× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c37795cf95f8dff49dc820ec0082c3068f4f2100f692b149f9cc959a95f2402b
File name: RigEK Flash Exploit.swf
Detection ratio: 23 / 56
Analysis date: 2017-04-18 08:48:42 UTC ( 1 year, 10 months ago ) View latest
Antivirus Result Update
Ad-Aware Script.SWF.C642 20170418
AegisLab Script.Swf.C642!c 20170418
AhnLab-V3 SWF/RigEK.Gen 20170417
Antiy-AVL Trojan[Exploit]/SWF.CVE-2014-0497.a 20170418
Arcabit Script.SWF.C642 20170418
Avast SWF:GirDrop [Drp] 20170418
BitDefender Script.SWF.C642 20170418
CAT-QuickHeal Exp.SWF.Rig.EK 20170418
Emsisoft Script.SWF.C642 (B) 20170418
ESET-NOD32 a variant of SWF/Exploit.ExKit.BHR 20170418
F-Secure Script.SWF.C642 20170418
Fortinet Malware_Generic.P0 20170418
GData Script.SWF.C642 20170418
McAfee-GW-Edition BehavesLike.Flash.Exploit.ng 20170418
Microsoft Exploit:SWF/Broxwek.C 20170418
eScan Script.SWF.C642 20170418
Qihoo-360 swf.cve-2015-8651.rig.a 20170418
Rising Exploit.CVE-2015-8651!1.A595 (classic) 20170418
Symantec Trojan.Gen.NPE 20170417
Tencent Win32.Exploit.Generic.Pepn 20170418
TrendMicro HEUR_SWFDEC.DL 20170418
TrendMicro-HouseCall Suspicious_GEN.F47V0418 20170418
ZoneAlarm by Check Point HEUR:Exploit.SWF.Generic 20170418
Alibaba 20170418
ALYac 20170418
AVG 20170418
Avira (no cloud) 20170418
AVware 20170417
Baidu 20170418
Bkav 20170415
ClamAV 20170418
CMC 20170418
Comodo 20170418
CrowdStrike Falcon (ML) 20170130
Cyren 20170418
DrWeb 20170418
Endgame 20170413
F-Prot 20170418
Ikarus 20170418
Sophos ML 20170413
Jiangmin 20170418
K7AntiVirus 20170418
K7GW 20170418
Kaspersky 20170418
Kingsoft 20170418
Malwarebytes 20170418
McAfee 20170418
NANO-Antivirus 20170416
nProtect 20170418
Palo Alto Networks (Known Signatures) 20170418
Panda 20170417
SentinelOne (Static ML) 20170330
Sophos AV 20170418
SUPERAntiSpyware 20170418
Symantec Mobile Insight 20170414
TheHacker 20170416
Trustlook 20170418
VBA32 20170417
VIPRE 20170418
ViRobot 20170418
Webroot 20170418
WhiteArmor 20170409
Yandex 20170417
Zillya 20170414
Zoner 20170418
The file being studied is a SWF file! SWF files deliver vector graphics, text, video, and sound over the Internet.
Commonly abused SWF properties
The studied SWF file makes use of ActionScript3, some exploits have been found in the past targeting the ActionScript Virtual Machine. ActionScript has also been used to force unwanted redirections and other badness. Note that many legitimate flash files may also use it to implement rich content and animations.
The studied SWF file performs environment identification.
SWF Properties
SWF version
33
Compression
zlib
Frame size
710.0x120.0 px
Frame count
1
Duration
0.040 seconds
File attributes
HasMetadata, ActionScript3, UseNetwork
Unrecognized SWF tags
1
Total SWF tags
16
ActionScript 3 Packages
flash.display
flash.events
flash.net
flash.system
flash.utils
mx.core
SWF metadata
ExifTool file metadata
MIMEType
application/x-shockwave-flash

ImageSize
710x120

FileType
SWF

Megapixels
0.085

FrameRate
25

FlashVersion
33

FileTypeExtension
swf

Compressed
True

ImageWidth
710

Duration
0.04 s

FlashAttributes
UseNetwork, ActionScript3, HasMetadata

FrameCount
1

ImageHeight
120

File identification
MD5 b0bb5af0f7d1e2e9efc7f3f35d559cad
SHA1 46245490bfce0584fef8643d4fb0b8d18e588fa6
SHA256 c37795cf95f8dff49dc820ec0082c3068f4f2100f692b149f9cc959a95f2402b
ssdeep
384:PUgfsJHIn5HgqSoi0DEU4pTtMLhGzy7mJRN1Mja6BaFl25Hcd/:3w9oi04UoYQy7KRIjqh/

File size 18.7 KB ( 19115 bytes )
File type Flash
Magic literal
Macromedia Flash data (compressed), version 33

TrID Macromedia Flash Player Compressed Movie (100.0%)
Tags
flash zlib capabilities exploit cve-2015-8651 cve-2014-0497

VirusTotal metadata
First submission 2017-04-18 01:23:04 UTC ( 1 year, 10 months ago )
Last submission 2017-04-23 13:04:41 UTC ( 1 year, 9 months ago )
File names 82_.swf
RigEK Flash Exploit.swf
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!