WhatsApp[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

WhatsApp.exe
Size

286KB
MD5

730a7c4a5298c68e64615aa2b24bb252
SHA1

1b3e19fce46eee3dd09a21dff773759f7cecebe0
SHA256

e1d798bfc3f37723c8333462b6380c59cdbf01d0fd227e46ad2065ab6ec99e70
SHA512

a90b43bbbaadeaf6ab110ce2e0034eaf9daac63e4c4194300f01d8438f79fbd3c7844753268a0355bfaf65ae7a5b872babcd79c554bec92fc3757f78c8fadda8
SSDEEP

384:xRtximmUjvQ/0Baxc8IcbUi+7AOQt6HMf82utc2NWezXpQT34aOe9sRS872UVTSh:xRtximmUjIiWOy34arSlay34abmn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
WhatsApp.exe

Files

WhatsApp.exe
.exe windows:6 windows x64 arch:x64

Password: infected

f12299573f995fc0c70b04fabebb3e6c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_APPCONTAINER
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

whatsapp

RHBinder__ShimExeMain

Sections

.rdata
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 283KB - Virtual size: 283KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ