× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d4e9252767437a0cfed03cd0ecafaaaf56d9aee69ed116872b844df2b30931e5
File name: 2014-08-18-Sweet-Orange-EK-flash-exploit.swf
Detection ratio: 30 / 55
Analysis date: 2016-11-13 10:24:27 UTC ( 2 years, 6 months ago )
Antivirus Result Update
Ad-Aware Exploit.SWF.Agent.AI 20161113
AhnLab-V3 SWF/Exploit 20161112
ALYac Exploit.SWF.Agent.AI 20161113
Antiy-AVL Trojan[Exploit]/SWF.CVE-2014-0515.gen 20161113
Arcabit Exploit.SWF.Agent.AI 20161113
Avast SWF:Malware-gen [Trj] 20161113
AVG Exploit.SWF_c.KG 20161113
Avira (no cloud) EXP/SWF.ExKit.eoma 20161113
AVware Trojan.SWF.Generic.a (v) 20161113
BitDefender Exploit.SWF.Agent.AI 20161113
CAT-QuickHeal Exp.SWF.CVE-2014-0515 20161112
ClamAV Swf.Exploit.Sweet-10 20161113
Comodo UnclassifiedMalware 20161113
Cyren CVE140515 20161113
Emsisoft Exploit.SWF.Agent.AI (B) 20161113
ESET-NOD32 SWF/Exploit.ExKit.E 20161113
F-Prot SWF/Exploit 20161113
F-Secure Exploit.SWF.Agent.AI 20161113
GData Exploit.SWF.Agent.AI 20161113
Ikarus Exploit.SWF 20161113
Kaspersky HEUR:Exploit.SWF.CVE-2014-0515.gen 20161113
Microsoft Exploit:SWF/CVE-2014-0515 20161113
eScan Exploit.SWF.Agent.AI 20161113
NANO-Antivirus Exploit.Swf.CVE20140515.dsfxha 20161113
Qihoo-360 susp.swf.qexvmI.100 20161113
Sophos AV Troj/SWFExp-DM 20161113
Symantec Trojan.Swifi 20161113
Tencent Win32.Exploit.Swf.Wptg 20161113
TrendMicro TROJ_FRS.0NA000B515 20161113
VIPRE Trojan.SWF.Generic.a (v) 20161113
AegisLab 20161113
Alibaba 20161110
Baidu 20161111
Bkav 20161112
CMC 20161113
CrowdStrike Falcon (ML) 20161024
DrWeb 20161113
Fortinet 20161113
Sophos ML 20161018
Jiangmin 20161113
K7AntiVirus 20161113
K7GW 20161113
Kingsoft 20161113
Malwarebytes 20161113
McAfee 20161113
McAfee-GW-Edition 20161113
nProtect 20161113
Panda 20161113
Rising 20161113
SUPERAntiSpyware 20161112
TheHacker 20161111
TotalDefense 20161113
TrendMicro-HouseCall 20161113
VBA32 20161111
ViRobot 20161113
Yandex 20161112
Zillya 20161111
Zoner 20161113
The file being studied is a SWF file! SWF files deliver vector graphics, text, video, and sound over the Internet.
Commonly abused SWF properties
The studied SWF file makes use of ActionScript3, some exploits have been found in the past targeting the ActionScript Virtual Machine. ActionScript has also been used to force unwanted redirections and other badness. Note that many legitimate flash files may also use it to implement rich content and animations.
The studied SWF file contains noticeably long strings of hex characters, this commonly reveals encoding of malicious code in hex format, which will then be transformed into binary via the hexToBin function.
The studied SWF file performs environment identification.
SWF Properties
SWF version
22
Compression
lzma
Frame size
500.0x375.0 px
Frame count
1
Duration
0.042 seconds
File attributes
HasMetadata, ActionScript3, UseNetwork
Unrecognized SWF tags
0
Total SWF tags
9
ActionScript 3 Packages
flash.display
flash.events
flash.net
flash.system
flash.utils
mx.core
SWF metadata
Suspicious strings
ExifTool file metadata
FileAccessDate
2015:01:05 02:29:39+01:00

FileCreateDate
2015:01:05 02:29:39+01:00

Compressed bundles
PCAP parents
File identification
MD5 64c0bc0e756d57a8e73469024a214aae
SHA1 ecca42f392f20a994cd707692270de65ca3b768d
SHA256 d4e9252767437a0cfed03cd0ecafaaaf56d9aee69ed116872b844df2b30931e5
ssdeep
96:ljQ/W84FVR7fYs/+E8bW3yjbKDW4lUkfSGWYQspkhOCBrSr4p1AEf/2b9NQ1opi4:lE/WHXhBobsYT4lU5hYQKVCBOy1l2bsy

File size 4.9 KB ( 4993 bytes )
File type Flash
Magic literal
data

TrID Unknown!
Tags
lzma cve-2014-0515 flash exploit capabilities long-hex

VirusTotal metadata
First submission 2014-08-18 20:59:15 UTC ( 4 years, 9 months ago )
Last submission 2016-04-03 06:35:39 UTC ( 3 years, 1 month ago )
File names 152beefb24d52a9d3b35218277c5b68b.swf
swf_64C0BC0E756D57A8E73469024A214AAE
test.swf
2014-08-18-Sweet-Orange-EK-flash-exploit.swf
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!