× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7f5de6e0efab47133d8959d7585b76746a4ff3122233dc5f0884c5e96fa2620a
File name: RigEK Flash exploit from 185.158.155.60.swf
Detection ratio: 29 / 57
Analysis date: 2017-08-15 09:27:32 UTC ( 1 year, 5 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.12141463 20170815
AegisLab Swf.Troj.Agent!c 20170815
AhnLab-V3 SWF/RigEK.Gen 20170814
ALYac Trojan.GenericKD.12141463 20170815
Antiy-AVL Trojan[Exploit]/SWF.SWF.Generic 20170815
Arcabit Trojan.Generic.DB94397 20170815
Avast SWF:GirDrop [Drp] 20170815
AVG SWF:GirDrop [Drp] 20170815
Avira (no cloud) EXP/FLASH.Pubenush.AA.Gen 20170815
BitDefender Trojan.GenericKD.12141463 20170815
CAT-QuickHeal Exp.SWF.Rig.EK 20170814
DrWeb Exploit.SWF.1232 20170815
Emsisoft Trojan.GenericKD.12141463 (B) 20170815
ESET-NOD32 a variant of SWF/Exploit.ExKit.BHR 20170815
F-Secure Trojan.GenericKD.12141463 20170815
GData Trojan.GenericKD.12141463 20170815
Ikarus Trojan.SWF.Exploit 20170815
MAX malware (ai score=80) 20170815
McAfee Exploit-swf.bx 20170815
McAfee-GW-Edition Exploit-swf.bx 20170814
Microsoft Trojan:Win32/Skeeyah.A!rfn 20170815
eScan Trojan.GenericKD.12141463 20170815
Qihoo-360 swf.cve-2015-8651.rig.a 20170815
Rising Exploit.CVE-2015-8651!1.A595 (classic) 20170815
Symantec Trojan.Gen.NPE 20170815
Tencent Win32.Exploit.Generic.Tcvw 20170815
TrendMicro SWF_EXKIT.FGIX 20170815
TrendMicro-HouseCall SWF_EXKIT.FGIX 20170815
ZoneAlarm by Check Point HEUR:Exploit.SWF.Generic 20170815
Alibaba 20170815
AVware 20170815
Baidu 20170815
Bkav 20170814
ClamAV 20170815
CMC 20170815
Comodo 20170814
CrowdStrike Falcon (ML) 20170804
Cylance 20170815
Cyren 20170815
Endgame 20170721
F-Prot 20170815
Fortinet 20170815
Sophos ML 20170607
Jiangmin 20170815
K7AntiVirus 20170814
K7GW 20170815
Kaspersky 20170815
Kingsoft 20170815
Malwarebytes 20170815
NANO-Antivirus 20170815
nProtect 20170815
Palo Alto Networks (Known Signatures) 20170815
Panda 20170815
SentinelOne (Static ML) 20170806
Sophos AV 20170815
SUPERAntiSpyware 20170815
Symantec Mobile Insight 20170815
TheHacker 20170814
Trustlook 20170815
VBA32 20170814
VIPRE 20170815
ViRobot 20170815
Webroot 20170815
WhiteArmor 20170815
Yandex 20170814
Zoner 20170814
The file being studied is a SWF file! SWF files deliver vector graphics, text, video, and sound over the Internet.
Commonly abused SWF properties
The studied SWF file makes use of ActionScript3, some exploits have been found in the past targeting the ActionScript Virtual Machine. ActionScript has also been used to force unwanted redirections and other badness. Note that many legitimate flash files may also use it to implement rich content and animations.
The studied SWF file performs environment identification.
SWF Properties
SWF version
32
Compression
zlib
Frame size
800.0x600.0 px
Frame count
1
Duration
0.033 seconds
File attributes
HasMetadata, ActionScript3, UseNetwork
Unrecognized SWF tags
1
Total SWF tags
12
ActionScript 3 Packages
flash.display
flash.events
flash.system
flash.utils
mx.core
ExifTool file metadata
MIMEType
application/x-shockwave-flash

ImageSize
800x600

FileType
SWF

Megapixels
0.48

FrameRate
30

FlashVersion
32

Warning
[minor] Empty XMP

FileTypeExtension
swf

Compressed
True

ImageWidth
800

Duration
0.03 s

FlashAttributes
UseNetwork, ActionScript3, HasMetadata

FrameCount
1

ImageHeight
600

File identification
MD5 ccd8ff76d3e86989c8db0622d69e0681
SHA1 aa6219cea38038d39b86ed05d5d5d7b60a7ae811
SHA256 7f5de6e0efab47133d8959d7585b76746a4ff3122233dc5f0884c5e96fa2620a
ssdeep
384:8y5cnHzuq4boE18IPl5f7M1aW286qx4QWMAdfCfOWn:n+QboE6aU6bL/CmE

File size 14.2 KB ( 14561 bytes )
File type Flash
Magic literal
Macromedia Flash data (compressed), version 32

TrID Macromedia Flash Player Compressed Movie (100.0%)
Tags
flash zlib exploit cve-2015-8651 capabilities

VirusTotal metadata
First submission 2017-08-11 02:13:15 UTC ( 1 year, 5 months ago )
Last submission 2017-08-15 09:27:32 UTC ( 1 year, 5 months ago )
File names 8-10-2017-RigEK FLASH.swf
RigEK Flash exploit from 185.158.155.60.swf
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!