× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b2eaf8c6331ac91bdb58e39d14cc9f14a70be02039f2f12b686018779ddaaeff
File name: sa72_2016-12-21T20.46.29+0100_10.12.21.102-49533_185.162.9.119-80...
Detection ratio: 29 / 55
Analysis date: 2016-12-27 11:20:18 UTC ( 2 years ago )
Antivirus Result Update
Ad-Aware Script.SWF.C338 20161227
AegisLab Swfdec.Gen!c 20161227
AhnLab-V3 SWF/Exploitkit3 20161227
ALYac Exploit.SWF.Downloader 20161227
Arcabit Script.SWF.C338 20161227
Avast SWF:Malware-gen [Trj] 20161227
Avira (no cloud) SWF/Exploit.bnmb 20161227
AVware Trojan.SWF.Generic.b (v) 20161227
BitDefender Script.SWF.C338 20161227
CAT-QuickHeal Exp.SWF.Rig.EK 20161227
ClamAV Win.Trojan.Agent-5335146-0 20161227
DrWeb Exploit.SWF.1068 20161227
Emsisoft Script.SWF.C338 (B) 20161227
ESET-NOD32 a variant of SWF/Exploit.ExKit.BFD 20161227
F-Secure Script.SWF.C338 20161227
Fortinet Malware_Generic.P0 20161227
GData Script.SWF.C338 20161227
Ikarus Trojan.SWF.Exploit 20161227
McAfee SWF/Exploit-Rig.g 20161227
McAfee-GW-Edition BehavesLike.Flash.Exploit.ml 20161227
Microsoft VirTool:SWF/Injector.D 20161227
eScan Script.SWF.C338 20161227
Qihoo-360 Win32/Virus.Exploit.c44 20161227
Sophos AV Troj/SWFExp-NL 20161227
Symantec Trojan.Gen.6 20161227
TrendMicro TROJ_FRS.0NA003LM16 20161227
TrendMicro-HouseCall TROJ_FRS.0NA003LM16 20161227
VIPRE Trojan.SWF.Generic.b (v) 20161227
ViRobot SWF.S.Exploit.12759[h] 20161227
Alibaba 20161223
Antiy-AVL 20161227
AVG 20161227
Baidu 20161207
Bkav 20161227
CMC 20161227
Comodo 20161227
CrowdStrike Falcon (ML) 20161024
Cyren 20161227
F-Prot 20161227
Sophos ML 20161216
Jiangmin 20161226
K7AntiVirus 20161227
K7GW 20161227
Kaspersky 20161227
Kingsoft 20161227
Malwarebytes 20161227
NANO-Antivirus 20161227
nProtect 20161227
Panda 20161226
Rising 20161227
SUPERAntiSpyware 20161227
Tencent 20161227
TheHacker 20161226
TotalDefense 20161227
Trustlook 20161227
VBA32 20161226
WhiteArmor 20161221
Yandex 20161226
Zillya 20161227
Zoner 20161227
The file being studied is a SWF file! SWF files deliver vector graphics, text, video, and sound over the Internet.
Commonly abused SWF properties
The studied SWF file makes use of ActionScript3, some exploits have been found in the past targeting the ActionScript Virtual Machine. ActionScript has also been used to force unwanted redirections and other badness. Note that many legitimate flash files may also use it to implement rich content and animations.
The studied SWF file performs environment identification.
SWF Properties
SWF version
34
Compression
zlib
Frame size
710.0x120.0 px
Frame count
1
Duration
0.040 seconds
File attributes
ActionScript3, UseNetwork
Unrecognized SWF tags
1
Total SWF tags
10
ActionScript 3 Packages
flash.display
flash.events
flash.system
flash.utils
ExifTool file metadata
MIMEType
application/x-shockwave-flash

ImageSize
710x120

FileType
SWF

Megapixels
0.085

FrameRate
25

FlashVersion
34

FileTypeExtension
swf

Compressed
True

ImageWidth
710

Duration
0.04 s

FlashAttributes
UseNetwork, ActionScript3

FrameCount
1

ImageHeight
120

PCAP parents
File identification
MD5 a9d0f6876b5692a120cc3a3db09a81a4
SHA1 3addbadd59776606a7a814731b0f2682fc2dd6b6
SHA256 b2eaf8c6331ac91bdb58e39d14cc9f14a70be02039f2f12b686018779ddaaeff
ssdeep
192:iU5QQYfaV6CgOvvuadzYVWXGCGUwC4ff+mh9UujYeE80h1B28pQciggJ8tRKx:isP6Chvv9dvXG1PCw+rur6+8xictRKx

File size 12.5 KB ( 12759 bytes )
File type Flash
Magic literal
Macromedia Flash data (compressed), version 34

TrID Macromedia Flash Player Compressed Movie (100.0%)
Tags
flash zlib capabilities

VirusTotal metadata
First submission 2016-12-19 11:35:38 UTC ( 2 years ago )
Last submission 2016-12-27 11:20:18 UTC ( 2 years ago )
File names 2016-12-21-EITest-Rig-E-flash-exploit.swf
swf-steve-mal
flashexploit.swf
flash-exploit.swf
_oq=Wo_EoL-YDaVfpiRbWfQNhmYZfAwwU9vj43UaGz0OchMWL_UCPUQ5H-JKWHYF4nws
sa72_2016-12-21T20.46.29+0100_10.12.21.102-49533_185.162.9.119-80_a9d0f6876b5692a120cc3a3db09a81a4_3.php
2016-12-19-EITest-Rig-E-flash-exploit.swf
HTTP-FO9aoo2YY3NXfn0gjg.raw
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!