× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 039305c06a28bc23e91d067ec0ceb4b40ef55b14c982efaafd1d67f29055dfd8
File name: 2015-12-27-Sundown-Hunter-EK-Flash-Exploit.swf
Detection ratio: 14 / 54
Analysis date: 2015-12-29 01:31:15 UTC ( 1 year, 3 months ago ) View latest
Antivirus Result Update
AhnLab-V3 SWF/Exploit 20151228
Avast SWF:Malware-gen [Trj] 20151229
AVG Agent_c.BDH 20151229
CAT-QuickHeal Exp.SWF.CVE-2015-3113.A 20151228
Comodo UnclassifiedMalware 20151229
Cyren SWF/Exploit 20151229
ESET-NOD32 SWF/Exploit.CVE-2015-5123.A 20151229
F-Prot SWF/Exploit 20151229
Fortinet PossibleThreat.P1 20151229
Ikarus Trojan.SWF.Exploit 20151228
McAfee Exploit-CVE2015-5122 20151229
McAfee-GW-Edition BehavesLike.Flash.Exploit.lg 20151228
Qihoo-360 heur.swf.exp.b 20151229
Tencent Win32.Exploit.Swf.Woqd 20151229
Ad-Aware 20151224
AegisLab 20151228
Yandex 20151229
Alibaba 20151208
ALYac 20151229
Antiy-AVL 20151229
Arcabit 20151229
AVware 20151228
Baidu-International 20151228
BitDefender 20151229
Bkav 20151228
ByteHero 20151229
ClamAV 20151229
CMC 20151228
DrWeb 20151229
Emsisoft 20151229
F-Secure 20151229
GData 20151229
Jiangmin 20151228
K7AntiVirus 20151228
K7GW 20151228
Kaspersky 20151229
Malwarebytes 20151228
Microsoft 20151229
eScan 20151229
NANO-Antivirus 20151229
nProtect 20151228
Panda 20151228
Rising 20151228
Sophos 20151228
SUPERAntiSpyware 20151229
Symantec 20151228
TheHacker 20151228
TrendMicro 20151229
TrendMicro-HouseCall 20151228
VBA32 20151228
VIPRE 20151228
ViRobot 20151229
Zillya 20151228
Zoner 20151228
The file being studied is a SWF file! SWF files deliver vector graphics, text, video, and sound over the Internet.
Commonly abused SWF properties
The studied SWF file makes use of ActionScript3, some exploits have been found in the past targeting the ActionScript Virtual Machine. ActionScript has also been used to force unwanted redirections and other badness. Note that many legitimate flash files may also use it to implement rich content and animations.
Contains ActionScript code to request and retrieve content from Internet URLs.
The studied SWF file makes use of the loadBytes ActionScript3 functionality, commonly used to load other files and arbitrary code at runtime.
The studied SWF file has been processed with a common flash file obfuscator, similar to portable executable packing, in order to make its reverse engineering more complex.
The studied SWF file performs environment identification.
The flash file uses methods of the ExternalInterface class to communicate with the external host of the Flash plugin, such as the web browser.
SWF Properties
SWF version
22
Frame size
800.0x600.0 px
Frame count
1
Duration
0.033 seconds
File attributes
HasMetadata, ActionScript3, UseNetwork
Unrecognized SWF tags
2
Total SWF tags
46
ActionScript 3 Packages
flash.display
flash.events
flash.external
flash.net
flash.system
flash.text
flash.text.engine
flash.utils
mx.core
mx.events
mx.managers
mx.modules
mx.resources
mx.utils
SWF metadata
Suspicious strings
ExifTool file metadata
MIMEType
application/x-shockwave-flash

ImageSize
800x600

FileType
SWF

Megapixels
0.48

FrameRate
30

FlashVersion
22

FileTypeExtension
swf

Compressed
False

ImageWidth
800

Duration
0.03 s

FlashAttributes
UseNetwork, ActionScript3, HasMetadata

FrameCount
1

ImageHeight
600

File identification
MD5 6b2befdd397c9032fcc01b73e6797126
SHA1 a3498e8b7235671bd4c0f742cbf6dfb2eff3a0ee
SHA256 039305c06a28bc23e91d067ec0ceb4b40ef55b14c982efaafd1d67f29055dfd8
ssdeep
1536:q5Rlu0y6hGPFIC/p32KAc9Oa7uyGREgXl/Q2w4gQ3YcbuNBHS5qOD:SR06IPFj/cc0a7u7REgV/uI3RD

File size 74.9 KB ( 76663 bytes )
File type Flash
Magic literal
Macromedia Flash data, version 22

TrID Macromedia Flash Player Movie (100.0%)
Tags
obfuscated flash cve-2015-5122 cve-2015-3113 capabilities exploit ext-interface loadbytes

VirusTotal metadata
First submission 2015-08-26 22:50:39 UTC ( 1 year, 8 months ago )
Last submission 2016-10-11 00:17:33 UTC ( 6 months, 2 weeks ago )
File names 123kappa123.swf
49c58cc2b166b1a5b13eab5f472a4f7b.swf
039305c06a28bc23e91d067ec0ceb4b40ef55b14c982efaafd1d67f29055dfd8
49c58cc2b166b1a5b13eab5f472a4f7b.swf
2015-12-27-Sundown-Hunter-EK-Flash-Exploit.swf
2-49c58cc2b166b1a5b13eab5f472a4f7b.swf
49c58cc2b166b1a5b13eab5f472a4f7b.swf
49c58cc2b166b1a5b13eab5f472a4f7b.swf
49c58cc2b166b1a5b13eab5f472a4f7b.swf
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!