× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d2db2ef63cf893485b3870a3664a0cfe33d0e69b87ab3d6b7fc9cdb931668a27
File name: GwDFO7.swf
Detection ratio: 10 / 46
Analysis date: 2013-04-14 22:02:28 UTC ( 4 years, 3 months ago ) View latest
Antivirus Result Update
AntiVir EXP/FLASH.Ikwlino.Gen 20130414
Avast Win32:Malware-gen 20130414
AVG SWF/Exploit.AG 20130414
F-Secure Exploit:SWF/Salama.B 20130414
GData Win32:Malware-gen 20130414
Microsoft TrojanDownloader:Win32/Small.gen!Z 20130414
PCTools HeurEngine.Flash 20130414
Sophos AV Exp/20130633-A 20130414
Symantec Bloodhound.Flash.19 20130414
VIPRE Exploit.SWF.CVE-2013-0634 (v) 20130414
Yandex 20130414
AhnLab-V3 20130414
Antiy-AVL 20130414
BitDefender 20130414
ByteHero 20130322
CAT-QuickHeal 20130414
ClamAV 20130414
Commtouch 20130414
Comodo 20130414
DrWeb 20130414
Emsisoft 20130414
eSafe 20130407
ESET-NOD32 20130414
F-Prot 20130414
Fortinet 20130414
Ikarus 20130414
Jiangmin 20130414
K7AntiVirus 20130412
Kaspersky 20130414
Kingsoft 20130408
Malwarebytes 20130414
McAfee 20130414
McAfee-GW-Edition 20130414
eScan 20130414
NANO-Antivirus 20130414
Norman 20130414
nProtect 20130414
Panda 20130414
Rising 20130412
SUPERAntiSpyware 20130413
TheHacker 20130414
TotalDefense 20130414
TrendMicro 20130414
TrendMicro-HouseCall 20130414
VBA32 20130412
ViRobot 20130414
The file being studied is a SWF file! SWF files deliver vector graphics, text, video, and sound over the Internet.
Commonly abused SWF properties
The studied SWF file makes use of ActionScript3, some exploits have been found in the past targeting the ActionScript Virtual Machine. ActionScript has also been used to force unwanted redirections and other badness. Note that many legitimate flash files may also use it to implement rich content and animations.
The studied SWF file fingerprints the OS executing it.
The studied SWF file performs environment identification.
The flash file embeds one or more Portable Executables.
SWF Properties
SWF version
11
Compression
zlib
Frame size
500.0x375.0 px
Frame count
1
Duration
0.042 seconds
File attributes
HasMetadata, ActionScript3
Unrecognized SWF tags
0
Total SWF tags
11
ActionScript 3 Packages
flash.display
flash.events
flash.media
flash.net
flash.system
flash.text
flash.utils
mx.core
SWF metadata
ExifTool file metadata
ImageSize
500x375

InstanceID
xmp.iid:8BA1F115ED82E211BED4E9AD049D3D59

OriginalDocumentID
xmp.did:603A3FCD8772E211A159DFC8AE3D881C

MetadataDate
2013:03:02 11:55:56+08:00

ModifyDate
2013:03:02 11:55:56+08:00

Format
application/x-shockwave-flash

DerivedFromDocumentID
xmp.did:603A3FCD8772E211A159DFC8AE3D881C

FrameRate
24

FlashVersion
11

DerivedFromOriginalDocumentID
xmp.did:603A3FCD8772E211A159DFC8AE3D881C

Compressed
True

ImageWidth
500

DerivedFromInstanceID
xmp.iid:8AA1F115ED82E211BED4E9AD049D3D59

FrameCount
1

MIMEType
application/x-shockwave-flash

FileType
SWF

Megapixels
0.188

ImageHeight
375

DocumentID
xmp.did:8BA1F115ED82E211BED4E9AD049D3D59

FileTypeExtension
swf

Duration
0.04 s

FlashAttributes
ActionScript3, HasMetadata

File identification
MD5 2e0d37b742d08986f61c041b3b8c137e
SHA1 d281ed7f8cf9ffc1b9b6b8f04ef6c8d434de6a78
SHA256 d2db2ef63cf893485b3870a3664a0cfe33d0e69b87ab3d6b7fc9cdb931668a27
ssdeep
768:0r35rbk/GS/YNzCAK6Owa5WK53Y7fld+t86sypBDndKJU3h6cbv08z8:0r3Rbk/jk5OIxd+tFvtKxcgc8

File size 39.6 KB ( 40585 bytes )
File type Flash
Magic literal
Macromedia Flash data (compressed), version 11

TrID Macromedia Flash Player Compressed Movie (100.0%)
Tags
os-checking zlib cve-2013-0634 flash capabilities exploit exe-embedded cve-2015-0323

VirusTotal metadata
First submission 2013-04-14 22:02:28 UTC ( 4 years, 3 months ago )
Last submission 2013-04-17 04:24:01 UTC ( 4 years, 3 months ago )
File names d2db2ef63cf893485b3870a3664a0cfe33d0e69b87ab3d6b7fc9cdb931668a27
GwDFO7.swf
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!