× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f4bdd68fa0b2e4e8f01961db7b53507bb3d7bfb7047d4f668dacd88e0d526ec0
File name: swfobjct.swf
Detection ratio: 0 / 56
Analysis date: 2014-12-15 11:14:30 UTC ( 4 years, 4 months ago ) View latest
Antivirus Result Update
Ad-Aware 20141215
AegisLab 20141215
Yandex 20141214
AhnLab-V3 20141215
ALYac 20141215
Antiy-AVL 20141215
Avast 20141215
AVG 20141215
Avira (no cloud) 20141215
AVware 20141215
Baidu-International 20141215
BitDefender 20141215
Bkav 20141215
ByteHero 20141215
CAT-QuickHeal 20141215
ClamAV 20141215
CMC 20141215
Comodo 20141215
Cyren 20141215
DrWeb 20141215
Emsisoft 20141215
ESET-NOD32 20141215
F-Prot 20141215
F-Secure 20141227
Fortinet 20141213
GData 20141215
Ikarus 20141215
Jiangmin 20141214
K7AntiVirus 20141215
K7GW 20141215
Kaspersky 20141215
Kingsoft 20141215
Malwarebytes 20141215
McAfee 20141215
McAfee-GW-Edition 20141227
Microsoft 20141215
eScan 20141215
NANO-Antivirus 20141215
Norman 20141226
nProtect 20141212
Panda 20141215
Qihoo-360 20141227
Rising 20141214
Sophos AV 20141215
SUPERAntiSpyware 20141214
Symantec 20141215
Tencent 20141215
TheHacker 20141212
TotalDefense 20141215
TrendMicro 20141215
TrendMicro-HouseCall 20141215
VBA32 20141215
VIPRE 20141215
ViRobot 20141215
Zillya 20141215
Zoner 20141210
The file being studied is a SWF file! SWF files deliver vector graphics, text, video, and sound over the Internet.
Commonly abused SWF properties
The studied SWF file makes use of ActionScript3, some exploits have been found in the past targeting the ActionScript Virtual Machine. ActionScript has also been used to force unwanted redirections and other badness. Note that many legitimate flash files may also use it to implement rich content and animations.
Opens or replaces a window in the application that contains the Flash Player container with the contents of a given URL using the navigateToURL ActionScript function.
Contains ActionScript code to request and retrieve content from Internet URLs.
The studied SWF file makes use of the loadBytes ActionScript3 functionality, commonly used to load other files and arbitrary code at runtime.
The flash file uses methods of the ExternalInterface class to communicate with the external host of the Flash plugin, such as the web browser.
The flash file seems to embed javascript code. In combination with the ExternalInterface class usage, this code might be trying to modify the DOM of the parent URL embedding the file.
SWF Properties
SWF version
13
Compression
zlib
Frame size
16.0x16.0 px
Frame count
1
Duration
0.050 seconds
File attributes
HasMetadata, ActionScript3, UseNetwork
Unrecognized SWF tags
2
Total SWF tags
38
ActionScript 3 Packages
flash.accessibility
flash.display
flash.events
flash.external
flash.geom
flash.net
flash.system
flash.utils
mx.core
mx.utils
SWF metadata
ExifTool file metadata
MIMEType
application/x-shockwave-flash

Publisher
unknown

FileAttributes
UseNetwork, ActionScript3, HasMetadata

Description
http://www.adobe.com/products/flex

Language
EN

Format
application/x-shockwave-flash

FileType
SWF

Title
Adobe Flex 4 Application

FrameRate
20

FlashVersion
13

Duration
0.05 s

FileAccessDate
2014:12:17 10:59:39+01:00

Creator
unknown

Compressed
True

ImageWidth
16

Date
Dec 15, 2014

ImageHeight
16

Warning
[minor] Fixed incorrect URI for xmlns:dc

FileCreateDate
2014:12:17 10:59:39+01:00

FrameCount
1

ImageSize
16x16

File identification
MD5 357b08cbb04585f5d19e72c96475de81
SHA1 ebe133382b0aa169f82879e45f4ea9505e73af6d
SHA256 f4bdd68fa0b2e4e8f01961db7b53507bb3d7bfb7047d4f668dacd88e0d526ec0
ssdeep
192:/X4UKPw0/1AVMj5qHSdhpo/Pv5lSz3ZlbT1kTClRs1+Fggq9vPysbEyUxa:/CY0/1AV4+Ahp0BE3rEClR0gEnxQyUxa

File size 11.7 KB ( 11985 bytes )
File type Flash
Magic literal
Macromedia Flash data (compressed), version 13

TrID Macromedia Flash Player Compressed Movie (100.0%)
Tags
flash loadbytes ext-interface

VirusTotal metadata
First submission 2014-12-15 11:14:30 UTC ( 4 years, 4 months ago )
Last submission 2014-12-17 09:59:30 UTC ( 4 years, 4 months ago )
File names swfobjct.swf
vti-rescan
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!