× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1613acd34bfb85121bef0cd7a5cc572967912f9f674eefd7175f42ad2099e3d1
File name: 2016-11-08-1st-run-EITest-Rig-EK-flash-exploit.swf
Detection ratio: 28 / 57
Analysis date: 2018-11-12 02:35:22 UTC ( 3 months, 1 week ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40253543 20181112
AhnLab-V3 SWF/Exploit 20181111
ALYac Exploit.SWF.Downloader 20181112
Arcabit Trojan.Generic.D2663867 20181112
Avira (no cloud) EXP/FLASH.Pubenush.Y.Gen 20181111
BitDefender Trojan.GenericKD.40253543 20181112
CAT-QuickHeal Exp.SWF.RD 20181111
Cyren SWF/Exploit 20181112
DrWeb Exploit.SWF.991 20181112
Emsisoft Trojan.GenericKD.40253543 (B) 20181112
ESET-NOD32 a variant of SWF/Exploit.Agent.NW 20181111
F-Prot SWF/Exploit 20181112
F-Secure Trojan.GenericKD.40253543 20181112
GData Trojan.GenericKD.40253543 20181112
Ikarus Exploit.CVE-2016-4117 20181111
MAX malware (ai score=95) 20181112
McAfee Exploit-SWF.bp 20181112
McAfee-GW-Edition BehavesLike.Flash.Exploit.qb 20181111
Microsoft Exploit:SWF/Broxwek.A 20181111
eScan Trojan.GenericKD.40253543 20181112
NANO-Antivirus Exploit.Swf.Agent.ejuhnu 20181111
Symantec Trojan.Swifi 20181111
Tencent Win32.Exploit.Generic.Aojg 20181112
TrendMicro SWF_RIGEK.LLQ 20181112
TrendMicro-HouseCall SWF_RIGEK.LLQ 20181111
VIPRE Trojan.SWF.Generic.c (v) 20181112
ViRobot SWF.S.Exploit.52582 20181111
ZoneAlarm by Check Point HEUR:Exploit.SWF.Generic 20181111
AegisLab 20181112
Alibaba 20180921
Antiy-AVL 20181112
Avast 20181112
Avast-Mobile 20181111
AVG 20181112
Babable 20180918
Baidu 20181109
Bkav 20181110
ClamAV 20181111
CMC 20181111
CrowdStrike Falcon (ML) 20181022
Cybereason 20180225
Cylance 20181112
Endgame 20181108
Fortinet 20181112
Sophos ML 20181108
Jiangmin 20181112
K7AntiVirus 20181112
K7GW 20181109
Kaspersky 20181112
Kingsoft 20181112
Malwarebytes 20181111
Palo Alto Networks (Known Signatures) 20181112
Panda 20181111
Qihoo-360 20181112
Rising 20181112
SentinelOne (Static ML) 20181011
Sophos AV 20181111
SUPERAntiSpyware 20181107
Symantec Mobile Insight 20181108
TACHYON 20181112
TheHacker 20181108
TotalDefense 20181111
Trustlook 20181112
VBA32 20181109
Webroot 20181112
Yandex 20181109
Zillya 20181109
Zoner 20181112
The file being studied is a SWF file! SWF files deliver vector graphics, text, video, and sound over the Internet.
Commonly abused SWF properties
The studied SWF file makes use of ActionScript3, some exploits have been found in the past targeting the ActionScript Virtual Machine. ActionScript has also been used to force unwanted redirections and other badness. Note that many legitimate flash files may also use it to implement rich content and animations.
The studied SWF file makes use of the loadBytes ActionScript3 functionality, commonly used to load other files and arbitrary code at runtime.
SWF Properties
SWF version
10
Compression
zlib
Frame size
709.0x124.0 px
Frame count
1
Duration
0.040 seconds
File attributes
HasMetadata, ActionScript3, UseNetwork
Unrecognized SWF tags
2
Total SWF tags
13
ActionScript 3 Packages
flash.display
flash.events
flash.system
flash.utils
SWF metadata
ExifTool file metadata
MIMEType
application/x-shockwave-flash

Publisher
unknown

Megapixels
0.088

Description
http://www.adobe.com/products/flex

Language
EN

Format
application/x-shockwave-flash

FlashAttributes
UseNetwork, ActionScript3, HasMetadata

Title
Adobe Flex 3 Application

FrameRate
25

FlashVersion
10

Duration
0.04 s

Creator
unknown

FileTypeExtension
swf

Compressed
True

ImageWidth
709

Date
Aug 7, 2010

ImageHeight
124

Warning
[minor] Fixed incorrect URI for xmlns:dc

FileType
SWF

FrameCount
1

ImageSize
709x124

Compressed bundles
PCAP parents
File identification
MD5 e9f82eeb6a9104be9e81c963d6aa211a
SHA1 4d7dbc9804f5f2a7c7d34bc2a758adb184f79b58
SHA256 1613acd34bfb85121bef0cd7a5cc572967912f9f674eefd7175f42ad2099e3d1
ssdeep
1536:1BJK7J4Nz0yqma0EA6VbcH3g3IlZ5PqO2:M7mxjqN0EhVgEIlHSX

File size 51.3 KB ( 52582 bytes )
File type Flash
Magic literal
Macromedia Flash data (compressed), version 10

TrID Macromedia Flash Player Compressed Movie (100.0%)
Tags
flash exploit cve-2016-4117 loadbytes zlib

VirusTotal metadata
First submission 2016-11-02 16:02:47 UTC ( 2 years, 3 months ago )
Last submission 2018-11-12 02:35:22 UTC ( 3 months, 1 week ago )
File names yhjH7F66vUXMh5rpo8hr.swf.rename
RigEK Flash Exploit 3.swf
index.php_xXqKd7CYLxvPDoE=l3SMfPrfJxzFGMSUb-nJDa9GPkXCRQLPh4SGhK_ZE4Cvfj6-0LKUDRn66QOTFALOpqxveN0MaFT_zR3AaQ4ilotXQB5MrPzwnEqWwxWeioWE-RbYZFhArJrBRbI_2wvxyrkVcJgjwBGD6DJRye9OA0gbogAQlryJQ-DbpgN6V0ggEkqfPZVlqx7IQnmtayh42P29QDJxkKM
index.php
2016-11-09-4th-run-EITest-Rig-EK-flash-exploit.swf
2016-11-07-EITest-Rig-EK-flash-exploit.swf
Cut The Rope.swf
RigEK Flash Exploit 1.swf
HTTP-FwGq184gO1ezIiGd15.raw
2016-11-08-1st-run-EITest-Rig-EK-flash-exploit.swf
2016-11-11-EITest-RIGe-flash-exploit-both-runs.swf
keken2
ais_samples (970)
d__raveworks_samples_458078977_2016-11-15-rig-ek-data-dump-malware-and-artifacts_zip_2016-11-15-4th-run-rig-e-flash-exploit_swf
2016-11-16-8th-run-Rig-E-flash-exploit.swf
2016-11-02-all-3-runs-EITest-Rig-EK-flash-exploit.swf
7457224951-107-0_1.index.php.x-shockwave-flash
kiken
e9f82eeb6a9104be9e81c963d6aa211a.swf
2016-11-02-all-3-runs-EITest-Rig-EK-flash-exploit.swf
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!