× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d7919a2c2a03e96200858fe2c8a405af1ae40f0590937f9a1a8b076f1d341c27
File name: dafsg.swf
Detection ratio: 34 / 56
Analysis date: 2017-03-23 23:48:53 UTC ( 1 year, 12 months ago ) View latest
Antivirus Result Update
Ad-Aware Script.SWF.C316 20170323
AegisLab Exploit.Swf.C!c 20170323
AhnLab-V3 SWF/Exploit 20170323
ALYac Script.SWF.C316 20170323
Antiy-AVL Trojan[Exploit]/SWF.SWF.Generic 20170323
Arcabit Script.SWF.C316 20170323
Avast SWF:Malware-gen [Trj] 20170323
AVG Exploit.SWF_c.BNW 20170323
Avira (no cloud) SWF/ExKit.34436 20170323
AVware Trojan.SWF.Generic.b (v) 20170323
BitDefender Script.SWF.C316 20170323
CAT-QuickHeal Exp.SWF.KY 20170322
Comodo UnclassifiedMalware 20170323
Cyren SWF/Exploit 20170323
DrWeb Exploit.SWF.859 20170324
Emsisoft Script.SWF.C316 (B) 20170323
ESET-NOD32 a variant of SWF/Exploit.ExKit.AAL 20170323
F-Prot SWF/Exploit 20170324
F-Secure Script.SWF.C316 20170323
Fortinet Malware_Generic.P0 20170323
GData Script.SWF.C316 20170323
Ikarus Trojan.SWF.Exploit 20170323
McAfee Exploit-SWF 20170323
McAfee-GW-Edition BehavesLike.Flash.Exploit.kg 20170323
eScan Script.SWF.C316 20170323
NANO-Antivirus Exploit.Swf.Agent.ejuesz 20170323
Qihoo-360 heur.swf.exp.a 20170324
Sophos AV Troj/SWFExp-LV 20170323
Symantec Trojan.Swifi 20170322
TrendMicro SWF_EXPLOYT.BYX 20170323
TrendMicro-HouseCall SWF_EXPLOYT.BYX 20170323
VIPRE Trojan.SWF.Generic.b (v) 20170323
ViRobot SWF.S.Exploit.38603[h] 20170323
ZoneAlarm by Check Point HEUR:Exploit.SWF.Agent.gen 20170323
Alibaba 20170323
Baidu 20170323
Bkav 20170323
ClamAV 20170323
CMC 20170317
CrowdStrike Falcon (ML) 20170130
Endgame 20170317
Sophos ML 20170203
Jiangmin 20170323
K7AntiVirus 20170323
K7GW 20170323
Kaspersky 20170323
Kingsoft 20170324
Malwarebytes 20170323
Microsoft 20170323
nProtect 20170323
Palo Alto Networks (Known Signatures) 20170324
Panda 20170323
Rising None
SentinelOne (Static ML) 20170315
SUPERAntiSpyware 20170323
Symantec Mobile Insight 20170324
Tencent 20170324
TheHacker 20170321
Trustlook 20170324
VBA32 20170323
Webroot 20170324
WhiteArmor 20170315
Yandex 20170323
Zillya 20170323
Zoner 20170323
The file being studied is a SWF file! SWF files deliver vector graphics, text, video, and sound over the Internet.
Commonly abused SWF properties
The studied SWF file makes use of ActionScript3, some exploits have been found in the past targeting the ActionScript Virtual Machine. ActionScript has also been used to force unwanted redirections and other badness. Note that many legitimate flash files may also use it to implement rich content and animations.
The studied SWF file contains noticeably long base64 streams, this commonly reveals encoding of malicious code in base64 format, which will then be transformed into binary. It could also just be encoded images.
The studied SWF file performs environment identification.
SWF Properties
SWF version
28
Compression
zlib
Frame size
500.0x375.0 px
Frame count
1
Duration
0.042 seconds
File attributes
HasMetadata, ActionScript3, UseNetwork
Unrecognized SWF tags
1
Total SWF tags
13
ActionScript 3 Packages
flash.display
flash.events
flash.net
flash.system
flash.utils
mx.core
SWF metadata
Suspicious strings
ExifTool file metadata
MIMEType
application/x-shockwave-flash

ImageSize
500x375

FileType
SWF

Megapixels
0.188

FrameRate
24

FlashVersion
28

FileTypeExtension
swf

Compressed
True

ImageWidth
500

Duration
0.04 s

FlashAttributes
UseNetwork, ActionScript3, HasMetadata

FrameCount
1

ImageHeight
375

Compressed bundles
PCAP parents
File identification
MD5 e785f04ea98cbf3e42c46417e7dd7925
SHA1 f25550a075a7d6f0bc545e8e0ac5a01db383c670
SHA256 d7919a2c2a03e96200858fe2c8a405af1ae40f0590937f9a1a8b076f1d341c27
ssdeep
768:dnwBHHHIS8srNqbrW6QP1m9BKLxvMGRm/8j/ivI:xwBHHHX8srEW6u2BKLxv3RiKqvI

File size 37.7 KB ( 38603 bytes )
File type Flash
Magic literal
Macromedia Flash data (compressed), version 28

TrID Macromedia Flash Player Compressed Movie (100.0%)
Tags
zlib cve-2015-3105 flash capabilities exploit via-tor

VirusTotal metadata
First submission 2016-05-31 09:02:00 UTC ( 2 years, 9 months ago )
Last submission 2018-12-08 23:06:09 UTC ( 3 months, 1 week ago )
File names 1.swf
2016-06-20-Sundown-EK-flash-exploit.swf
LUl80c1WigVp.swf
IhCl2522lMjz.swf
Torment10.swf
7ae46adcfc88b423a44f1aa84470fda1.swf
torment10.swf
dafsg.swf
b28rAr1c2kDi.swf
H55ZDJwIrAEO.swf
BPN7LFeyUSrc.swf
carolinamovie.swf
He5VyilL5ivE.swf
WBweHKh6PvIW.swf
2016-06-15-Sundown-EK-flash-exploit.swf
wcjmSwioDZNN.swf
SYLQbZbS8JY6.swf
ftZiTZKJovGc.swf
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!