× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0b8e15124cb0365e16e837f76a6640fe1417e59d89d95c4a4438caed432dd280
File name: 2015-03-21-payingday-biz-flash-exploit.swf
Detection ratio: 8 / 56
Analysis date: 2015-05-31 22:52:36 UTC ( 2 years, 5 months ago ) View latest
Antivirus Result Update
Avast SWF:Malware-gen [Trj] 20150531
Comodo UnclassifiedMalware 20150531
ESET-NOD32 SWF/Exploit.CVE-2015-0311.I 20150531
Ikarus Trojan.SWF.Exploit 20150531
McAfee-GW-Edition BehavesLike.Flash.Exploit.lb 20150531
Microsoft VirTool:SWF/Obfuscator.F 20150531
Qihoo-360 heur.swf.rateII.3 20150531
TrendMicro-HouseCall Suspicious_GEN.F47V0327 20150531
Ad-Aware 20150531
AegisLab 20150531
Yandex 20150531
AhnLab-V3 20150531
Alibaba 20150531
ALYac 20150531
Antiy-AVL 20150531
AVG 20150531
Avira (no cloud) 20150531
AVware 20150531
Baidu-International 20150531
BitDefender 20150531
Bkav 20150529
ByteHero 20150531
CAT-QuickHeal 20150530
ClamAV 20150531
CMC 20150530
Cyren 20150531
DrWeb 20150531
Emsisoft 20150531
F-Prot 20150531
F-Secure 20150531
Fortinet 20150531
GData 20150531
Jiangmin 20150529
K7AntiVirus 20150531
K7GW 20150531
Kaspersky 20150531
Kingsoft 20150531
Malwarebytes 20150531
McAfee 20150531
eScan 20150531
NANO-Antivirus 20150531
nProtect 20150529
Panda 20150531
Rising 20150531
Sophos AV 20150531
SUPERAntiSpyware 20150530
Symantec 20150531
Tencent 20150531
TheHacker 20150529
TotalDefense 20150531
TrendMicro 20150531
VBA32 20150529
VIPRE 20150531
ViRobot 20150531
Zillya 20150531
Zoner 20150526
The file being studied is a SWF file! SWF files deliver vector graphics, text, video, and sound over the Internet.
Commonly abused SWF properties
The studied SWF file makes use of ActionScript3, some exploits have been found in the past targeting the ActionScript Virtual Machine. ActionScript has also been used to force unwanted redirections and other badness. Note that many legitimate flash files may also use it to implement rich content and animations.
The studied SWF file makes use of the loadBytes ActionScript3 functionality, commonly used to load other files and arbitrary code at runtime.
SWF Properties
SWF version
13
Compression
zlib
Frame size
1.0x1.0 px
Frame count
1
Duration
0.042 seconds
File attributes
HasMetadata, ActionScript3, UseNetwork
Unrecognized SWF tags
1
Total SWF tags
13
ActionScript 3 Packages
flash.display
flash.events
flash.utils
SWF metadata
ExifTool file metadata
MIMEType
application/x-shockwave-flash

ImageSize
1x1

Format
application/x-shockwave-flash

CompilerBuild
354143

FileType
SWF

Megapixels
1e-06

FrameRate
24

CompilerName
ActionScript Compiler

CompilerVersion
2.0.0

Warning
[minor] Fixed incorrect URI for xmlns:dc

FileTypeExtension
swf

Compressed
True

ImageWidth
1

Duration
0.04 s

FlashVersion
13

FlashAttributes
UseNetwork, ActionScript3, HasMetadata

FrameCount
1

ImageHeight
1

PCAP parents
File identification
MD5 c4c9fc48ec283f1c1ed50c90711260ab
SHA1 31e9ebbbf50a7d261df9d88a9bfbacd2f160df11
SHA256 0b8e15124cb0365e16e837f76a6640fe1417e59d89d95c4a4438caed432dd280
ssdeep
192:M/v7AiOmQXf42jsOvsMXkKg2ALpy59c4qRR+9eEntaiipCAdukS87yVEe:MLACQXf4AXkKz9xqG0iZAd/pW

File size 12.6 KB ( 12943 bytes )
File type Flash
Magic literal
Macromedia Flash data (compressed), version 13

TrID Macromedia Flash Player Compressed Movie (100.0%)
Tags
flash exploit zlib loadbytes cve-2015-0311

VirusTotal metadata
First submission 2015-03-27 13:15:02 UTC ( 2 years, 8 months ago )
Last submission 2016-08-18 22:17:18 UTC ( 1 year, 3 months ago )
File names 2015-03-21-payingday-biz-flash-exploit.swf
187e468b6d1844d7b19a22a0b6b45dea
187e468b6d1844d7b19a22a0b6b45dea.swf
0b8e15124cb0365e16e837f76a6640fe1417e59d89d95c4a4438caed432dd280.swf
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!