| SHA256: | 47ae834987a7e4a89cb25370fd305450a1299eb276b12f0addce04e1a6223de2 |
| File name: | 47ae834987a7e4a89cb25370fd305450a1299eb276b12f0addce04e1a6223de2.swf |
| Detection ratio: | 33 / 59 |
| Analysis date: | 2017-10-13 01:48:01 UTC ( 9 hours, 20 minutes ago ) |
| Antivirus | Result | Update |
|---|---|---|
| Ad-Aware | Script.SWF.C154 | 20171013 |
| AhnLab-V3 | Swf/Exploit | 20171012 |
| ALYac | Script.SWF.C154 | 20171013 |
| Antiy-AVL | Trojan[Exploit]/SWF.Agent.gen | 20171012 |
| Arcabit | Script.SWF.C154 | 20171013 |
| Avast | SWF:Malware-gen [Trj] | 20171012 |
| AVG | SWF:Malware-gen [Trj] | 20171012 |
| Avira (no cloud) | EXP/SWF.ExKit.bey | 20171012 |
| AVware | Trojan.SWF.Generic.a (v) | 20171012 |
| BitDefender | Script.SWF.C154 | 20171013 |
| CAT-QuickHeal | Exp.SWF.DL | 20171012 |
| Comodo | UnclassifiedMalware | 20171012 |
| Cyren | SWF/CVE150336 | 20171012 |
| DrWeb | Exploit.SWF.429 | 20171012 |
| Emsisoft | Script.SWF.C154 (B) | 20171013 |
| ESET-NOD32 | SWF/Exploit.ExKit.AH | 20171013 |
| F-Secure | Script.SWF.C154 | 20171012 |
| GData | Script.SWF.C154 | 20171012 |
| Ikarus | Exploit.CVE-2015-0336 | 20171012 |
| Kaspersky | HEUR:Exploit.SWF.Agent.gen | 20171013 |
| MAX | malware (ai score=82) | 20171013 |
| McAfee | Exploit-SWF.r | 20171013 |
| McAfee-GW-Edition | Exploit-SWF.r | 20171013 |
| Microsoft | Exploit:SWF/CVE-2015-0336 | 20171013 |
| Sophos AV | Troj/SWFExp-GF | 20171013 |
| Symantec | Trojan.Swifi | 20171013 |
| Tencent | Win32.Exploit.Agent.Tesw | 20171013 |
| TrendMicro | SWF_EXPLOIT.OJF | 20171013 |
| TrendMicro-HouseCall | SWF_EXPLOIT.OJF | 20171013 |
| VIPRE | Trojan.SWF.Generic.a (v) | 20171013 |
| ViRobot | SWF.S.Exploit.12765 | 20171012 |
| Zillya | Downloader.OpenConnection.JS.152060 | 20171012 |
| ZoneAlarm by Check Point | HEUR:Exploit.SWF.Agent.gen | 20171013 |
| AegisLab | 20171013 | |
| Alibaba | 20170911 | |
| Avast-Mobile | 20171012 | |
| Baidu | 20171012 | |
| Bkav | 20171013 | |
| ClamAV | 20171013 | |
| CMC | 20171012 | |
| CrowdStrike Falcon (ML) | 20170804 | |
| Cylance | 20171013 | |
| Endgame | 20170821 | |
| F-Prot | 20171013 | |
| Fortinet | 20171012 | |
| Sophos ML | 20170914 | |
| Jiangmin | 20171013 | |
| K7AntiVirus | 20171013 | |
| K7GW | 20171013 | |
| Kingsoft | 20171013 | |
| Malwarebytes | 20171013 | |
| NANO-Antivirus | 20171013 | |
| nProtect | 20171013 | |
| Palo Alto Networks (Known Signatures) | 20171013 | |
| Panda | 20171012 | |
| Qihoo-360 | 20171013 | |
| Rising | 20171013 | |
| SentinelOne (Static ML) | 20171001 | |
| SUPERAntiSpyware | 20171012 | |
| Symantec Mobile Insight | 20171011 | |
| TheHacker | 20171013 | |
| TotalDefense | 20171012 | |
| Trustlook | 20171013 | |
| VBA32 | 20171012 | |
| Webroot | 20171013 | |
| WhiteArmor | 20170927 | |
| Yandex | 20171012 | |
| Zoner | 20171013 |
The file being studied is a SWF file!
SWF files deliver vector graphics, text, video, and sound over the Internet.
Commonly abused SWF properties
The studied SWF file makes use of ActionScript3, some
exploits have been found in the past targeting the ActionScript Virtual Machine.
ActionScript has also been used to force unwanted redirections and other badness.
Note that many legitimate flash files may also use it to implement rich content
and animations.
The studied SWF file contains noticeably long base64
streams, this commonly reveals encoding of malicious code in base64 format, which
will then be transformed into binary. It could also just be encoded images.
SWF Properties
SWF version
23
Compression
lzma
Frame size
500.0x375.0 px
Frame count
1
Duration
0.042 seconds
File attributes
HasMetadata, ActionScript3, UseNetwork
Unrecognized SWF tags
0
Total SWF tags
8
ActionScript 3 Packages
flash.display
flash.events
flash.external
flash.system
flash.utils
SWF metadata
Compressed bundles
File identification
MD5 cff213130ade23a2d03423305cff0639
SHA1 d2bbb2b0075e81bfd0377b6cf3805f32b61a922e
SHA256 47ae834987a7e4a89cb25370fd305450a1299eb276b12f0addce04e1a6223de2
ssdeep
384:TeAQKjZnPCVA26zufPN+eS8XfMR2qqTUZWn39/:qAQKJPCd6qfPMeSifMRZon39/
File size
12.5 KB ( 12765 bytes )
File type Flash
Magic literal
data
| TrID |
Unknown! |
Tags
lzma
exploit
flash
cve-2015-0336
VirusTotal metadata
First submission
2015-03-19 08:39:09 UTC ( 2 years, 6 months ago )
Last submission
2016-01-05 07:43:40 UTC ( 1 year, 9 months ago )
| File names |
47ae834987a7e4a89cb25370fd305450a1299eb276b12f0addce04e1a6223de2.swf NuclearPack_2015-03-19.swf NuclearPack_2015-03-19.swf CVE-2015-0336.swf file |
No comments.
No VirusTotal Community member has commented on this item yet, be the first one to do so!
You have not signed in. Only registered users can leave comments, sign in and have a voice!
No votes.
No one has voted on this item yet, be the first one to do so!