× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2db578a2570e48f273d76aae285f743b629211c31750fb00cb73c4e19e9daaac
File name: DA0287B9EBE79BEE42685510AC94DC4F.swf.malware
Detection ratio: 28 / 54
Analysis date: 2014-06-24 11:08:06 UTC ( 9 months, 1 week ago )
Antivirus Result Update
AVG Exploit_c.WOU 20140624
Ad-Aware Exploit.SWF.BM 20140624
AhnLab-V3 SWF/Shellcode 20140624
AntiVir EXP/FLASH.Pubenush.Gen 20140624
Avast SWF:Agent-BX [Expl] 20140624
BitDefender Exploit.SWF.BM 20140624
Bkav MW.Clodda0.Trojan.287b 20140623
CAT-QuickHeal SWF.Suspicious.Gen 20140624
Comodo UnclassifiedMalware 20140624
DrWeb Exploit.SWF.278 20140624
ESET-NOD32 SWF/Exploit.Agent.EX 20140624
Emsisoft Exploit.SWF.Agent (A) 20140624
F-Secure Exploit.SWF.BM 20140624
GData Exploit.SWF.BM 20140624
Ikarus Trojan.PDF 20140624
Kaspersky Trojan.SWF.Agent.g 20140624
MicroWorld-eScan Exploit.SWF.BM 20140624
Microsoft Exploit:SWF/ShellCode.R 20140624
Norman Exploit.ADM 20140624
Panda Exploit/CVE-2012-4792 20140624
Sophos Troj/SWFExp-BG 20140624
Symantec Trojan.Swifi 20140624
Tencent Win32.Trojan.Agent.deoo 20140624
TrendMicro SWF_EXPLOIT.SB 20140624
TrendMicro-HouseCall SWF_EXPLOIT.SB 20140624
ViRobot SWF.S.Exploit.5696 20140624
Zillya Downloader.OpenConnection.JS.83161 20140624
nProtect Trojan-Exploit/W32.SWFlash.5696.UO 20140624
AegisLab 20140624
Agnitum 20140623
Antiy-AVL 20140624
Baidu-International 20140624
ByteHero 20140624
CMC 20140624
ClamAV 20140624
Commtouch 20140624
F-Prot 20140624
Fortinet 20140624
Jiangmin 20140624
K7AntiVirus 20140623
K7GW 20140623
Kingsoft 20140624
Malwarebytes 20140624
McAfee 20140624
McAfee-GW-Edition 20140623
NANO-Antivirus 20140624
Qihoo-360 20140624
Rising 20140623
SUPERAntiSpyware 20140624
TheHacker 20140622
TotalDefense 20140624
VBA32 20140624
VIPRE 20140624
Zoner 20140616
The file being studied is a SWF file! SWF files deliver vector graphics, text, video, and sound over the Internet.
Commonly abused SWF properties
The studied SWF file makes use of ActionScript3, some exploits have been found in the past targeting the ActionScript Virtual Machine. ActionScript has also been used to force unwanted redirections and other badness. Note that many legitimate flash files may also use it to implement rich content and animations.
The studied SWF file makes use of the loadBytes ActionScript3 functionality, commonly used to load other files and arbitrary code at runtime.
SWF Properties
SWF version
15
Compression
zlib
Frame size
550.0x400.0 px
Frame count
1
Duration
0.042 seconds
File attributes
HasMetadata, ActionScript3
Unrecognized SWF tags
0
Total SWF tags
8
ActionScript 3 Packages
flash.display
flash.events
flash.system
flash.utils
SWF metadata
ExifTool file metadata
ImageSize
550x400

InstanceID
xmp.iid:905B3A732252E21180A39E51E35A4D1F

OriginalDocumentID
xmp.did:C12EFF3E5581E011838A84242866B41D

MetadataDate
2012:12:30 09:50:38+08:00

ModifyDate
2012:12:30 09:50:38+08:00

Format
application/x-shockwave-flash

DerivedFromDocumentID
xmp.did:C12EFF3E5581E011838A84242866B41D

FrameRate
24

FlashVersion
15

DerivedFromOriginalDocumentID
xmp.did:C12EFF3E5581E011838A84242866B41D

Compressed
True

ImageWidth
550

DerivedFromInstanceID
xmp.iid:C12EFF3E5581E011838A84242866B41D

CreateDate
2011:05:18 21:45:41+08:00

FrameCount
1

MIMEType
application/x-shockwave-flash

CreatorTool
Adobe Flash CS4 Professional

FileType
SWF

FileAccessDate
2014:06:24 12:08:17+01:00

ImageHeight
400

FileCreateDate
2014:06:24 12:08:17+01:00

DocumentID
xmp.did:905B3A732252E21180A39E51E35A4D1F

Duration
0.04 s

FileAttributes
ActionScript3, HasMetadata

Compressed bundles
File identification
MD5 da0287b9ebe79bee42685510ac94dc4f
SHA1 f0067dd557cba85de3ce5b6b6faf1d7ce70487fa
SHA256 2db578a2570e48f273d76aae285f743b629211c31750fb00cb73c4e19e9daaac
ssdeep
96:3LlgVccd2qZv3qwYlv086tXPen2H/ntiN6jrVH2vesob5D9lO0opK6sxxLJ6:3LMccdnZvawQCtXPen2H/n8NsVHaodDw

File size 5.6 KB ( 5696 bytes )
File type Flash
Magic literal
Macromedia Flash data (compressed), version 15

TrID Macromedia Flash Player Compressed Movie (100.0%)
Tags
cve-2012-4792 exploit flash loadbytes

VirusTotal metadata
First submission 2013-01-08 01:59:04 UTC ( 2 years, 2 months ago )
Last submission 2014-06-24 11:08:06 UTC ( 9 months, 1 week ago )
File names logo1229.swf
9062526
da0287b9ebe79bee42685510ac94dc4f
logo1229.swf
vti-rescan
file-4989178_swf
output.9062526.txt
DA0287B9EBE79BEE42685510AC94DC4F.swf.malware
data
4f7eb733a96d103c6d1e1b372286302119264b7c
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!