CVE-2010-1297 Flash exploit variants

We haven't seen too many variations of the Flash exploit CVE-2010-1297, so we decided to take a look to see if there were a lot of samples using the proof on concept ones. Our tests showed some variation - 6 different embedded Flash files used in attacks:

Malware with pad.swf - Flash variant a (26810 bytes, 49ddb9b210e773b987b9a25678f65577):

5e810b49f879007610f4156afb1a29c8

721601bdbec57cb103a9717eeef0bfca

306d7e608a52121aa4508e9901e4072e (AES 128b PDF Encryption)

Malware with kp.swf - Flash variant b (1297 bytes, ea24ea1063f49c594f160a57c268d034):

aba6f3c89f3cdcd6dc294e2b1c503d28

Malware with flate encoded Flash variant c (27181 bytes, 0ab61f2fe334e22b4defb18587ae019f; inflated Flash variant d 53345 bytes, ac69d954d9e334d089927a1bc875d13d):

fb2523d17b3fa3b19a914bf23a61827c

e3f5ef4fa17b4e08388ae4b0e2373728

2beab5cfd84c929938f396e927c62e1c

Flash variant e (53902 bytes, 8286cc6dc7e2193740f6413b6fc55c7e):

81f31e17d97342c8f3700fdd56019972

Flash variant f (26774 bytes, bd7eac5ae665ab27346e52278f367635):

6932d141916cd95e3acaa3952c7596e4

497bd7eb4be6ae9b68c624e3fb594502

Flash variant g (26774 bytes, 4666a447105b483533b2bbd0ab316480):

ee81327f15db183f83815754fbfad5dd