× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 31a82064ac010cbd7ec75d02a8925df5a3351dea066a973ed480f47f0d843673
File name: 2015-03-06-payingdays-me-flash-exploit.swf
Detection ratio: 7 / 56
Analysis date: 2015-05-31 22:45:55 UTC ( 2 years, 5 months ago ) View latest
Antivirus Result Update
AVG Agent_c.XF 20150531
ESET-NOD32 SWF/Exploit.CVE-2015-0311.I 20150531
Ikarus Trojan.SWF.Exploit 20150531
McAfee-GW-Edition BehavesLike.Flash.Exploit.lb 20150531
Microsoft VirTool:SWF/Obfuscator.F 20150531
Qihoo-360 heur.swf.rateII.3 20150531
TrendMicro-HouseCall Suspicious_GEN.F47V0428 20150531
Ad-Aware 20150531
AegisLab 20150531
Yandex 20150531
AhnLab-V3 20150531
Alibaba 20150531
ALYac 20150531
Antiy-AVL 20150531
Avast 20150531
Avira (no cloud) 20150531
AVware 20150531
Baidu-International 20150531
BitDefender 20150531
Bkav 20150529
ByteHero 20150531
CAT-QuickHeal 20150530
ClamAV 20150531
CMC 20150530
Comodo 20150531
Cyren 20150531
DrWeb 20150531
Emsisoft 20150531
F-Prot 20150531
F-Secure 20150531
Fortinet 20150531
GData 20150531
Jiangmin 20150529
K7AntiVirus 20150531
K7GW 20150531
Kaspersky 20150531
Kingsoft 20150531
Malwarebytes 20150531
McAfee 20150531
eScan 20150531
NANO-Antivirus 20150531
nProtect 20150529
Panda 20150531
Rising 20150531
Sophos AV 20150531
SUPERAntiSpyware 20150530
Symantec 20150531
Tencent 20150531
TheHacker 20150529
TotalDefense 20150531
TrendMicro 20150531
VBA32 20150529
VIPRE 20150531
ViRobot 20150531
Zillya 20150531
Zoner 20150526
The file being studied is a SWF file! SWF files deliver vector graphics, text, video, and sound over the Internet.
Commonly abused SWF properties
The studied SWF file makes use of ActionScript3, some exploits have been found in the past targeting the ActionScript Virtual Machine. ActionScript has also been used to force unwanted redirections and other badness. Note that many legitimate flash files may also use it to implement rich content and animations.
The studied SWF file makes use of the loadBytes ActionScript3 functionality, commonly used to load other files and arbitrary code at runtime.
SWF Properties
SWF version
13
Compression
zlib
Frame size
1.0x1.0 px
Frame count
1
Duration
0.042 seconds
File attributes
HasMetadata, ActionScript3, UseNetwork
Unrecognized SWF tags
1
Total SWF tags
12
ActionScript 3 Packages
flash.display
flash.events
flash.utils
SWF metadata
ExifTool file metadata
MIMEType
application/x-shockwave-flash

ImageSize
1x1

Format
application/x-shockwave-flash

CompilerBuild
354139

FileType
SWF

Megapixels
1e-06

FrameRate
24

CompilerName
ActionScript Compiler

CompilerVersion
2.0.0

Warning
[minor] Fixed incorrect URI for xmlns:dc

FileTypeExtension
swf

Compressed
True

ImageWidth
1

Duration
0.04 s

FlashVersion
13

FlashAttributes
UseNetwork, ActionScript3, HasMetadata

FrameCount
1

ImageHeight
1

PCAP parents
File identification
MD5 f7b8d461e37c19a723190a19a3eca7f3
SHA1 f5651571231456239bf79bc56fd40d8d817cba31
SHA256 31a82064ac010cbd7ec75d02a8925df5a3351dea066a973ed480f47f0d843673
ssdeep
192:p2ni/LaUP4S+ZFzfNy+faKSZcEZ/2sMmp+N97MVACGXdFSiXI0zuU4IxD:R/+o4nZhVIZcEQsHpeWCJXIM4IV

File size 12.6 KB ( 12933 bytes )
File type Flash
Magic literal
Macromedia Flash data (compressed), version 13

TrID Macromedia Flash Player Compressed Movie (100.0%)
Tags
flash exploit zlib loadbytes cve-2015-0311

VirusTotal metadata
First submission 2015-04-28 12:21:28 UTC ( 2 years, 6 months ago )
Last submission 2015-12-07 01:30:40 UTC ( 1 year, 11 months ago )
File names 31a82064ac010cbd7ec75d02a8925df5a3351dea066a973ed480f47f0d843673.swf
2015-03-06-payingdays-me-flash-exploit.swf
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!