× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fe5bfee142d70d9d2e80f9e09659a244a7aaa262df9088b3643626b0fdba11e0
File name: neutrino_inner_flash.swf
Detection ratio: 3 / 54
Analysis date: 2015-12-24 10:22:20 UTC ( 1 year, 10 months ago )
Antivirus Result Update
Antiy-AVL Trojan[Exploit]/SWF.SWF.Generic 20151224
DrWeb Exploit.SWF.502 20151224
Kaspersky HEUR:Exploit.SWF.Agent.gen 20151224
Ad-Aware 20151224
AegisLab 20151224
Yandex 20151224
AhnLab-V3 20151223
Alibaba 20151208
ALYac 20151224
Arcabit 20151224
Avast 20151223
AVG 20151224
Avira (no cloud) 20151224
AVware 20151224
Baidu-International 20151224
BitDefender 20151224
Bkav 20151223
ByteHero 20151224
CAT-QuickHeal 20151224
ClamAV 20151224
CMC 20151217
Comodo 20151224
Cyren 20151224
Emsisoft 20151224
ESET-NOD32 20151224
F-Prot 20151224
F-Secure 20151224
Fortinet 20151224
GData 20151224
Ikarus 20151224
Jiangmin 20151224
K7AntiVirus 20151224
K7GW 20151224
Malwarebytes 20151224
McAfee 20151224
McAfee-GW-Edition 20151224
Microsoft 20151224
eScan 20151224
NANO-Antivirus 20151224
nProtect 20151224
Panda 20151224
Rising 20151224
Sophos AV 20151224
SUPERAntiSpyware 20151224
Symantec 20151223
Tencent 20151224
TheHacker 20151223
TrendMicro 20151224
TrendMicro-HouseCall 20151224
VBA32 20151223
VIPRE 20151219
ViRobot 20151224
Zillya 20151223
Zoner 20151224
The file being studied is a SWF file! SWF files deliver vector graphics, text, video, and sound over the Internet.
Commonly abused SWF properties
The studied SWF file makes use of ActionScript3, some exploits have been found in the past targeting the ActionScript Virtual Machine. ActionScript has also been used to force unwanted redirections and other badness. Note that many legitimate flash files may also use it to implement rich content and animations.
Contains ActionScript code to request and retrieve content from Internet URLs.
The studied SWF file makes use of the loadBytes ActionScript3 functionality, commonly used to load other files and arbitrary code at runtime.
The studied SWF file performs environment identification.
The flash file uses methods of the ExternalInterface class to communicate with the external host of the Flash plugin, such as the web browser.
SWF Properties
SWF version
18
Compression
zlib
Frame size
500.0x375.0 px
Frame count
1
Duration
0.042 seconds
File attributes
HasMetadata, ActionScript3, UseNetwork
Unrecognized SWF tags
1
Total SWF tags
18
ActionScript 3 Packages
flash.display
flash.events
flash.external
flash.net
flash.system
flash.text
flash.utils
mx.core
Suspicious strings
ExifTool file metadata
MIMEType
application/x-shockwave-flash

ImageSize
500x375

FileType
SWF

Megapixels
0.188

FrameRate
24

FlashVersion
18

Warning
Invalid XMP

FileTypeExtension
swf

Compressed
True

ImageWidth
500

Duration
0.04 s

FlashAttributes
UseNetwork, ActionScript3, HasMetadata

FrameCount
1

ImageHeight
375

File identification
MD5 d4b9af141d7f2e1b97e55f17133f4919
SHA1 e6607695a56f13c001c29ae0a4d9ac2b5741626c
SHA256 fe5bfee142d70d9d2e80f9e09659a244a7aaa262df9088b3643626b0fdba11e0
ssdeep
1536:6yeRQZ/jbFmGLfxoJ0uOHq5D4koOlH5cFa8VV4VIGcqOQifRr5UL:/l5Lw0uHHj8VV46GfOQiu

File size 55.1 KB ( 56378 bytes )
File type Flash
Magic literal
Macromedia Flash data (compressed), version 18

TrID Macromedia Flash Player Compressed Movie (100.0%)
Tags
flash zlib loadbytes capabilities ext-interface

VirusTotal metadata
First submission 2015-12-24 10:22:20 UTC ( 1 year, 10 months ago )
Last submission 2015-12-24 10:22:20 UTC ( 1 year, 10 months ago )
File names neutrino_inner_flash.swf
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!