× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8e13de0f5fc422d6098ef03bc040e650c1cde89f8541f8acf3617ff122b64185
File name: RigEK Flash exploit.swf
Detection ratio: 28 / 59
Analysis date: 2018-09-09 16:09:28 UTC ( 3 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.6376978 20180909
AhnLab-V3 SWF/RigEK.Gen 20180909
ALYac Exploit.SWF.Agent 20180909
Antiy-AVL Trojan[Exploit]/SWF.SWF.Generic 20180906
Arcabit Trojan.Generic.D614E12 20180909
Avast SWF:GirDrop [Drp] 20180909
AVG SWF:GirDrop [Drp] 20180909
Avira (no cloud) EXP/FLASH.Lodabytor.T.Gen 20180909
BitDefender Trojan.GenericKD.6376978 20180909
CAT-QuickHeal Exp.SWF.CVE-2018-4878.Shell 20180909
Comodo UnclassifiedMalware 20180909
Cyren SWF/CVE-2015-8 20180909
DrWeb Exploit.SWF.1232 20180909
Emsisoft Trojan.GenericKD.6376978 (B) 20180909
ESET-NOD32 a variant of SWF/Exploit.ExKit.AJN 20180909
GData Trojan.GenericKD.6376978 20180909
Ikarus Trojan.SWF.Exploit 20180909
Kaspersky HEUR:Exploit.SWF.Agent.gen 20180909
MAX malware (ai score=95) 20180909
McAfee SWF/Exploit-Rig.h 20180909
McAfee-GW-Edition BehavesLike.Flash.Exploit.mg 20180909
eScan Trojan.GenericKD.6376978 20180909
Rising Exploit.CVE-2015-8651!1.A595 (CLASSIC) 20180909
Symantec Trojan.Gen.NPE 20180908
Tencent Win32.Exploit.Generic.Efux 20180909
TrendMicro SWF_EXKIT.THAAHH 20180909
TrendMicro-HouseCall SWF_EXKIT.THAAHH 20180909
ZoneAlarm by Check Point HEUR:Exploit.SWF.Generic 20180909
AegisLab 20180909
Alibaba 20180713
Avast-Mobile 20180909
AVware 20180909
Babable 20180907
Baidu 20180906
Bkav 20180906
ClamAV 20180909
CMC 20180908
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cylance 20180909
eGambit 20180909
Endgame 20180730
F-Prot 20180909
F-Secure 20180810
Fortinet 20180909
Sophos ML 20180717
Jiangmin 20180909
K7AntiVirus 20180909
K7GW 20180909
Kingsoft 20180909
Malwarebytes 20180909
Microsoft 20180909
NANO-Antivirus 20180909
Palo Alto Networks (Known Signatures) 20180909
Panda 20180909
Qihoo-360 20180909
SentinelOne (Static ML) 20180830
Sophos AV 20180909
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20180905
TACHYON 20180909
TheHacker 20180907
TotalDefense 20180909
Trustlook 20180909
VBA32 20180907
VIPRE 20180909
ViRobot 20180909
Webroot 20180909
Yandex 20180908
Zillya 20180908
Zoner 20180908
The file being studied is a SWF file! SWF files deliver vector graphics, text, video, and sound over the Internet.
Commonly abused SWF properties
The studied SWF file makes use of ActionScript3, some exploits have been found in the past targeting the ActionScript Virtual Machine. ActionScript has also been used to force unwanted redirections and other badness. Note that many legitimate flash files may also use it to implement rich content and animations.
The studied SWF file contains noticeably long strings of hex characters, this commonly reveals encoding of malicious code in hex format, which will then be transformed into binary via the hexToBin function.
The studied SWF file performs environment identification.
SWF Properties
SWF version
32
Compression
zlib
Frame size
800.0x600.0 px
Frame count
1
Duration
0.033 seconds
File attributes
HasMetadata, ActionScript3, UseNetwork
Unrecognized SWF tags
1
Total SWF tags
13
ActionScript 3 Packages
flash.display
flash.events
flash.system
flash.utils
mx.core
SWF metadata
ExifTool file metadata
MIMEType
application/x-shockwave-flash

ImageSize
800x600

FileType
SWF

Megapixels
0.48

FrameRate
30

FlashVersion
32

FileTypeExtension
swf

Compressed
True

ImageWidth
800

Duration
0.03 s

FlashAttributes
UseNetwork, ActionScript3, HasMetadata

FrameCount
1

ImageHeight
600

File identification
MD5 8ed3c5b2d99f8ebfc0ec94f69790e1f8
SHA1 064afe58591f30521eb87bc52ed9b3fceeeee4c9
SHA256 8e13de0f5fc422d6098ef03bc040e650c1cde89f8541f8acf3617ff122b64185
ssdeep
192:SHhnRSe+w7TKSnQtWPIrJs5vG4dBeFpjCJVR7wisM2Y/It6dx5m48zePL300nePy:SHnSFwHrQgPIrJslujKQBaItSLmJzebH

File size 11.8 KB ( 12086 bytes )
File type Flash
Magic literal
Macromedia Flash data (compressed), version 32

TrID Macromedia Flash Player Compressed Movie (100.0%)
Tags
zlib cve-2018-4878 flash exploit capabilities long-hex cve-2015-8651

VirusTotal metadata
First submission 2018-01-13 00:19:54 UTC ( 11 months ago )
Last submission 2018-01-19 14:01:27 UTC ( 10 months, 3 weeks ago )
File names RigEK Flash exploit.swf
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!