× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 48889b2e3300d9ce4a01366e747e52887e829d14e744354656cb94a9aa7e808c
File name: 2016-10-11-EITest-Rig-EK-flash-exploit-second-run.swf
Detection ratio: 33 / 59
Analysis date: 2017-09-20 21:53:10 UTC ( 10 months ago )
Antivirus Result Update
Ad-Aware Exploit.SWF.EQ 20170920
AegisLab Exp.Flash.Pubenush.W!c 20170920
AhnLab-V3 SWF/Pubenush 20170920
ALYac Exploit.SWF.Downloader 20170920
Arcabit Exploit.SWF.EQ 20170920
Avast SWF:Malware-gen [Trj] 20170920
AVG SWF:Malware-gen [Trj] 20170920
Avira (no cloud) EXP/FLASH.Pubenush.W.Gen 20170920
AVware Trojan.SWF.Generic.b (v) 20170919
BitDefender Exploit.SWF.EQ 20170920
CAT-QuickHeal SWF.GenSusp.A 20170920
Cyren SWF/Trojan.KHAK-2 20170920
DrWeb Exploit.SWF.980 20170920
Emsisoft Exploit.SWF.EQ (B) 20170920
ESET-NOD32 SWF/Exploit.ExKit.BEA 20170920
F-Secure Exploit.SWF.EQ 20170920
GData Exploit.SWF.EQ 20170920
Ikarus Exploit.SWF 20170920
MAX malware (ai score=85) 20170920
McAfee Exploit-SWF.d 20170920
McAfee-GW-Edition BehavesLike.Flash.XSS.mb 20170920
Microsoft Exploit:SWF/Rigved.A 20170920
eScan Exploit.SWF.EQ 20170920
NANO-Antivirus Exploit.Swf.FLASH.ejuimy 20170920
Qihoo-360 Win32/Trojan.Exploit.e34 20170920
Sophos AV Troj/SWFExp-ND 20170920
Symantec Trojan.Swifi 20170920
Tencent Win32.Exploit.Agent.Phgf 20170920
TrendMicro SWF_RIGKIT.D 20170920
TrendMicro-HouseCall SWF_RIGKIT.D 20170920
VIPRE Trojan.SWF.Generic.b (v) 20170920
ViRobot SWF.Z.Agent.25565 20170920
ZoneAlarm by Check Point HEUR:Exploit.SWF.Generic 20170920
Alibaba 20170911
Antiy-AVL 20170920
Avast-Mobile 20170829
Baidu 20170920
ClamAV 20170920
CMC 20170920
Comodo 20170920
CrowdStrike Falcon (ML) 20170804
Cylance 20170920
Endgame 20170821
F-Prot 20170920
Fortinet 20170920
Sophos ML 20170914
Jiangmin 20170920
K7AntiVirus 20170920
K7GW 20170920
Kaspersky 20170920
Kingsoft 20170920
Malwarebytes 20170920
nProtect 20170920
Palo Alto Networks (Known Signatures) 20170920
Panda 20170920
Rising 20170920
SentinelOne (Static ML) 20170806
SUPERAntiSpyware 20170920
Symantec Mobile Insight 20170920
TheHacker 20170916
TotalDefense 20170920
Trustlook 20170920
VBA32 20170920
Webroot 20170920
WhiteArmor 20170829
Yandex 20170908
Zillya 20170920
Zoner 20170920
The file being studied is a SWF file! SWF files deliver vector graphics, text, video, and sound over the Internet.
Commonly abused SWF properties
The studied SWF file makes use of ActionScript3, some exploits have been found in the past targeting the ActionScript Virtual Machine. ActionScript has also been used to force unwanted redirections and other badness. Note that many legitimate flash files may also use it to implement rich content and animations.
SWF Properties
SWF version
28
Compression
zlib
Frame size
709.0x124.0 px
Frame count
1
Duration
0.040 seconds
File attributes
HasMetadata, ActionScript3, UseNetwork
Unrecognized SWF tags
0
Total SWF tags
8
ActionScript 3 Packages
flash.display
flash.events
flash.net
flash.system
flash.utils
ExifTool file metadata
MIMEType
application/x-shockwave-flash

ImageSize
709x124

FileType
SWF

Megapixels
0.088

FrameRate
25

FlashVersion
28

FileTypeExtension
swf

Compressed
True

ImageWidth
709

Duration
0.04 s

FlashAttributes
UseNetwork, ActionScript3, HasMetadata

FrameCount
1

ImageHeight
124

PCAP parents
File identification
MD5 b4e530592c12a60a2a01abbdcb291c12
SHA1 ea80e35092d0733e4f677c276ac24dde5e1eef23
SHA256 48889b2e3300d9ce4a01366e747e52887e829d14e744354656cb94a9aa7e808c
ssdeep
384:gPiiLM0fKBwj3HFytl2eBnN99+2gzH4ffTASCy8MM+TxyNW3bliT9tn:g9JiBwj3sz3B5CyPBTkNWlc9h

File size 25.0 KB ( 25565 bytes )
File type Flash
Magic literal
Macromedia Flash data (compressed), version 28

TrID Macromedia Flash Player Compressed Movie (100.0%)
Tags
flash zlib

VirusTotal metadata
First submission 2016-10-11 23:32:43 UTC ( 1 year, 9 months ago )
Last submission 2017-09-20 21:53:10 UTC ( 10 months ago )
File names 2016-10-11-EITest-Rig-EK-flash-exploit-second-run.swf
flash.swf
aaa.swf
index[1].swf
index.swf
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!