× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 971c424d839bed4037a62f85791beb559f43e77d67a83590274478bdcf0c4563
File name: RigEK Flash Exploit.swf
Detection ratio: 12 / 55
Analysis date: 2018-03-21 17:01:44 UTC ( 8 months, 3 weeks ago )
Antivirus Result Update
AhnLab-V3 SWF/RigEK.Gen 20180321
Antiy-AVL Trojan[Exploit]/SWF.SWF.Generic 20180321
Avira (no cloud) EXP/FLASH.Pubenush.AC.Gen 20180321
CAT-QuickHeal Exp.SWF.Rig.EK.4476 20180321
DrWeb Exploit.SWF.1232 20180321
ESET-NOD32 a variant of SWF/Exploit.ExKit.AJN 20180321
Kaspersky HEUR:Exploit.SWF.Agent.gen 20180321
Qihoo-360 swf.cve-2015-8651.rig.a 20180321
Rising Exploit.CVE-2015-8651!1.A595 (CLASSIC) 20180321
Symantec Trojan.Swifi 20180321
Tencent Win32.Exploit.Generic.Ljtt 20180321
ZoneAlarm by Check Point HEUR:Exploit.SWF.Generic 20180321
Ad-Aware 20180321
AegisLab 20180321
Alibaba 20180321
ALYac 20180321
Arcabit 20180321
Avast 20180321
Avast-Mobile 20180321
AVG 20180321
AVware 20180321
Baidu 20180321
BitDefender 20180321
Bkav 20180321
ClamAV 20180321
CMC 20180321
Comodo 20180321
CrowdStrike Falcon (ML) 20170201
Cybereason None
Cylance 20180321
Cyren 20180321
eGambit 20180321
Emsisoft 20180321
Endgame 20180316
F-Prot 20180321
F-Secure 20180321
Fortinet 20180321
GData 20180321
Sophos ML 20180121
Jiangmin 20180321
K7AntiVirus 20180321
K7GW 20180321
Kingsoft 20180321
Malwarebytes 20180321
MAX 20180321
McAfee 20180321
McAfee-GW-Edition 20180321
Microsoft 20180321
eScan 20180321
NANO-Antivirus 20180321
nProtect 20180321
Palo Alto Networks (Known Signatures) 20180321
Panda 20180321
SentinelOne (Static ML) 20180225
Sophos AV 20180321
SUPERAntiSpyware 20180321
Symantec Mobile Insight 20180311
TheHacker 20180319
Trustlook 20180321
VBA32 20180321
VIPRE 20180321
ViRobot 20180321
WhiteArmor 20180223
Yandex 20180321
Zillya 20180321
Zoner 20180321
The file being studied is a SWF file! SWF files deliver vector graphics, text, video, and sound over the Internet.
Commonly abused SWF properties
The studied SWF file makes use of ActionScript3, some exploits have been found in the past targeting the ActionScript Virtual Machine. ActionScript has also been used to force unwanted redirections and other badness. Note that many legitimate flash files may also use it to implement rich content and animations.
The studied SWF file performs environment identification.
SWF Properties
SWF version
32
Compression
zlib
Frame size
800.0x600.0 px
Frame count
1
Duration
0.033 seconds
File attributes
HasMetadata, ActionScript3, UseNetwork
Unrecognized SWF tags
1
Total SWF tags
14
ActionScript 3 Packages
flash.display
flash.events
flash.system
flash.utils
mx.core
SWF metadata
ExifTool file metadata
MIMEType
application/x-shockwave-flash

ImageSize
800x600

FileType
SWF

Megapixels
0.48

FrameRate
30

FlashVersion
32

FileTypeExtension
swf

Compressed
True

ImageWidth
800

Duration
0.03 s

FlashAttributes
UseNetwork, ActionScript3, HasMetadata

FrameCount
1

ImageHeight
600

File identification
MD5 a15de6137fa99d50da2f10063e4ca953
SHA1 a7925178faa4ad7513e5c2caebb43516f6bad634
SHA256 971c424d839bed4037a62f85791beb559f43e77d67a83590274478bdcf0c4563
ssdeep
384:ugYjowykFdzHhq2z/2B/Btr++Uwo2Ldg0kZ+px5+yXaKzXmMM5G:9gTc2zOBrrFdpg0kZyxUyXaKmM4G

File size 15.6 KB ( 15952 bytes )
File type Flash
Magic literal
Macromedia Flash data (compressed), version 32

TrID Macromedia Flash Player Compressed Movie (100.0%)
Tags
flash zlib exploit cve-2015-8651 capabilities

VirusTotal metadata
First submission 2018-03-21 17:01:44 UTC ( 8 months, 3 weeks ago )
Last submission 2018-03-21 17:01:44 UTC ( 8 months, 3 weeks ago )
File names RigEK Flash Exploit.swf
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!