× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2db578a2570e48f273d76aae285f743b629211c31750fb00cb73c4e19e9daaac
File name: DA0287B9EBE79BEE42685510AC94DC4F.swf.malware
Detection ratio: 30 / 56
Analysis date: 2015-07-03 11:41:17 UTC ( 3 weeks, 6 days ago )
Antivirus Result Update
ALYac Script.SWF.C48 20150703
AVG Exploit_c.WOU 20150703
Ad-Aware Script.SWF.C48 20150703
AhnLab-V3 SWF/Shellcode 20150702
Arcabit Script.SWF.C48 20150630
Avast SWF:Agent-BX [Expl] 20150703
Avira EXP/FLASH.Pubenush.Gen 20150703
BitDefender Script.SWF.C48 20150703
CAT-QuickHeal Exp.SWF.AG 20150703
Comodo UnclassifiedMalware 20150703
ESET-NOD32 SWF/Exploit.Agent.EX 20150703
Emsisoft Script.SWF.C48 (B) 20150703
F-Secure Script.SWF.C48 20150703
GData Script.SWF.C48 20150702
Ikarus Trojan.PDF 20150703
Kaspersky Trojan.SWF.Agent.g 20150703
McAfee-GW-Edition BehavesLike.Flash.Exploit.zg 20150702
MicroWorld-eScan Script.SWF.C48 20150703
Microsoft Exploit:SWF/ShellCode.R 20150703
NANO-Antivirus Trojan.Swf.Agent.dsfxfs 20150703
Panda Exploit/CVE-2012-4792 20150703
Qihoo-360 heur.swf.rateII.1 20150703
Sophos Troj/SWFExp-BG 20150703
Symantec Trojan.Swifi 20150703
Tencent Win32.Trojan.Agent.Wqco 20150703
TrendMicro SWF_EXPLOIT.SB 20150703
TrendMicro-HouseCall SWF_EXPLOIT.SB 20150703
ViRobot SWF.S.Exploit.5696[h] 20150703
Zillya Downloader.OpenConnection.JS.83161 20150703
nProtect Trojan-Exploit/W32.SWFlash.5696.UO 20150703
AVware 20150703
AegisLab 20150703
Agnitum 20150630
Alibaba 20150630
Antiy-AVL 20150703
Baidu-International 20150703
Bkav 20150703
ByteHero 20150703
ClamAV 20150703
Cyren 20150703
DrWeb 20150703
F-Prot 20150703
Fortinet 20150703
Jiangmin 20150702
K7AntiVirus 20150703
K7GW 20150703
Kingsoft 20150703
Malwarebytes 20150703
McAfee 20150703
Rising 20150702
SUPERAntiSpyware 20150703
TheHacker 20150702
TotalDefense 20150703
VBA32 20150703
VIPRE 20150703
Zoner 20150703
The file being studied is a SWF file! SWF files deliver vector graphics, text, video, and sound over the Internet.
Commonly abused SWF properties
The studied SWF file makes use of ActionScript3, some exploits have been found in the past targeting the ActionScript Virtual Machine. ActionScript has also been used to force unwanted redirections and other badness. Note that many legitimate flash files may also use it to implement rich content and animations.
The studied SWF file makes use of the loadBytes ActionScript3 functionality, commonly used to load other files and arbitrary code at runtime.
The studied SWF file contains noticeably long base64 streams, this commonly reveals encoding of malicious code in base64 format, which will then be transformed into binary. It could also just be encoded images.
SWF Properties
SWF version
15
Compression
zlib
Frame size
550.0x400.0 px
Frame count
1
Duration
0.042 seconds
File attributes
HasMetadata, ActionScript3
Unrecognized SWF tags
0
Total SWF tags
8
ActionScript 3 Packages
flash.display
flash.events
flash.system
flash.utils
SWF metadata
ExifTool file metadata
ImageSize
550x400

InstanceID
xmp.iid:905B3A732252E21180A39E51E35A4D1F

OriginalDocumentID
xmp.did:C12EFF3E5581E011838A84242866B41D

MetadataDate
2012:12:30 09:50:38+08:00

ModifyDate
2012:12:30 09:50:38+08:00

Format
application/x-shockwave-flash

DerivedFromDocumentID
xmp.did:C12EFF3E5581E011838A84242866B41D

FrameRate
24

FlashVersion
15

DerivedFromOriginalDocumentID
xmp.did:C12EFF3E5581E011838A84242866B41D

Compressed
True

ImageWidth
550

DerivedFromInstanceID
xmp.iid:C12EFF3E5581E011838A84242866B41D

CreateDate
2011:05:18 21:45:41+08:00

FrameCount
1

MIMEType
application/x-shockwave-flash

CreatorTool
Adobe Flash CS4 Professional

FileType
SWF

Megapixels
0.22

ImageHeight
400

DocumentID
xmp.did:905B3A732252E21180A39E51E35A4D1F

FileTypeExtension
swf

Duration
0.04 s

FileAttributes
ActionScript3, HasMetadata

Compressed bundles
File identification
MD5 da0287b9ebe79bee42685510ac94dc4f
SHA1 f0067dd557cba85de3ce5b6b6faf1d7ce70487fa
SHA256 2db578a2570e48f273d76aae285f743b629211c31750fb00cb73c4e19e9daaac
ssdeep
96:3LlgVccd2qZv3qwYlv086tXPen2H/ntiN6jrVH2vesob5D9lO0opK6sxxLJ6:3LMccdnZvawQCtXPen2H/n8NsVHaodDw

File size 5.6 KB ( 5696 bytes )
File type Flash
Magic literal
Macromedia Flash data (compressed), version 15

TrID Macromedia Flash Player Compressed Movie (100.0%)
Tags
cve-2012-4792 flash exploit zlib loadbytes

VirusTotal metadata
First submission 2013-01-08 01:59:04 UTC ( 2 years, 6 months ago )
Last submission 2014-06-24 11:08:06 UTC ( 1 year, 1 month ago )
File names logo1229.swf
9062526
da0287b9ebe79bee42685510ac94dc4f
logo1229.swf
vti-rescan
file-4989178_swf
output.9062526.txt
DA0287B9EBE79BEE42685510AC94DC4F.swf.malware
data
4f7eb733a96d103c6d1e1b372286302119264b7c
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!