× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2db578a2570e48f273d76aae285f743b629211c31750fb00cb73c4e19e9daaac
File name: DA0287B9EBE79BEE42685510AC94DC4F.swf.malware
Detection ratio: 31 / 55
Analysis date: 2016-11-13 10:05:27 UTC ( 3 months, 2 weeks ago )
Antivirus Result Update
ALYac Exploit.SWF.BM 20161113
AVG Exploit_c.WOU 20161113
Ad-Aware Exploit.SWF.BM 20161113
AegisLab Troj.SWF.Agent.g!c 20161113
AhnLab-V3 SWF/Shellcode 20161112
Antiy-AVL Trojan[Exploit]/SWF.Agent.g 20161113
Arcabit Exploit.SWF.BM 20161113
Avast SWF:Agent-BX [Expl] 20161113
Avira (no cloud) EXP/FLASH.Pubenush.Gen 20161112
BitDefender Exploit.SWF.BM 20161113
CAT-QuickHeal Exp.SWF.AG 20161112
Comodo UnclassifiedMalware 20161113
ESET-NOD32 SWF/Exploit.Agent.EX 20161112
Emsisoft Exploit.SWF.BM (B) 20161113
F-Secure Exploit.SWF.BM 20161113
GData Exploit.SWF.BM 20161113
Ikarus Exploit.FLASH.Pubenush 20161113
Kaspersky Trojan.SWF.Agent.g 20161113
McAfee-GW-Edition BehavesLike.Flash.Exploit.zg 20161113
eScan Exploit.SWF.BM 20161113
Microsoft Exploit:SWF/ShellCode.R 20161113
NANO-Antivirus Trojan.Swf.Agent.dsfxfs 20161113
Panda Exploit/CVE-2012-4792 20161112
Qihoo-360 susp.swf.qexvmI.95 20161113
Sophos Troj/SWFExp-BG 20161113
Symantec Trojan.Swifi 20161113
Tencent Win32.Trojan.Agent.Wqco 20161113
TrendMicro SWF_EXPLOIT.SB 20161113
ViRobot SWF.S.Exploit.5696[h] 20161113
Zillya Downloader.OpenConnection.JS.83161 20161111
nProtect Trojan-Exploit/W32.SWFlash.5696.UO 20161113
AVware 20161113
Alibaba 20161110
Baidu 20161111
Bkav 20161112
CMC 20161113
ClamAV 20161113
CrowdStrike Falcon (ML) 20161024
Cyren 20161113
DrWeb 20161113
F-Prot 20161113
Fortinet 20161113
Invincea 20161018
Jiangmin 20161113
K7AntiVirus 20161113
K7GW 20161113
Kingsoft 20161113
Malwarebytes 20161113
McAfee 20161113
Rising 20161113
SUPERAntiSpyware 20161112
TheHacker 20161111
TotalDefense 20161113
TrendMicro-HouseCall 20161113
VBA32 20161111
VIPRE 20161113
Yandex 20161112
Zoner 20161113
The file being studied is a SWF file! SWF files deliver vector graphics, text, video, and sound over the Internet.
Commonly abused SWF properties
The studied SWF file makes use of ActionScript3, some exploits have been found in the past targeting the ActionScript Virtual Machine. ActionScript has also been used to force unwanted redirections and other badness. Note that many legitimate flash files may also use it to implement rich content and animations.
The studied SWF file makes use of the loadBytes ActionScript3 functionality, commonly used to load other files and arbitrary code at runtime.
The studied SWF file contains noticeably long base64 streams, this commonly reveals encoding of malicious code in base64 format, which will then be transformed into binary. It could also just be encoded images.
SWF Properties
SWF version
15
Compression
zlib
Frame size
550.0x400.0 px
Frame count
1
Duration
0.042 seconds
File attributes
HasMetadata, ActionScript3
Unrecognized SWF tags
0
Total SWF tags
8
ActionScript 3 Packages
flash.display
flash.events
flash.system
flash.utils
SWF metadata
ExifTool file metadata
ImageSize
550x400

InstanceID
xmp.iid:905B3A732252E21180A39E51E35A4D1F

OriginalDocumentID
xmp.did:C12EFF3E5581E011838A84242866B41D

MetadataDate
2012:12:30 09:50:38+08:00

ModifyDate
2012:12:30 09:50:38+08:00

Format
application/x-shockwave-flash

FlashAttributes
ActionScript3, HasMetadata

FrameRate
24

FlashVersion
15

DerivedFromOriginalDocumentID
xmp.did:C12EFF3E5581E011838A84242866B41D

Compressed
True

ImageWidth
550

DerivedFromInstanceID
xmp.iid:C12EFF3E5581E011838A84242866B41D

CreateDate
2011:05:18 21:45:41+08:00

FrameCount
1

MIMEType
application/x-shockwave-flash

CreatorTool
Adobe Flash CS4 Professional

FileType
SWF

Megapixels
0.22

ImageHeight
400

DocumentID
xmp.did:905B3A732252E21180A39E51E35A4D1F

FileTypeExtension
swf

Duration
0.04 s

DerivedFromDocumentID
xmp.did:C12EFF3E5581E011838A84242866B41D

Compressed bundles
File identification
MD5 da0287b9ebe79bee42685510ac94dc4f
SHA1 f0067dd557cba85de3ce5b6b6faf1d7ce70487fa
SHA256 2db578a2570e48f273d76aae285f743b629211c31750fb00cb73c4e19e9daaac
ssdeep
96:3LlgVccd2qZv3qwYlv086tXPen2H/ntiN6jrVH2vesob5D9lO0opK6sxxLJ6:3LMccdnZvawQCtXPen2H/n8NsVHaodDw

File size 5.6 KB ( 5696 bytes )
File type Flash
Magic literal
Macromedia Flash data (compressed), version 15

TrID Macromedia Flash Player Compressed Movie (100.0%)
Tags
cve-2012-4792 flash exploit zlib loadbytes

VirusTotal metadata
First submission 2013-01-08 01:59:04 UTC ( 4 years, 1 month ago )
Last submission 2014-06-24 11:08:06 UTC ( 2 years, 8 months ago )
File names logo1229.swf
9062526
da0287b9ebe79bee42685510ac94dc4f
logo1229.swf
vti-rescan
file-4989178_swf
output.9062526.txt
DA0287B9EBE79BEE42685510AC94DC4F.swf.malware
data
4f7eb733a96d103c6d1e1b372286302119264b7c
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!