× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1dd65e400d19a31a520259b03b8ac232b8c7f0e6699ffc022273290d5758d2be
File name: 2015-12-21-Nuclear-EK-Flash-Exploit.swf
Detection ratio: 1 / 53
Analysis date: 2015-12-27 22:49:39 UTC ( 1 year, 8 months ago ) View latest
Antivirus Result Update
McAfee-GW-Edition BehavesLike.Flash.Exploit.cg 20151227
Ad-Aware 20151224
AegisLab 20151227
Yandex 20151226
AhnLab-V3 20151227
Alibaba 20151208
ALYac 20151227
Antiy-AVL 20151227
Arcabit 20151227
Avast 20151227
AVG 20151227
Avira (no cloud) 20151227
AVware 20151227
Baidu-International 20151227
BitDefender 20151227
Bkav 20151227
ByteHero 20151227
CAT-QuickHeal 20151226
ClamAV 20151227
CMC 20151217
Comodo 20151227
Cyren 20151227
DrWeb 20151227
Emsisoft 20151227
ESET-NOD32 20151227
F-Prot 20151227
F-Secure 20151225
Fortinet 20151227
GData 20151227
Ikarus 20151227
Jiangmin 20151227
K7AntiVirus 20151227
K7GW 20151227
Kaspersky 20151227
Malwarebytes 20151227
McAfee 20151227
Microsoft 20151227
eScan 20151227
NANO-Antivirus 20151227
nProtect 20151224
Panda 20151227
Rising 20151227
Sophos AV 20151227
SUPERAntiSpyware 20151227
Symantec 20151227
TheHacker 20151227
TrendMicro 20151227
TrendMicro-HouseCall 20151227
VBA32 20151225
VIPRE 20151227
ViRobot 20151227
Zillya 20151227
Zoner 20151227
The file being studied is a SWF file! SWF files deliver vector graphics, text, video, and sound over the Internet.
Commonly abused SWF properties
The studied SWF file makes use of ActionScript3, some exploits have been found in the past targeting the ActionScript Virtual Machine. ActionScript has also been used to force unwanted redirections and other badness. Note that many legitimate flash files may also use it to implement rich content and animations.
The studied SWF file performs environment identification.
SWF Properties
SWF version
14
Compression
zlib
Frame size
500.0x375.0 px
Frame count
1
Duration
0.042 seconds
File attributes
HasMetadata, ActionScript3, UseNetwork
Unrecognized SWF tags
1
Total SWF tags
10
ActionScript 3 Packages
flash.display
flash.events
flash.external
flash.system
flash.utils
SWF metadata
ExifTool file metadata
MIMEType
application/x-shockwave-flash

Publisher
unknown

Megapixels
0.188

Description
http://www.adobe.com/products/flex

Language
EN

Format
application/x-shockwave-flash

FlashAttributes
UseNetwork, ActionScript3, HasMetadata

Title
Adobe Flex 4 Application

FrameRate
24

FlashVersion
14

Duration
0.04 s

Creator
unknown

FileTypeExtension
swf

Compressed
True

ImageWidth
500

Date
Dec 21, 2015

ImageHeight
375

Warning
[minor] Fixed incorrect URI for xmlns:dc

FileType
SWF

FrameCount
1

ImageSize
500x375

PCAP parents
File identification
MD5 6e7b708857c2c4723c95e09564eb973c
SHA1 27cdc0be79471e1b70f6a316eca0f39f6f6968f2
SHA256 1dd65e400d19a31a520259b03b8ac232b8c7f0e6699ffc022273290d5758d2be
ssdeep
1536:6Zhvsw412/5tRxwgLA1K+ISTjulllU1YZWa2eK1/XW8d+YWJiwFXoFgDCd56HUTd:AvROgRx/ERIST6lzUmZ12xd+YWUIoFgA

File size 93.1 KB ( 95324 bytes )
File type Flash
Magic literal
Macromedia Flash data (compressed), version 14

TrID Macromedia Flash Player Compressed Movie (100.0%)
Tags
flash exploit zlib cve-2015-0311 capabilities

VirusTotal metadata
First submission 2015-12-21 19:31:42 UTC ( 1 year, 9 months ago )
Last submission 2016-01-08 03:27:08 UTC ( 1 year, 8 months ago )
File names exploit.bin
2015-12-21-Nuclear-EK-Flash-Exploit.swf
abashing.php_
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!