× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3e7aa5487ab1f2dc7e811e605aa60cea072d3067ca121baa9a77074b12519d67
File name: RigEK Flash Exploit.swf
Detection ratio: 32 / 59
Analysis date: 2018-09-09 16:09:55 UTC ( 3 months ago )
Antivirus Result Update
Ad-Aware Script.SWF.C595 20180909
AegisLab Exploit.Swf.Agent!c 20180909
AhnLab-V3 SWF/RigEK.Gen 20180909
ALYac Script.SWF.C595 20180909
Antiy-AVL Trojan[Exploit]/SWF.SWF.Generic 20180906
Arcabit Script.SWF.C595 20180909
Avast SWF:Malware-gen [Trj] 20180909
AVG SWF:Malware-gen [Trj] 20180909
Avira (no cloud) EXP/FLASH.Pubenush.AC.Gen 20180909
BitDefender Script.SWF.C595 20180909
CAT-QuickHeal Exp.SWF.Rig.EK.4476 20180909
Comodo UnclassifiedMalware 20180909
Cyren SWF/CVE-2015-8 20180909
DrWeb Exploit.SWF.1232 20180909
Emsisoft Script.SWF.C595 (B) 20180909
ESET-NOD32 a variant of SWF/Exploit.ExKit.AJN 20180909
F-Secure Script.SWF.C595 20180909
GData Script.SWF.C595 20180909
Ikarus Trojan.SWF.Exploit 20180909
Kaspersky HEUR:Exploit.SWF.Agent.gen 20180909
MAX malware (ai score=94) 20180909
McAfee SWF/Exploit-Rig.a 20180909
McAfee-GW-Edition BehavesLike.Flash.Exploit.mg 20180909
eScan Script.SWF.C595 20180909
Qihoo-360 swf.cve-2015-8651.rig.a 20180909
Rising Exploit.CVE-2015-8651!1.A595 (CLASSIC) 20180909
Symantec Trojan.Swifi 20180908
Tencent Win32.Exploit.Generic.Aguj 20180909
TrendMicro TROJ_FRS.0NA104BM18 20180909
TrendMicro-HouseCall TROJ_FRS.0NA104BM18 20180909
Zillya Exploit.Agent.Script.1222 20180908
ZoneAlarm by Check Point HEUR:Exploit.SWF.Generic 20180909
Alibaba 20180713
Avast-Mobile 20180909
AVware 20180909
Babable 20180907
Baidu 20180906
Bkav 20180906
ClamAV 20180909
CMC 20180908
CrowdStrike Falcon (ML) 20180723
Cybereason 20180308
Cylance 20180909
eGambit 20180909
Endgame 20180730
F-Prot 20180909
Fortinet 20180909
Sophos ML 20180717
Jiangmin 20180909
K7AntiVirus 20180909
K7GW 20180909
Kingsoft 20180909
Malwarebytes 20180909
Microsoft 20180909
NANO-Antivirus 20180909
Palo Alto Networks (Known Signatures) 20180909
Panda 20180909
SentinelOne (Static ML) 20180830
Sophos AV 20180909
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20180905
TACHYON 20180909
TheHacker 20180907
TotalDefense 20180909
Trustlook 20180909
VBA32 20180907
VIPRE 20180909
ViRobot 20180909
Webroot 20180909
Yandex 20180908
Zoner 20180908
The file being studied is a SWF file! SWF files deliver vector graphics, text, video, and sound over the Internet.
Commonly abused SWF properties
The studied SWF file makes use of ActionScript3, some exploits have been found in the past targeting the ActionScript Virtual Machine. ActionScript has also been used to force unwanted redirections and other badness. Note that many legitimate flash files may also use it to implement rich content and animations.
The studied SWF file performs environment identification.
SWF Properties
SWF version
32
Compression
zlib
Frame size
800.0x600.0 px
Frame count
1
Duration
0.033 seconds
File attributes
HasMetadata, ActionScript3, UseNetwork
Unrecognized SWF tags
1
Total SWF tags
14
ActionScript 3 Packages
flash.display
flash.events
flash.system
flash.utils
mx.core
SWF metadata
ExifTool file metadata
MIMEType
application/x-shockwave-flash

ImageSize
800x600

FileType
SWF

Megapixels
0.48

FrameRate
30

FlashVersion
32

FileTypeExtension
swf

Compressed
True

ImageWidth
800

Duration
0.03 s

FlashAttributes
UseNetwork, ActionScript3, HasMetadata

FrameCount
1

ImageHeight
600

File identification
MD5 e40909b9f4185e64ca428b208a0f4370
SHA1 910151c1d784d339d79e048ad90d8e38bd3874fe
SHA256 3e7aa5487ab1f2dc7e811e605aa60cea072d3067ca121baa9a77074b12519d67
ssdeep
384:WcnNh4BzKeA8BfQqVsKf3cmnR5K9ufnrd1kMVXwTFwGedjjW3Lbb5:vNk7NBfPhR89WsGuXb5

File size 15.9 KB ( 16289 bytes )
File type Flash
Magic literal
Macromedia Flash data (compressed), version 32

TrID Macromedia Flash Player Compressed Movie (100.0%)
Tags
flash zlib exploit cve-2015-8651 capabilities

VirusTotal metadata
First submission 2018-02-21 23:12:06 UTC ( 9 months, 3 weeks ago )
Last submission 2018-02-21 23:12:06 UTC ( 9 months, 3 weeks ago )
File names RigEK Flash Exploit.swf
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!