× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2db578a2570e48f273d76aae285f743b629211c31750fb00cb73c4e19e9daaac
File name: DA0287B9EBE79BEE42685510AC94DC4F.swf.malware
Detection ratio: 29 / 56
Analysis date: 2015-08-06 06:21:33 UTC ( 3 weeks, 1 day ago )
Antivirus Result Update
ALYac Script.SWF.C49 20150806
AVG Exploit_c.WOU 20150806
Ad-Aware Script.SWF.C49 20150806
AhnLab-V3 SWF/Shellcode 20150806
Arcabit Script.SWF.C49 20150806
Avast SWF:Agent-BX [Expl] 20150806
Avira EXP/FLASH.Pubenush.Gen 20150806
BitDefender Script.SWF.C49 20150806
CAT-QuickHeal Exp.SWF.AG 20150806
Comodo UnclassifiedMalware 20150806
ESET-NOD32 SWF/Exploit.Agent.EX 20150806
Emsisoft Script.SWF.C49 (B) 20150806
F-Secure Script.SWF.C49 20150806
GData Script.SWF.C49 20150806
Ikarus Trojan.PDF 20150806
Kaspersky Trojan.SWF.Agent.g 20150806
McAfee-GW-Edition BehavesLike.Flash.Exploit.zg 20150805
MicroWorld-eScan Script.SWF.C49 20150806
Microsoft Exploit:SWF/ShellCode.R 20150805
NANO-Antivirus Trojan.Swf.Agent.dsfxfs 20150806
Panda Exploit/CVE-2012-4792 20150805
Qihoo-360 heur.swf.rateIII.1 20150806
Sophos Troj/SWFExp-BG 20150806
Symantec Trojan.Swifi 20150806
TrendMicro SWF_EXPLOIT.SB 20150806
TrendMicro-HouseCall SWF_EXPLOIT.SB 20150806
ViRobot SWF.S.Exploit.5696[h] 20150806
Zillya Downloader.OpenConnection.JS.83161 20150805
nProtect Trojan-Exploit/W32.SWFlash.5696.UO 20150805
AVware 20150806
AegisLab 20150805
Agnitum 20150805
Alibaba 20150803
Antiy-AVL 20150806
Baidu-International 20150805
Bkav 20150805
ByteHero 20150806
ClamAV 20150805
Cyren 20150806
DrWeb 20150806
F-Prot 20150806
Fortinet 20150804
Jiangmin 20150804
K7AntiVirus 20150806
K7GW 20150806
Kingsoft 20150806
Malwarebytes 20150806
McAfee 20150806
Rising 20150731
SUPERAntiSpyware 20150805
Tencent 20150806
TheHacker 20150805
TotalDefense 20150806
VBA32 20150805
VIPRE 20150806
Zoner 20150806
The file being studied is a SWF file! SWF files deliver vector graphics, text, video, and sound over the Internet.
Commonly abused SWF properties
The studied SWF file makes use of ActionScript3, some exploits have been found in the past targeting the ActionScript Virtual Machine. ActionScript has also been used to force unwanted redirections and other badness. Note that many legitimate flash files may also use it to implement rich content and animations.
The studied SWF file makes use of the loadBytes ActionScript3 functionality, commonly used to load other files and arbitrary code at runtime.
The studied SWF file contains noticeably long base64 streams, this commonly reveals encoding of malicious code in base64 format, which will then be transformed into binary. It could also just be encoded images.
SWF Properties
SWF version
15
Compression
zlib
Frame size
550.0x400.0 px
Frame count
1
Duration
0.042 seconds
File attributes
HasMetadata, ActionScript3
Unrecognized SWF tags
0
Total SWF tags
8
ActionScript 3 Packages
flash.display
flash.events
flash.system
flash.utils
SWF metadata
ExifTool file metadata
ImageSize
550x400

InstanceID
xmp.iid:905B3A732252E21180A39E51E35A4D1F

OriginalDocumentID
xmp.did:C12EFF3E5581E011838A84242866B41D

MetadataDate
2012:12:30 09:50:38+08:00

ModifyDate
2012:12:30 09:50:38+08:00

Format
application/x-shockwave-flash

FlashAttributes
ActionScript3, HasMetadata

FrameRate
24

FlashVersion
15

DerivedFromOriginalDocumentID
xmp.did:C12EFF3E5581E011838A84242866B41D

Compressed
True

ImageWidth
550

DerivedFromInstanceID
xmp.iid:C12EFF3E5581E011838A84242866B41D

CreateDate
2011:05:18 21:45:41+08:00

FrameCount
1

MIMEType
application/x-shockwave-flash

CreatorTool
Adobe Flash CS4 Professional

FileType
SWF

Megapixels
0.22

ImageHeight
400

DocumentID
xmp.did:905B3A732252E21180A39E51E35A4D1F

FileTypeExtension
swf

Duration
0.04 s

DerivedFromDocumentID
xmp.did:C12EFF3E5581E011838A84242866B41D

Compressed bundles
File identification
MD5 da0287b9ebe79bee42685510ac94dc4f
SHA1 f0067dd557cba85de3ce5b6b6faf1d7ce70487fa
SHA256 2db578a2570e48f273d76aae285f743b629211c31750fb00cb73c4e19e9daaac
ssdeep
96:3LlgVccd2qZv3qwYlv086tXPen2H/ntiN6jrVH2vesob5D9lO0opK6sxxLJ6:3LMccdnZvawQCtXPen2H/n8NsVHaodDw

File size 5.6 KB ( 5696 bytes )
File type Flash
Magic literal
Macromedia Flash data (compressed), version 15

TrID Macromedia Flash Player Compressed Movie (100.0%)
Tags
cve-2012-4792 flash exploit zlib loadbytes

VirusTotal metadata
First submission 2013-01-08 01:59:04 UTC ( 2 years, 7 months ago )
Last submission 2014-06-24 11:08:06 UTC ( 1 year, 2 months ago )
File names logo1229.swf
9062526
da0287b9ebe79bee42685510ac94dc4f
logo1229.swf
vti-rescan
file-4989178_swf
output.9062526.txt
DA0287B9EBE79BEE42685510AC94DC4F.swf.malware
data
4f7eb733a96d103c6d1e1b372286302119264b7c
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!