× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: adbdfe204f57c5339e46f1bced9d29fc37b271fac47a8aa01080e3fb69a88ca5
File name: 2016-11-16-5th-run-Sundown-EK-flash-exploit-2-of-2.swf
Detection ratio: 31 / 58
Analysis date: 2019-01-06 02:37:51 UTC ( 4 months, 2 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.Agent.CBYJ 20190106
AhnLab-V3 SWF/Exploit 20190105
ALYac Exploit.SWF.Downloader 20190106
Antiy-AVL Trojan[Exploit]/SWF.SWF.Generic 20190105
Arcabit Trojan.Agent.CBYJ 20190106
Avast SWF:Malware-gen [Trj] 20190106
AVG SWF:Malware-gen [Trj] 20190106
Avira (no cloud) SWF/ExKit.2331 20190106
BitDefender Trojan.Agent.CBYJ 20190106
DrWeb Exploit.SWF.859 20190106
Emsisoft Trojan.Agent.CBYJ (B) 20190106
ESET-NOD32 a variant of SWF/Exploit.ExKit.AAL 20190105
F-Secure Trojan.Agent.CBYJ 20190106
GData Trojan.Agent.CBYJ 20190106
Ikarus Exploit.Trojan 20190105
Kaspersky HEUR:Exploit.SWF.Generic 20190106
MAX malware (ai score=100) 20190106
McAfee SWF/Exploit-Rig.a 20190106
McAfee-GW-Edition BehavesLike.Flash.Exploit.kg 20190106
Microsoft Exploit:SWF/Broxwek.B 20190106
eScan Trojan.Agent.CBYJ 20190106
NANO-Antivirus Exploit.Swf.Agent.ejujld 20190106
Qihoo-360 heur.swf.exp.a 20190106
Rising Expolit.SWF/Gen(100%) (AI) 20190106
Sophos AV Troj/SWFExp-LV 20190106
Symantec Trojan.Swifi 20190105
Tencent Win32.Exploit.Generic.Dkt 20190106
TrendMicro SWF_EXPLOIT.YYLV 20190105
TrendMicro-HouseCall SWF_EXPLOIT.YYLV 20190105
ViRobot SWF.S.Exploit.33591 20190106
ZoneAlarm by Check Point HEUR:Exploit.SWF.Generic 20190106
Acronis 20181227
AegisLab 20190105
Alibaba 20180921
Avast-Mobile 20190105
Babable 20180918
Baidu 20190104
Bkav 20190104
CAT-QuickHeal 20190105
ClamAV 20190106
CMC 20190105
Comodo 20190106
CrowdStrike Falcon (ML) 20181022
Cybereason 20180225
Cylance 20190106
Cyren 20190106
eGambit 20190106
Endgame 20181108
F-Prot 20190106
Fortinet 20190106
Sophos ML 20181128
Jiangmin 20190106
K7AntiVirus 20190106
K7GW 20190105
Kingsoft 20190106
Malwarebytes 20190106
Palo Alto Networks (Known Signatures) 20190106
Panda 20190105
SentinelOne (Static ML) 20181223
SUPERAntiSpyware 20190102
TACHYON 20190106
TheHacker 20190104
TotalDefense 20190105
Trapmine 20190103
Trustlook 20190106
VBA32 20190104
VIPRE 20190106
Webroot 20190106
Yandex 20181229
Zillya 20190105
Zoner 20190106
The file being studied is a SWF file! SWF files deliver vector graphics, text, video, and sound over the Internet.
Commonly abused SWF properties
The studied SWF file makes use of ActionScript3, some exploits have been found in the past targeting the ActionScript Virtual Machine. ActionScript has also been used to force unwanted redirections and other badness. Note that many legitimate flash files may also use it to implement rich content and animations.
The studied SWF file contains noticeably long base64 streams, this commonly reveals encoding of malicious code in base64 format, which will then be transformed into binary. It could also just be encoded images.
The studied SWF file performs environment identification.
SWF Properties
SWF version
28
Compression
lzma
Frame size
500.0x375.0 px
Frame count
1
Duration
0.042 seconds
File attributes
HasMetadata, ActionScript3, UseNetwork
Unrecognized SWF tags
1
Total SWF tags
13
ActionScript 3 Packages
flash.display
flash.events
flash.net
flash.system
flash.utils
mx.core
SWF metadata
Suspicious strings
Compressed bundles
PCAP parents
File identification
MD5 03637dddc2930ccad890ca90eefe0b8d
SHA1 9d111e6982d1054ab121bb0efac91a5106bdadef
SHA256 adbdfe204f57c5339e46f1bced9d29fc37b271fac47a8aa01080e3fb69a88ca5
ssdeep
768:qoVGBmMEVIW/ftW7ioQLVzlBGbOPAgo/uIYdYOJPCByf87QimV:8BmMEVIaCgTGZ2d7JKBs87QimV

File size 32.8 KB ( 33591 bytes )
File type Flash
Magic literal
data

TrID Unknown!
Tags
lzma flash capabilities

VirusTotal metadata
First submission 2016-07-13 18:07:13 UTC ( 2 years, 10 months ago )
Last submission 2018-12-08 19:45:01 UTC ( 5 months, 1 week ago )
File names output.99418878.txt
output.100211862.txt
output.101583873.txt
output.100084801.txt
carolinamovie.swf
489567945678456874356487356743256.swf
output.99280142.txt
output.100619304.txt
output.100784045.txt
output.100851178.txt
output.99376890.txt
output.101255425.txt
output.100850827.txt
output.100869593.txt
output.100488319.txt
output.98748643.txt
output.100676202.txt
5bc71c846a19405c240b5cbc334ce091b8180489
2016-11-16-5th-run-Sundown-EK-flash-exploit-2-of-2.swf
output.100032914.txt
output.100210929.txt
output.99277977.txt
output.99674853.txt
output.100866497.txt
XQ.swf
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!