× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 70f6a2c2976248221c251d9965ff2313bc0ed0aebb098513d76de6d8396a7125
File name: vti-rescan
Detection ratio: 39 / 54
Analysis date: 2016-12-02 20:13:33 UTC ( 1 year, 10 months ago )
Antivirus Result Update
Ad-Aware Exploit.SWF.Agent.J 20161202
AegisLab Exploit.SWF.Agent.gr!c 20161202
AhnLab-V3 SWF/Exploit 20161202
ALYac Exploit.SWF.CVE-2010-2884 20161202
Antiy-AVL Trojan[Exploit]/SWF.Agent.gr 20161202
Arcabit Exploit.SWF.Agent.J 20161202
Avast SWF:Dropper [Heur] 20161202
AVG Exploit_c.VQP 20161202
Avira (no cloud) EXP/SWF.DI 20161202
BitDefender Exploit.SWF.Agent.J 20161202
CAT-QuickHeal SWF.Blacole.B 20161202
ClamAV Win.Trojan.Exploit-34 20161202
Comodo UnclassifiedMalware 20161202
DrWeb Exploit.SWF.225 20161202
Emsisoft Exploit.SWF.Agent.J (B) 20161202
ESET-NOD32 SWF/Exploit.Agent.EL 20161202
F-Secure Exploit:W32/SWFdloader.R 20161202
Fortinet SWF/Agent.73A7!exploit 20161202
GData Exploit.SWF.Agent.J 20161202
Ikarus Exploit.SWF.Agent 20161202
Jiangmin Exploit.CVE-2012-4969.b 20161202
K7AntiVirus Trojan ( 003e12941 ) 20161202
K7GW Trojan ( 003e12941 ) 20161202
Kaspersky Exploit.SWF.CVE-2010-2884.c 20161202
McAfee Exploit-CVE2010-2884 20161202
McAfee-GW-Edition BehavesLike.Flash.Exploit.lb 20161202
Microsoft Exploit:SWF/ShellCode.G 20161202
eScan Exploit.SWF.Agent.J 20161202
NANO-Antivirus Exploit.Swf.Agent.xpohq 20161202
nProtect Trojan-Exploit/W32.SWFlash.13631.UD 20161202
Panda Generic Malware 20161202
Qihoo-360 swf.doswf.heur.b 20161202
Sophos AV Troj/SWFDL-I 20161202
Symantec Trojan.Swifi 20161202
Tencent Win32.Exploit.Agent.Alsc 20161202
TrendMicro SWF_EXPLOIT.GAN 20161202
TrendMicro-HouseCall SWF_DROPPR.II 20161202
ViRobot SWF.S.Agent.13631[h] 20161202
Zillya Downloader.OpenConnection.JS.62390 20161202
Alibaba 20161202
AVware 20161202
Baidu 20161202
Bkav 20161202
CMC 20161202
CrowdStrike Falcon (ML) 20161024
Cyren 20161202
F-Prot 20161202
Sophos ML 20161202
Kingsoft 20161202
Malwarebytes 20161202
Rising 20161202
SUPERAntiSpyware 20161202
TheHacker 20161130
Trustlook 20161202
VBA32 20161202
VIPRE 20161202
WhiteArmor 20161125
Yandex 20161202
Zoner 20161202
The file being studied is a SWF file! SWF files deliver vector graphics, text, video, and sound over the Internet.
Commonly abused SWF properties
The studied SWF file makes use of ActionScript3, some exploits have been found in the past targeting the ActionScript Virtual Machine. ActionScript has also been used to force unwanted redirections and other badness. Note that many legitimate flash files may also use it to implement rich content and animations.
The studied SWF file makes use of the loadBytes ActionScript3 functionality, commonly used to load other files and arbitrary code at runtime.
The studied SWF file has been processed with a common flash file obfuscator, similar to portable executable packing, in order to make its reverse engineering more complex.
SWF Properties
SWF version
9
Frame size
9.0x11.0 px
Frame count
1
Duration
0.040 seconds
File attributes
HasMetadata, ActionScript3
Unrecognized SWF tags
0
Total SWF tags
8
ActionScript 3 Packages
flash.display
flash.events
flash.net
flash.system
flash.utils
SWF metadata
ExifTool file metadata
MIMEType
application/x-shockwave-flash

ImageSize
9x11

FileType
SWF

Megapixels
9.9e-05

FrameRate
25

FlashVersion
9

FileTypeExtension
swf

Compressed
False

ImageWidth
9

Duration
0.04 s

FlashAttributes
UseNetwork, [1], [5], [6]

FrameCount
1

ImageHeight
11

File identification
MD5 eb62e0051ad4ab3f626d148472dfa891
SHA1 565136d5b185d42f4510714980466f557b75b79c
SHA256 70f6a2c2976248221c251d9965ff2313bc0ed0aebb098513d76de6d8396a7125
ssdeep
384:2qUAECl5JICP1QxJcd5hDqYBdi7c8Skgzu3W3I:2qUA3SCPejyhnBg/g63W4

File size 13.3 KB ( 13631 bytes )
File type Flash
Magic literal
Macromedia Flash data, version 9

TrID Macromedia Flash Player Movie (100.0%)
Tags
obfuscated flash cve-2012-4969 exploit cve-2010-2884 loadbytes

VirusTotal metadata
First submission 2012-09-14 07:07:08 UTC ( 6 years, 1 month ago )
Last submission 2014-06-13 02:58:35 UTC ( 4 years, 4 months ago )
File names 36d5b185d42f4510714980466f557b75b79c
Moh2010.swf.txt
qtuD.xlsm
file-4525719_
Moh2010.swf
565136d5b185d42f4510714980466f557b75b79c.svn-base
vti-rescan
EB62E0051AD4AB3F626D148472DFA891.dat
Moh2010.swf
eb62e0051ad4ab3f626d148472dfa891
moh2010.swf
Moh2010.swf-
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!