× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5ad1784383ade7dbf6502f3fa0e5b295fc7940306c30b155cc564049c6c65dbf
File name: RigEK Flash exploit from 188.225.76.204.swf
Detection ratio: 14 / 56
Analysis date: 2017-07-06 00:36:34 UTC ( 1 year, 1 month ago ) View latest
Antivirus Result Update
AhnLab-V3 SWF/RigEK.Gen 20170705
Antiy-AVL Trojan[Exploit]/SWF.SWF.Generic 20170705
Avast SWF:Agent-FV [Expl] 20170705
AVG SWF:Agent-FV [Expl] 20170705
Avira (no cloud) EXP/FLASH.Pubenush.AA.Gen 20170705
CAT-QuickHeal Exp.SWF.CVE-2015-5122.B 20170705
DrWeb Exploit.SWF.1232 20170705
ESET-NOD32 a variant of SWF/Exploit.ExKit.AGL 20170705
McAfee SWF/Exploit-Rig.a 20170706
McAfee-GW-Edition SWF/Exploit-Rig.a 20170705
Qihoo-360 swf.cve-2015-8651.rig.a 20170706
Rising Exploit.CVE-2015-8651!1.A595 (classic) 20170705
TrendMicro HEUR_SWFDEC.SC2 20170706
ZoneAlarm by Check Point HEUR:Exploit.SWF.Generic 20170705
Ad-Aware 20170705
AegisLab 20170705
Alibaba 20170705
ALYac 20170706
Arcabit 20170705
AVware 20170705
Baidu 20170705
BitDefender 20170705
ClamAV 20170705
CMC 20170705
Comodo 20170705
CrowdStrike Falcon (ML) 20170420
Cyren 20170705
Emsisoft 20170705
Endgame 20170629
F-Prot 20170705
F-Secure 20170705
Fortinet 20170629
GData 20170706
Ikarus 20170705
Sophos ML 20170607
Jiangmin 20170706
K7AntiVirus 20170705
K7GW 20170706
Kaspersky 20170705
Kingsoft 20170706
Malwarebytes 20170705
MAX 20170705
Microsoft 20170705
eScan 20170706
NANO-Antivirus 20170705
nProtect 20170705
Palo Alto Networks (Known Signatures) 20170706
Panda 20170705
SentinelOne (Static ML) 20170516
Sophos AV 20170705
SUPERAntiSpyware 20170706
Symantec 20170705
Symantec Mobile Insight 20170705
Tencent 20170706
TheHacker 20170704
TrendMicro-HouseCall 20170706
Trustlook 20170706
VBA32 20170705
VIPRE 20170705
ViRobot 20170705
Webroot 20170706
WhiteArmor 20170627
Yandex 20170705
Zillya 20170705
Zoner 20170705
The file being studied is a SWF file! SWF files deliver vector graphics, text, video, and sound over the Internet.
Commonly abused SWF properties
The studied SWF file makes use of ActionScript3, some exploits have been found in the past targeting the ActionScript Virtual Machine. ActionScript has also been used to force unwanted redirections and other badness. Note that many legitimate flash files may also use it to implement rich content and animations.
The studied SWF file performs environment identification.
SWF Properties
SWF version
32
Compression
zlib
Frame size
800.0x600.0 px
Frame count
1
Duration
0.033 seconds
File attributes
HasMetadata, ActionScript3, UseNetwork
Unrecognized SWF tags
1
Total SWF tags
13
ActionScript 3 Packages
flash.display
flash.events
flash.system
flash.utils
mx.core
SWF metadata
ExifTool file metadata
MIMEType
application/x-shockwave-flash

ImageSize
800x600

FileType
SWF

Megapixels
0.48

FrameRate
30

FlashVersion
32

FileTypeExtension
swf

Compressed
True

ImageWidth
800

Duration
0.03 s

FlashAttributes
UseNetwork, ActionScript3, HasMetadata

FrameCount
1

ImageHeight
600

File identification
MD5 ca98f7176aa6ec94bfbaf0118ba77d6a
SHA1 80bb11911440cb24259656c31ff7e0157c8d196e
SHA256 5ad1784383ade7dbf6502f3fa0e5b295fc7940306c30b155cc564049c6c65dbf
ssdeep
384:vytbglvYz4wtpeps45dK3Et+Fobd1amD+QZZ4mAMxL8Z3c:qtbgl44wtI35k0U4T+QZZTAELQ3c

File size 15.0 KB ( 15312 bytes )
File type Flash
Magic literal
Macromedia Flash data (compressed), version 32

TrID Macromedia Flash Player Compressed Movie (100.0%)
Tags
flash cve-2015-5122 zlib capabilities exploit cve-2015-8651

VirusTotal metadata
First submission 2017-07-06 00:36:34 UTC ( 1 year, 1 month ago )
Last submission 2017-07-06 00:36:34 UTC ( 1 year, 1 month ago )
File names RigEK Flash exploit from 188.225.76.204.swf
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!