× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b6d333814ce4792ca01be3be5ef6d83864c584a003da4e1ed14d310f45794e5f
File name: 2015-04-03-paying-days-net-flash-exploit.swf
Detection ratio: 6 / 56
Analysis date: 2015-05-31 22:56:33 UTC ( 2 years, 5 months ago ) View latest
Antivirus Result Update
ESET-NOD32 SWF/Exploit.CVE-2015-0311.I 20150531
Ikarus Trojan.SWF.Exploit 20150531
McAfee-GW-Edition BehavesLike.Flash.Exploit.mb 20150531
Microsoft Exploit:SWF/CVE-2015-0336 20150531
Qihoo-360 heur.swf.rateII.3 20150531
TrendMicro-HouseCall Suspicious_GEN.F47V0407 20150531
Ad-Aware 20150531
AegisLab 20150531
Yandex 20150531
AhnLab-V3 20150531
Alibaba 20150531
ALYac 20150531
Antiy-AVL 20150531
Avast 20150531
AVG 20150531
Avira (no cloud) 20150531
AVware 20150531
Baidu-International 20150531
BitDefender 20150531
Bkav 20150529
ByteHero 20150531
CAT-QuickHeal 20150530
ClamAV 20150531
CMC 20150530
Comodo 20150531
Cyren 20150531
DrWeb 20150531
Emsisoft 20150531
F-Prot 20150531
F-Secure 20150531
Fortinet 20150531
GData 20150531
Jiangmin 20150529
K7AntiVirus 20150531
K7GW 20150531
Kaspersky 20150531
Kingsoft 20150531
Malwarebytes 20150531
McAfee 20150531
eScan 20150531
NANO-Antivirus 20150531
nProtect 20150529
Panda 20150531
Rising 20150531
Sophos AV 20150531
SUPERAntiSpyware 20150530
Symantec 20150531
Tencent 20150531
TheHacker 20150529
TotalDefense 20150531
TrendMicro 20150531
VBA32 20150529
VIPRE 20150531
ViRobot 20150531
Zillya 20150531
Zoner 20150526
The file being studied is a SWF file! SWF files deliver vector graphics, text, video, and sound over the Internet.
Commonly abused SWF properties
The studied SWF file makes use of ActionScript3, some exploits have been found in the past targeting the ActionScript Virtual Machine. ActionScript has also been used to force unwanted redirections and other badness. Note that many legitimate flash files may also use it to implement rich content and animations.
The studied SWF file makes use of the loadBytes ActionScript3 functionality, commonly used to load other files and arbitrary code at runtime.
The studied SWF file has been processed with a common flash file obfuscator, similar to portable executable packing, in order to make its reverse engineering more complex.
SWF Properties
SWF version
23
Frame size
500.0x375.0 px
Frame count
1
Duration
0.042 seconds
File attributes
HasMetadata, ActionScript3, UseNetwork
Unrecognized SWF tags
1
Total SWF tags
14
ActionScript 3 Packages
flash.display
flash.events
flash.utils
SWF metadata
ExifTool file metadata
MIMEType
application/x-shockwave-flash

ImageSize
500x375

Format
application/x-shockwave-flash

CompilerBuild
354110

FileType
SWF

Megapixels
0.188

FrameRate
24

CompilerName
ActionScript Compiler

CompilerVersion
2.0.0

Warning
[minor] Fixed incorrect URI for xmlns:dc

FileTypeExtension
swf

Compressed
False

ImageWidth
500

Duration
0.04 s

FlashVersion
23

FlashAttributes
UseNetwork, ActionScript3, HasMetadata

FrameCount
1

ImageHeight
375

PCAP parents
File identification
MD5 89759fa94924c5eb74603b75c6555384
SHA1 37dfd39afc1f9b4501652aac76c734c6dfe50bd6
SHA256 b6d333814ce4792ca01be3be5ef6d83864c584a003da4e1ed14d310f45794e5f
ssdeep
384:etuRrBPJLmzfDO3mkRhlRMNHs3vhdUfshILMyctrd4+b:eYRrdtmLDOVhlqNwhBE6trdLb

File size 21.8 KB ( 22300 bytes )
File type Flash
Magic literal
Macromedia Flash data, version 23

TrID Macromedia Flash Player Movie (100.0%)
Tags
obfuscated flash exploit cve-2015-0311 loadbytes cve-2015-0336

VirusTotal metadata
First submission 2015-04-07 08:08:12 UTC ( 2 years, 7 months ago )
Last submission 2016-02-08 21:35:06 UTC ( 1 year, 9 months ago )
File names 9f76fb7485a9fd6fe66108259775de82
b6d333814ce4792ca01be3be5ef6d83864c584a003da4e1ed14d310f45794e5f.swf
2015-04-03-paying-days-net-flash-exploit.swf
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!