× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f33cf0ec177338f7d583b47ac4e127e44d1fa7322111db523bb4ecd6c393374f
File name: 2016-11-15-2nd-run-Rig-standard-flash-exploit.swf
Detection ratio: 27 / 59
Analysis date: 2017-09-21 09:23:09 UTC ( 1 year, 8 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.4621442 20170921
AegisLab Troj.Swifi.Gen!c 20170921
AhnLab-V3 SWF/Exploit 20170921
ALYac Exploit.SWF.Downloader 20170921
Arcabit Trojan.Generic.D468482 20170921
Avast SWF:Malware-gen [Trj] 20170921
AVG SWF:Malware-gen [Trj] 20170921
Avira (no cloud) EXP/FLASH.Pubenush.Y.Gen 20170921
BitDefender Trojan.GenericKD.4621442 20170921
CAT-QuickHeal Exp.SWF.RX 20170921
DrWeb Exploit.SWF.991 20170921
Emsisoft Trojan.GenericKD.4621442 (B) 20170921
F-Secure Trojan.GenericKD.4621442 20170921
GData Trojan.GenericKD.4621442 20170921
Ikarus Exploit.CVE-2016-4117 20170920
MAX malware (ai score=84) 20170921
McAfee Exploit-SWF.bp 20170921
McAfee-GW-Edition BehavesLike.Flash.Exploit.pb 20170921
Microsoft Exploit:SWF/Broxwek.A 20170921
eScan Trojan.GenericKD.4621442 20170921
NANO-Antivirus Exploit.Swf.Flash.ejuhth 20170921
Symantec Trojan.Swifi 20170921
Tencent Win32.Exploit.Generic.Wmsq 20170921
TrendMicro SWF_EXPLOIT.YYRN 20170921
TrendMicro-HouseCall SWF_EXPLOIT.YYRN 20170921
ViRobot SWF.S.Exploit.48722 20170921
ZoneAlarm by Check Point HEUR:Exploit.SWF.Generic 20170921
Alibaba 20170911
Antiy-AVL 20170921
Avast-Mobile 20170921
AVware 20170921
Baidu 20170921
ClamAV 20170921
CMC 20170920
Comodo 20170921
CrowdStrike Falcon (ML) 20170804
Cylance 20170921
Cyren 20170921
Endgame 20170821
ESET-NOD32 20170921
F-Prot 20170921
Fortinet 20170921
Sophos ML 20170914
Jiangmin 20170921
K7AntiVirus 20170921
K7GW 20170921
Kaspersky 20170921
Kingsoft 20170921
Malwarebytes 20170921
nProtect 20170921
Palo Alto Networks (Known Signatures) 20170921
Panda 20170920
Qihoo-360 20170921
Rising 20170921
SentinelOne (Static ML) 20170806
Sophos AV 20170921
SUPERAntiSpyware 20170921
Symantec Mobile Insight 20170921
TheHacker 20170916
TotalDefense 20170921
Trustlook 20170921
VBA32 20170920
VIPRE 20170921
Webroot 20170921
WhiteArmor 20170829
Yandex 20170908
Zillya 20170920
Zoner 20170921
The file being studied is a SWF file! SWF files deliver vector graphics, text, video, and sound over the Internet.
Commonly abused SWF properties
The studied SWF file makes use of ActionScript3, some exploits have been found in the past targeting the ActionScript Virtual Machine. ActionScript has also been used to force unwanted redirections and other badness. Note that many legitimate flash files may also use it to implement rich content and animations.
The studied SWF file makes use of the loadBytes ActionScript3 functionality, commonly used to load other files and arbitrary code at runtime.
SWF Properties
SWF version
10
Compression
zlib
Frame size
709.0x124.0 px
Frame count
1
Duration
0.040 seconds
File attributes
HasMetadata, ActionScript3, UseNetwork
Unrecognized SWF tags
2
Total SWF tags
13
ActionScript 3 Packages
flash.display
flash.events
flash.system
flash.utils
SWF metadata
ExifTool file metadata
MIMEType
application/x-shockwave-flash

Publisher
unknown

Megapixels
0.088

Description
http://www.adobe.com/products/flex

Language
EN

Format
application/x-shockwave-flash

FlashAttributes
UseNetwork, ActionScript3, HasMetadata

Title
Adobe Flex 3 Application

FrameRate
25

FlashVersion
10

Duration
0.04 s

Creator
unknown

FileTypeExtension
swf

Compressed
True

ImageWidth
709

Date
Aug 7, 2010

ImageHeight
124

Warning
[minor] Fixed incorrect URI for xmlns:dc

FileType
SWF

FrameCount
1

ImageSize
709x124

File identification
MD5 644454752f0b94b1208ef7bcd0a1e90f
SHA1 50870658bbcb52fd5eebd0e4519bbcd7180b315c
SHA256 f33cf0ec177338f7d583b47ac4e127e44d1fa7322111db523bb4ecd6c393374f
ssdeep
768:c9VVrVZKguNqSJqrFnsobo3kU8mHD6Cj0DuDna/SRMz5Pb4F4zlrQLdRhL6+sSMh:czVHKguN+Hbqnh6CVDJRMztOTd30SMjd

File size 47.6 KB ( 48722 bytes )
File type Flash
Magic literal
Macromedia Flash data (compressed), version 10

TrID Macromedia Flash Player Compressed Movie (100.0%)
Tags
flash exploit cve-2016-4117 loadbytes zlib

VirusTotal metadata
First submission 2016-11-14 14:02:17 UTC ( 2 years, 6 months ago )
Last submission 2017-09-21 09:23:09 UTC ( 1 year, 8 months ago )
File names HTTP-FLsE812fZhoJtNYv73.raw
flash.swf
A2VDRLFK.swf
2016-11-15-2nd-run-Rig-standard-flash-exploit.swf
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!