× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c972cd8326119558c105da2b3f43b9edb5f2d370bbaf39218f1809f7621f78d8
File name: 2015-03-18-Sweet-Orange-EK-Flash-Exploit.swf
Detection ratio: 4 / 57
Analysis date: 2015-03-19 17:27:25 UTC ( 2 years, 7 months ago ) View latest
Antivirus Result Update
Avira (no cloud) EXP/FLASH.Swetronge.Gen 20150319
Kaspersky HEUR:Exploit.SWF.Agent.gen 20150319
Qihoo-360 heur.swf.rateII.a 20150319
TrendMicro-HouseCall Suspicious_GEN.F47V0309 20150319
Ad-Aware 20150319
AegisLab 20150319
Yandex 20150319
AhnLab-V3 20150319
Alibaba 20150319
ALYac 20150319
Antiy-AVL 20150319
Avast 20150319
AVG 20150319
AVware 20150319
Baidu-International 20150319
BitDefender 20150319
Bkav 20150319
ByteHero 20150319
CAT-QuickHeal 20150319
ClamAV 20150319
CMC 20150317
Comodo 20150319
Cyren 20150319
DrWeb 20150319
Emsisoft 20150319
ESET-NOD32 20150319
F-Prot 20150319
F-Secure 20150320
Fortinet 20150319
GData 20150319
Ikarus 20150319
Jiangmin 20150318
K7AntiVirus 20150319
K7GW 20150319
Kingsoft 20150319
Malwarebytes 20150319
McAfee 20150319
McAfee-GW-Edition 20150319
Microsoft 20150319
eScan 20150319
NANO-Antivirus 20150319
Norman 20150319
nProtect 20150319
Panda 20150318
Rising 20150319
Sophos AV 20150319
SUPERAntiSpyware 20150319
Symantec 20150319
Tencent 20150319
TheHacker 20150319
TotalDefense 20150319
TrendMicro 20150319
VBA32 20150319
VIPRE 20150319
ViRobot 20150319
Zillya 20150319
Zoner 20150319
The file being studied is a SWF file! SWF files deliver vector graphics, text, video, and sound over the Internet.
Commonly abused SWF properties
The studied SWF file makes use of ActionScript3, some exploits have been found in the past targeting the ActionScript Virtual Machine. ActionScript has also been used to force unwanted redirections and other badness. Note that many legitimate flash files may also use it to implement rich content and animations.
The studied SWF file contains noticeably long strings of hex characters, this commonly reveals encoding of malicious code in hex format, which will then be transformed into binary via the hexToBin function.
The studied SWF file contains noticeably long base64 streams, this commonly reveals encoding of malicious code in base64 format, which will then be transformed into binary. It could also just be encoded images.
The studied SWF file performs environment identification.
SWF Properties
SWF version
22
Compression
lzma
Frame size
500.0x375.0 px
Frame count
1
Duration
0.042 seconds
File attributes
HasMetadata, ActionScript3, UseNetwork
Unrecognized SWF tags
0
Total SWF tags
8
ActionScript 3 Packages
flash.display
flash.events
flash.system
flash.utils
File identification
MD5 8adea16faace53ac7597571243d08f30
SHA1 542a133a070e08abbdedf397b048ee6ace81951c
SHA256 c972cd8326119558c105da2b3f43b9edb5f2d370bbaf39218f1809f7621f78d8
ssdeep
192:R2ZlXNRa/2+MOGekRooZ/Gat2cP+V60hBrEKm1DNaeSS8b7c:RClXW/2+MOGekRCabK60rvm1YeStb

File size 8.1 KB ( 8266 bytes )
File type Flash
Magic literal
data

TrID Unknown!
Tags
lzma long-hex flash capabilities

VirusTotal metadata
First submission 2015-03-09 01:15:23 UTC ( 2 years, 7 months ago )
Last submission 2016-06-28 19:17:13 UTC ( 1 year, 3 months ago )
File names SweetOrange_2015-03-11_L.Swf
2015-03-18-Sweet-Orange-EK-flash-exploit.swf
Ngwhuoys
IbhRMH[1].swf.bak
vt-upload.exe
26_.swf
2015-03-18-Sweet-Orange-EK-Flash-Exploit.swf
39_.swf
oGzKWHo1t0YS3
lKZzpzmDX840ZRi.swf
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!