× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 216ee4429f51f81fa355c16083f3c5bc8c636b20cc1c6973e9143acc236cdc56
File name: 2015-11-11-RIG-EK-Flash-exploit.swf
Detection ratio: 8 / 54
Analysis date: 2015-11-12 00:06:34 UTC ( 1 year, 5 months ago ) View latest
Antivirus Result Update
AhnLab-V3 SWF/Cve-2015-5122 20151111
AVG SWF/Exploit.CVE-2015-5119 20151111
AVware Exploit.SWF.CVE-2015-5119.b (v) 20151111
ESET-NOD32 SWF/Exploit.ExKit.BC 20151112
Ikarus SWF.Exploit.CVE-2015-5119 20151111
Kaspersky HEUR:Exploit.SWF.Agent.gen 20151111
McAfee-GW-Edition BehavesLike.Flash.Dropper.mg 20151112
VIPRE Exploit.SWF.CVE-2015-5119.b (v) 20151111
AegisLab 20151111
Yandex 20151111
Alibaba 20151111
ALYac 20151111
Antiy-AVL 20151111
Arcabit 20151111
Avast 20151111
Avira (no cloud) 20151111
Baidu-International 20151111
BitDefender 20151111
Bkav 20151110
ByteHero 20151112
CAT-QuickHeal 20151110
ClamAV 20151111
CMC 20151109
Comodo 20151111
Cyren 20151111
DrWeb 20151111
Emsisoft 20151111
F-Prot 20151111
F-Secure 20151111
Fortinet 20151111
GData 20151111
Jiangmin 20151111
K7AntiVirus 20151111
K7GW 20151111
Malwarebytes 20151111
McAfee 20151111
Microsoft 20151112
eScan 20151112
NANO-Antivirus 20151112
nProtect 20151111
Panda 20151111
Qihoo-360 20151112
Rising 20151111
Sophos 20151112
SUPERAntiSpyware 20151111
Symantec 20151111
Tencent 20151112
TheHacker 20151110
TrendMicro 20151111
TrendMicro-HouseCall 20151111
VBA32 20151111
ViRobot 20151111
Zillya 20151111
Zoner 20151111
The file being studied is a SWF file! SWF files deliver vector graphics, text, video, and sound over the Internet.
Commonly abused SWF properties
The studied SWF file makes use of ActionScript3, some exploits have been found in the past targeting the ActionScript Virtual Machine. ActionScript has also been used to force unwanted redirections and other badness. Note that many legitimate flash files may also use it to implement rich content and animations.
Contains ActionScript code to request and retrieve content from Internet URLs.
The studied SWF file performs environment identification.
SWF Properties
SWF version
13
Compression
zlib
Frame size
1.0x1.0 px
Frame count
1
Duration
0.042 seconds
File attributes
HasMetadata, ActionScript3, UseNetwork
Unrecognized SWF tags
2
Total SWF tags
21
ActionScript 3 Packages
flash.display
flash.events
flash.net
flash.system
flash.text
flash.text.engine
flash.utils
mx.core
ExifTool file metadata
MIMEType
application/x-shockwave-flash

ImageSize
1x1

FileType
SWF

Megapixels
1e-06

FrameRate
24

FlashVersion
13

FileTypeExtension
swf

Compressed
True

ImageWidth
1

Duration
0.04 s

FlashAttributes
UseNetwork, HasMetadata, [5], [6]

FrameCount
1

ImageHeight
1

File identification
MD5 4991f2e9215508bc53b836dd26d25c3b
SHA1 0303774db872412c58e0c315a21d7e2515d212cd
SHA256 216ee4429f51f81fa355c16083f3c5bc8c636b20cc1c6973e9143acc236cdc56
ssdeep
192:l9XefcYRl9bNrvDD496UR1v/uncrcPysQFi9DO2MU/gDp7eF/4Ba/6qjZGaFDCqU:SNflv496U+9ybiEo/gD5obXtpDvwpdf/

File size 13.3 KB ( 13655 bytes )
File type Flash
Magic literal
Macromedia Flash data (compressed), version 13

TrID Macromedia Flash Player Compressed Movie (100.0%)
Tags
flash cve-2015-5122 zlib capabilities exploit cve-2015-5119

VirusTotal metadata
First submission 2015-11-10 22:46:59 UTC ( 1 year, 5 months ago )
Last submission 2016-07-01 05:38:00 UTC ( 9 months, 4 weeks ago )
File names index.php?xXmNd7GUKhvLC4Y=l3SMfPrfJxzFGMSUb-nJDa9BMEXCRQLPh4SGhKrXCJ-ofSih17OIFxzsmTu2KV_OpqxveN0SZFSOzQfZPVQlyZAdChoB_Oqki0vHjUnH1cmQ9laHYghP7ZCTRrMyjl3xzLMSdJ52kh6D7WNVxOIYUV0XtF5AmqfNBKqKp0N6RgBnEB_CbJQlqw-BF3H6PXl5gv2pHn4oieWX_PJznZMmmA
216ee4429f51f81fa355c16083f3c5bc8c636b20cc1c6973e9143acc236cdc56
exploit.swf
429f4ab7aac750e8d72f236a78f5b11b51a85d51
2015-11-11-RIG-EK-Flash-exploit.swf
sw.swf
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!