× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4f8ee603630bbcc55b33b2c95347fe51d1dbc50531ece60b9f15050aa1119339
File name: RigEK 188.225.82.158 Flash exploit.swf
Detection ratio: 20 / 59
Analysis date: 2017-11-11 22:29:35 UTC ( 1 year, 4 months ago ) View latest
Antivirus Result Update
AegisLab Swfdec.Gen!c 20171111
AhnLab-V3 SWF/RigEK.Gen 20171111
Antiy-AVL Trojan[Exploit]/SWF.SWF.Generic 20171111
Avast SWF:GirDrop [Drp] 20171111
AVG SWF:GirDrop [Drp] 20171111
Avira (no cloud) EXP/FLASH.Lodabytor.T.Gen 20171111
CAT-QuickHeal Exp.SWF.Rig.EK.1886 20171111
DrWeb Exploit.SWF.1232 20171111
ESET-NOD32 a variant of SWF/Exploit.ExKit.AJN 20171111
GData SWF.Trojan.Agent.84YSJP 20171111
Ikarus Trojan.SWF.Exploit 20171111
MAX malware (ai score=84) 20171111
McAfee SWF/Exploit-Rig.a 20171111
McAfee-GW-Edition SWF/Exploit-Rig.a 20171111
Qihoo-360 swf.cve-2015-8651.rig.a 20171111
Rising Exploit.CVE-2015-8651!1.A595 (CLASSIC) 20171111
TrendMicro HEUR_SWFDEC.DL 20171111
TrendMicro-HouseCall Suspicious_GEN.F47V1110 20171111
ViRobot SWF.Z.Agent.14197 20171111
ZoneAlarm by Check Point HEUR:Exploit.SWF.Generic 20171111
Ad-Aware 20171111
Alibaba 20170911
ALYac 20171110
Arcabit 20171110
Avast-Mobile 20171111
AVware 20171111
Baidu 20171109
BitDefender 20171111
Bkav 20171111
ClamAV 20171111
CMC 20171109
Comodo 20171111
CrowdStrike Falcon (ML) 20171016
Cybereason None
Cylance 20171111
Cyren 20171111
eGambit 20171111
Emsisoft 20171111
Endgame 20171024
F-Prot 20171111
F-Secure 20171111
Fortinet 20171111
Sophos ML 20170914
Jiangmin 20171110
K7AntiVirus 20171111
K7GW 20171111
Kaspersky 20171111
Kingsoft 20171111
Malwarebytes 20171111
Microsoft 20171111
eScan 20171111
NANO-Antivirus 20171111
nProtect 20171111
Palo Alto Networks (Known Signatures) 20171111
Panda 20171111
SentinelOne (Static ML) 20171019
Sophos AV 20171111
SUPERAntiSpyware 20171111
Symantec 20171111
Symantec Mobile Insight 20171110
Tencent 20171111
TheHacker 20171102
Trustlook 20171111
VBA32 20171110
VIPRE 20171111
Webroot 20171111
WhiteArmor 20171104
Yandex 20171110
Zillya 20171110
Zoner 20171111
The file being studied is a SWF file! SWF files deliver vector graphics, text, video, and sound over the Internet.
Commonly abused SWF properties
The studied SWF file makes use of ActionScript3, some exploits have been found in the past targeting the ActionScript Virtual Machine. ActionScript has also been used to force unwanted redirections and other badness. Note that many legitimate flash files may also use it to implement rich content and animations.
The studied SWF file performs environment identification.
SWF Properties
SWF version
32
Compression
zlib
Frame size
800.0x600.0 px
Frame count
1
Duration
0.033 seconds
File attributes
HasMetadata, ActionScript3, UseNetwork
Unrecognized SWF tags
1
Total SWF tags
13
ActionScript 3 Packages
flash.display
flash.events
flash.system
flash.utils
mx.core
SWF metadata
ExifTool file metadata
MIMEType
application/x-shockwave-flash

ImageSize
800x600

FileType
SWF

Megapixels
0.48

FrameRate
30

FlashVersion
32

FileTypeExtension
swf

Compressed
True

ImageWidth
800

Duration
0.03 s

FlashAttributes
UseNetwork, ActionScript3, HasMetadata

FrameCount
1

ImageHeight
600

File identification
MD5 727e7734f1743196102ccaf6ab7087b7
SHA1 9db374f0c01dc98568458766a17f57e8992ef8e8
SHA256 4f8ee603630bbcc55b33b2c95347fe51d1dbc50531ece60b9f15050aa1119339
ssdeep
384:SGjmL5EimICsIneieF7a3e08mOZ48ytwKMzVx6:S7JCs4eieFe3e79UwU

File size 13.9 KB ( 14197 bytes )
File type Flash
Magic literal
Macromedia Flash data (compressed), version 32

TrID Macromedia Flash Player Compressed Movie (100.0%)
Tags
flash zlib exploit cve-2015-8651 capabilities

VirusTotal metadata
First submission 2017-11-10 23:02:43 UTC ( 1 year, 4 months ago )
Last submission 2017-11-11 22:29:35 UTC ( 1 year, 4 months ago )
File names RigEK 188.225.82.158 Flash exploit.swf
Dangerous.swf
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!