× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0744ba67c5f8210fcdcf4acb328df68780e96d10f2c68b8eddbb9a355bca213e
File name: NSS-2017-27H2Gp_1_.swf
Detection ratio: 34 / 57
Analysis date: 2017-05-09 16:56:14 UTC ( 1 week, 6 days ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.4163563 20170509
AegisLab Exp.Flash.Pubenush.Aa!c 20170509
AhnLab-V3 SWF/Exploitkit3 20170509
ALYac Exploit.SWF.Downloader 20170509
Arcabit Trojan.Generic.D3F87EB 20170509
Avast SWF:GirDrop [Drp] 20170509
Avira (no cloud) EXP/FLASH.Pubenush.AA.Gen 20170509
AVware Trojan.SWF.Generic.b (v) 20170508
BitDefender Trojan.GenericKD.4163563 20170509
CAT-QuickHeal Exp.SWF.Rig.EK 20170509
Comodo UnclassifiedMalware 20170509
Cyren SWF/Exploit 20170509
DrWeb Exploit.SWF.1110 20170509
Emsisoft Trojan.GenericKD.4163563 (B) 20170509
ESET-NOD32 a variant of SWF/Exploit.ExKit.BEO 20170509
F-Prot SWF/Exploit 20170509
F-Secure Trojan.GenericKD.4163563 20170509
Fortinet SWF/Agent.8B2B!tr 20170509
GData Trojan.GenericKD.4163563 20170509
Ikarus Trojan.SWF.Exploit 20170509
McAfee Exploit-SWF.bv 20170509
McAfee-GW-Edition BehavesLike.Flash.Exploit.mg 20170509
Microsoft VirTool:SWF/Injector.D 20170509
eScan Trojan.GenericKD.4163563 20170509
NANO-Antivirus Exploit.Swf.FLASH.ekrele 20170509
Qihoo-360 Win32/Trojan.Exploit.438 20170509
Sophos Troj/SWFExp-NL 20170509
Symantec Trojan.Gen.2 20170509
Tencent Win32.Exploit.Generic.Wlpn 20170509
TrendMicro SWF_EXPLOYT.AUSFZ 20170509
TrendMicro-HouseCall SWF_EXPLOYT.AUSFZ 20170509
VIPRE Trojan.SWF.Generic.b (v) 20170509
ViRobot SWF.S.Exploit.14088[h] 20170509
ZoneAlarm by Check Point HEUR:Exploit.SWF.Generic 20170509
Alibaba 20170509
Antiy-AVL 20170509
AVG 20170509
Baidu 20170503
Bkav 20170509
ClamAV 20170509
CMC 20170508
CrowdStrike Falcon (ML) 20170130
Endgame 20170503
Invincea 20170413
Jiangmin 20170509
K7AntiVirus 20170509
K7GW 20170509
Kaspersky 20170509
Kingsoft 20170509
Malwarebytes 20170509
nProtect 20170509
Palo Alto Networks (Known Signatures) 20170509
Panda 20170509
Rising 20170508
SentinelOne (Static ML) 20170330
SUPERAntiSpyware 20170509
Symantec Mobile Insight 20170509
TheHacker 20170508
TotalDefense 20170509
Trustlook 20170509
VBA32 20170506
Webroot 20170509
WhiteArmor 20170502
Yandex 20170504
Zillya 20170505
Zoner 20170509
The file being studied is a SWF file! SWF files deliver vector graphics, text, video, and sound over the Internet.
Commonly abused SWF properties
The studied SWF file makes use of ActionScript3, some exploits have been found in the past targeting the ActionScript Virtual Machine. ActionScript has also been used to force unwanted redirections and other badness. Note that many legitimate flash files may also use it to implement rich content and animations.
The studied SWF file performs environment identification.
SWF Properties
SWF version
31
Compression
zlib
Frame size
710.0x120.0 px
Frame count
1
Duration
0.040 seconds
File attributes
ActionScript3, UseNetwork
Unrecognized SWF tags
1
Total SWF tags
10
ActionScript 3 Packages
flash.display
flash.events
flash.system
flash.utils
ExifTool file metadata
MIMEType
application/x-shockwave-flash

ImageSize
710x120

FileType
SWF

Megapixels
0.085

FrameRate
25

FlashVersion
31

FileTypeExtension
swf

Compressed
True

ImageWidth
710

Duration
0.04 s

FlashAttributes
UseNetwork, ActionScript3

FrameCount
1

ImageHeight
120

File identification
MD5 605f2d8059347886bc3c46cd8e168b2b
SHA1 0d86ae373d728db0919d8cc0351367b0ad0bed47
SHA256 0744ba67c5f8210fcdcf4acb328df68780e96d10f2c68b8eddbb9a355bca213e
ssdeep
384:VP0aMNzucNZVYEnDptlhzBipyPkH2jZpr1aLi:t0Jd/FYENrCyvPpz

File size 13.8 KB ( 14088 bytes )
File type Flash
Magic literal
Macromedia Flash data (compressed), version 31

TrID Macromedia Flash Player Compressed Movie (100.0%)
Tags
flash zlib capabilities

VirusTotal metadata
First submission 2016-12-21 13:36:19 UTC ( 5 months ago )
Last submission 2017-05-09 16:56:14 UTC ( 1 week, 6 days ago )
File names 5421.swf
Pure Beauty.swf
7[1]_012656041000.swf
NSS-2017-27H2Gp_1_.swf
Basketball Legends.swf
output.105531496.txt
output.105280050.txt
output.105311085.txt
flash-exploit.swf
2016-12-21-Afraidgate-Rig-V-flash-exploit.swf
7[1]_011646428000.swf
5421[1].swf
27H2NH
RigV EK Flash exploit Run 1.swf
7[1]_035843312000.swf
output.105289072.txt
noname.exe.pe
9643522803.swf
wllfordlane.flv
index.html.6EB98DDA.x-shockwave-flash
7[1]_011635495000.swf
output.105563600.txt
7[1].swf.000
output.105496629.txt
2017-01-19-EITest-Sundown-EK-both-runs-Flash-exploit-1-of-3.swf
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!