Wednesday, July 28, 2010

CVE-2010-1297 Flash exploit variants

We haven't seen too many variations of the Flash exploit CVE-2010-1297, so we decided to take a look to see if there were a lot of samples using the proof on concept ones. Our tests showed some variation - 6 different embedded Flash files used in attacks:

Malware with pad.swf - Flash variant a (26810 bytes, 49ddb9b210e773b987b9a25678f65577):
306d7e608a52121aa4508e9901e4072e (AES 128b PDF Encryption)

Malware with kp.swf - Flash variant b (1297 bytes, ea24ea1063f49c594f160a57c268d034):

Malware with flate encoded Flash variant c (27181 bytes, 0ab61f2fe334e22b4defb18587ae019f; inflated Flash variant d 53345 bytes, ac69d954d9e334d089927a1bc875d13d):

Flash variant e (53902 bytes, 8286cc6dc7e2193740f6413b6fc55c7e):

Flash variant f (26774 bytes, bd7eac5ae665ab27346e52278f367635):

Flash variant g (26774 bytes, 4666a447105b483533b2bbd0ab316480):

No comments:

Post a Comment