysis/OTZmNmQ2OGU4ZDM2NDg2NWE4MTJjMjAyMjkzOGZjNzM/
the message had this attachment:
File Details
FILE NAME | IMG0009821.exe |
---|---|
FILE SIZE | 102400 bytes |
FILE TYPE | PE32 executable (GUI) Intel 80386, for MS Windows |
MD5 | 31d604c62efaeffd5129d7d8e88285ce |
SHA1 | a5d308240536cb6de0c83906121eda9242a4140d |
SHA256 | fc8443eb7d088672854d300e214e4dec4c88b4ab6e737afdbb216f29218dba65 |
SHA512 | daefa443fe88172e09136ebf7f345040218af07991d42489d2b830d01b49ca9db6443e7ad5cf6844fded9a1503575fc08288a718ec421c2228c56388cd2607ab |
CRC32 | AD1BF7E1 |
SSDEEP | 1536:ITKZH0YFAkSYskOJh4a2nmg17mYi8Namiy:IT0H0vbzb4a2nmjYiq |
YARA |
|
Return-Path: <crouchuk711@gmail.com> X-Spam-Status: No, hits=3.9 required=5.0 tests=DNSBL_ZEN.SPAMHAUS.ORG: 1.40,HTML_IMAGE_ONLY_16: 2.498,HTML_MESSAGE: 0.001, RDNS_NONE: 0,T_TVD_FW_GRAPHIC_ID1: 0.01,TOTAL_SCORE: 3.909,autolearn=no X-Spam-Level: *** Received: from [58.227.89.87] ([58.227.89.87]) by www.dwaves.de (Kerio Connect 7.2.0) for admin@dwaves.de; Mon, 16 Dec 2013 09:18:50 +0100 Received: from [44.162.188.104] (account birdiedkf34@yahoo.com HELO xmxdyqgr.febaxpadstlvt.va) by (CommuniGate Pro SMTP 5.2.3) with ESMTPA id 537625636 for admin@dwaves.de; Mon, 16 Dec 2013 17:16:51 +0900 Date: Mon, 16 Dec 2013 17:16:51 +0900 From: "WhatsApp" <{messages@whatsapp.com}> X-Mailer: The Bat! (v2.00.3) Business X-Priority: 3 (Normal) Message-ID: <6661121465.N31J9SZ4371366@yjvfekwjzyeuxs.bikdzka.ru> To: <admin@dwaves.de> Subject: Your friend has just sent you a picture MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----------2EE4EC0C4ECA27DF" ------------2EE4EC0C4ECA27DF Content-Type: multipart/alternative; boundary="----------88EB5BE62CCDCD0" ------------88EB5BE62CCDCD0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Hello! Someone you’re acquainted with has just sent you a image in WhatsApp. Open attachments to to check it out. © 2013 WhatsApp Inc ------------88EB5BE62CCDCD0 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit
Hello!
Someone you’re acquainted with has just sent you a image in WhatsApp. Open attachments to to check it out.
© 2013 WhatsApp Inc
------------88EB5BE62CCDCD0-- ------------2EE4EC0C4ECA27DF Content-Type: application/zip; name="IMG0009821.zip" Content-Transfer-Encoding: base64 Content-ID: <002701cefa82$9c0af7a0$647ba8c0@DQRCI3S3> UEsDBBQAAAAIABIEkEPh9xutUskAAACQAQAOAAAASU1HMDAwOTgyMS5leGXsWX90FFWWrk4n ...
liked this article?
- only together we can create a truly free world
- plz support dwaves to keep it up & running!
- (yes the info on the internet is (mostly) free but beer is still not free (still have to work on that))
- really really hate advertisement
- contribute: whenever a solution was found, blog about it for others to find!
- talk about, recommend & link to this blog and articles
- thanks to all who contribute!