× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3474904d1dfd8943d3c779d621aa9767465532f288523bae6b57194b35fb3e6e
File name: RigEK Flash Exploit.swf
Detection ratio: 5 / 54
Analysis date: 2016-10-17 07:36:33 UTC ( 2 years, 1 month ago ) View latest
Antivirus Result Update
AegisLab Swf.Exploit.Gen!c 20161017
AVG SWF/Exploit 20161017
McAfee-GW-Edition BehavesLike.Flash.Exploit.pb 20161017
Qihoo-360 susp.swf.qexvmI.95 20161017
Tencent Win32.Exploit.Agent.Pefl 20161017
Ad-Aware 20161017
AhnLab-V3 20161017
Alibaba 20161017
ALYac 20161017
Antiy-AVL 20161017
Arcabit 20161017
Avast 20161017
Avira (no cloud) 20161017
AVware 20161017
Baidu 20161015
BitDefender 20161017
Bkav 20161015
CAT-QuickHeal 20161017
ClamAV 20161017
CMC 20161016
Comodo 20161017
CrowdStrike Falcon (ML) 20160725
Cyren 20161017
DrWeb 20161017
Emsisoft 20161017
ESET-NOD32 20161017
F-Prot 20161017
F-Secure 20161017
Fortinet 20161017
GData 20161017
Ikarus 20161016
Sophos ML 20160928
Jiangmin 20161017
K7AntiVirus 20161017
K7GW 20161017
Kaspersky 20161017
Kingsoft 20161017
Malwarebytes 20161016
McAfee 20161017
Microsoft 20161017
eScan 20161017
NANO-Antivirus 20161017
nProtect 20161017
Panda 20161016
Rising 20161017
Sophos AV 20161017
SUPERAntiSpyware 20161017
Symantec 20161017
TheHacker 20161016
TrendMicro 20161017
TrendMicro-HouseCall 20161017
VBA32 20161014
VIPRE 20161017
ViRobot 20161017
Yandex 20161016
Zillya 20161016
Zoner 20161017
The file being studied is a SWF file! SWF files deliver vector graphics, text, video, and sound over the Internet.
Commonly abused SWF properties
The studied SWF file makes use of ActionScript3, some exploits have been found in the past targeting the ActionScript Virtual Machine. ActionScript has also been used to force unwanted redirections and other badness. Note that many legitimate flash files may also use it to implement rich content and animations.
The studied SWF file makes use of the loadBytes ActionScript3 functionality, commonly used to load other files and arbitrary code at runtime.
SWF Properties
SWF version
10
Compression
zlib
Frame size
709.0x124.0 px
Frame count
1
Duration
0.040 seconds
File attributes
HasMetadata, ActionScript3, UseNetwork
Unrecognized SWF tags
2
Total SWF tags
13
ActionScript 3 Packages
flash.display
flash.events
flash.system
flash.utils
SWF metadata
ExifTool file metadata
MIMEType
application/x-shockwave-flash

Publisher
unknown

Megapixels
0.088

Description
http://www.adobe.com/products/flex

Language
EN

Format
application/x-shockwave-flash

FlashAttributes
UseNetwork, ActionScript3, HasMetadata

Title
Adobe Flex 3 Application

FrameRate
25

FlashVersion
10

Duration
0.04 s

Creator
unknown

FileTypeExtension
swf

Compressed
True

ImageWidth
709

Date
Aug 7, 2010

ImageHeight
124

Warning
[minor] Fixed incorrect URI for xmlns:dc

FileType
SWF

FrameCount
1

ImageSize
709x124

PCAP parents
File identification
MD5 b915caa169d3654afe1f2626f198b884
SHA1 7b47776174d29e81591a3c778acc7248fa966b6a
SHA256 3474904d1dfd8943d3c779d621aa9767465532f288523bae6b57194b35fb3e6e
ssdeep
1536:o99TzNB/iUSoQPt73yw+ye2pNodv6MkGT9SPTXl:SXNB6jPtbyw+ye2pNod1DwZ

File size 49.3 KB ( 50433 bytes )
File type Flash
Magic literal
Macromedia Flash data (compressed), version 10

TrID Macromedia Flash Player Compressed Movie (100.0%)
Tags
flash exploit cve-2016-4117 loadbytes zlib

VirusTotal metadata
First submission 2016-10-15 14:13:56 UTC ( 2 years, 1 month ago )
Last submission 2018-10-16 05:00:05 UTC ( 1 month, 3 weeks ago )
File names ais_samples (647)
61c9d4f7475e670e9c0e863fff0863f90e086bed
RigEK Flash Exploit.swf
index[1].swf
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!