× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9467156ef5d22e2620e0d643f36213e1d5e53d77e5c23cb8287a77617e5118d7
File name: 2015-04-02-paying-days-com-flash-exploit.swf
Detection ratio: 6 / 56
Analysis date: 2015-05-31 22:54:28 UTC ( 2 years, 5 months ago ) View latest
Antivirus Result Update
ESET-NOD32 SWF/Exploit.CVE-2015-0311.I 20150531
Ikarus Trojan.SWF.Exploit 20150531
McAfee-GW-Edition BehavesLike.Flash.Exploit.mb 20150531
Microsoft Exploit:SWF/CVE-2015-0336 20150531
Qihoo-360 heur.swf.rateII.3 20150531
TrendMicro-HouseCall Suspicious_GEN.F47V0403 20150531
Ad-Aware 20150531
AegisLab 20150531
Yandex 20150531
AhnLab-V3 20150531
Alibaba 20150531
ALYac 20150531
Antiy-AVL 20150531
Avast 20150531
AVG 20150531
Avira (no cloud) 20150531
AVware 20150531
Baidu-International 20150531
BitDefender 20150531
Bkav 20150529
ByteHero 20150531
CAT-QuickHeal 20150530
ClamAV 20150531
CMC 20150530
Comodo 20150531
Cyren 20150531
DrWeb 20150531
Emsisoft 20150531
F-Prot 20150531
F-Secure 20150531
Fortinet 20150531
GData 20150531
Jiangmin 20150529
K7AntiVirus 20150531
K7GW 20150531
Kaspersky 20150531
Kingsoft 20150531
Malwarebytes 20150531
McAfee 20150531
eScan 20150531
NANO-Antivirus 20150531
nProtect 20150529
Panda 20150531
Rising 20150531
Sophos AV 20150531
SUPERAntiSpyware 20150530
Symantec 20150531
Tencent 20150531
TheHacker 20150529
TotalDefense 20150531
TrendMicro 20150531
VBA32 20150529
VIPRE 20150531
ViRobot 20150531
Zillya 20150531
Zoner 20150526
The file being studied is a SWF file! SWF files deliver vector graphics, text, video, and sound over the Internet.
Commonly abused SWF properties
The studied SWF file makes use of ActionScript3, some exploits have been found in the past targeting the ActionScript Virtual Machine. ActionScript has also been used to force unwanted redirections and other badness. Note that many legitimate flash files may also use it to implement rich content and animations.
The studied SWF file makes use of the loadBytes ActionScript3 functionality, commonly used to load other files and arbitrary code at runtime.
The studied SWF file has been processed with a common flash file obfuscator, similar to portable executable packing, in order to make its reverse engineering more complex.
SWF Properties
SWF version
23
Frame size
500.0x375.0 px
Frame count
1
Duration
0.042 seconds
File attributes
HasMetadata, ActionScript3, UseNetwork
Unrecognized SWF tags
1
Total SWF tags
14
ActionScript 3 Packages
flash.display
flash.events
flash.utils
SWF metadata
ExifTool file metadata
MIMEType
application/x-shockwave-flash

ImageSize
500x375

Format
application/x-shockwave-flash

CompilerBuild
354110

FileType
SWF

Megapixels
0.188

FrameRate
24

CompilerName
ActionScript Compiler

CompilerVersion
2.0.0

Warning
[minor] Fixed incorrect URI for xmlns:dc

FileTypeExtension
swf

Compressed
False

ImageWidth
500

Duration
0.04 s

FlashVersion
23

FlashAttributes
UseNetwork, ActionScript3, HasMetadata

FrameCount
1

ImageHeight
375

PCAP parents
File identification
MD5 7ee264c6c13e41e5a9c781905d830ade
SHA1 a09b2382fe0250981a9517f9cf1713007c10c87d
SHA256 9467156ef5d22e2620e0d643f36213e1d5e53d77e5c23cb8287a77617e5118d7
ssdeep
384:2tWmkdhlq9HYMoLFaG+hjYRn+9T4L1ILYoK6uiGpgPdcXwNsHZwpTA9qkWmO/5i0:2ghlquMoLJvV+9C17R6uiGpgPdcgNsHE

File size 21.8 KB ( 22372 bytes )
File type Flash
Magic literal
Macromedia Flash data, version 23

TrID Macromedia Flash Player Movie (100.0%)
Tags
obfuscated flash exploit cve-2015-0311 loadbytes cve-2015-0336

VirusTotal metadata
First submission 2015-04-02 23:59:29 UTC ( 2 years, 7 months ago )
Last submission 2016-02-08 21:34:49 UTC ( 1 year, 9 months ago )
File names 8475a6b2a8a66525d1818c656f81bf18
9467156ef5d22e2620e0d643f36213e1d5e53d77e5c23cb8287a77617e5118d7.bin
2015-04-02-paying-days-com-flash-exploit.swf
9467156ef5d22e2620e0d643f36213e1d5e53d77e5c23cb8287a77617e5118d7.swf
7ee264c6c13e41e5a9c781905d830ade_@PD0.swf
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!