Analysis report for 02b3c6a39de2b21d3399e3de18defee9.swf

WARNING: This SWF files makes use of the built in _url variable. This allows the SWF file to grab the URL that it is ran from. This makes it possible for this SWF file to change its behavior depending on where its ran from.
WARNING: This SWF file checks the timezone that it was ran in. This makes it possible for this SWF file to change its behavior depending on the timezone it was ran in.
NOTE: This SWF file executed 112294 ActionScript actions.
  1. Summary [?]
      2. Result: MALICIOUS
      • Runtime URL aware.
      • Detected URLs are associated with malware.
      • Obfuscation Detected.
      • Timezone aware.
      • Date aware.

  2. Details
    3. Hash: 02b3c6a39de2b21d3399e3de18defee9
    Submitted On: 2008-10-30 17:32:05
    Processing Start: 2009-03-12 16:29:11
    Processing End: 2009-03-12 16:32:29
    SWF Version: 6

    Virustotal Report (clean)

  3. Network Activity
    4. Method/ActionDetails
    LoadVars.load
    Arg0
    http://newstat.net/c/index.php?id=NFNOQ3lMcU5Ra0xaclVnazhrMkJoPTEyMDY3MTgxMDAmcG
    56Y252dGE9Y2VuYXF2bnlhYgYNkiDgNmYNkiDgNm

  4. Shared Objects
    1. cHJhbmRpYWxubw%3D%3D.sol

  5. Referenced Urls [?]

    1. http://waytotheprofit.com/?cmpid=prandialno
      Discovery Method:Runtime
      Extra:Jsand (benign)
      Domain Associated with Malware!

    2. http://newstat.net/c/index.php?id=NFNOQ3lMcU5Ra0xaclVnazhrMkJoPTEyMDY3MTgxMDAmcG
      56Y252dGE9Y2VuYXF2bnlhYgYNkiDgNmYNkiDgNm
      Discovery Method:Runtime

  6. Obfuscation Techniques
    1. Invalid tags
      1. Tag Type 521 at file byte offset 21
      2. Tag Type 253 at file byte offset 34585
      3. Tag Type 253 at file byte offset 36777
      4. Tag Type 253 at file byte offset 38769

    2. Out Of Bound Jumps
      1. From 0x000095c6 to 0x0000676f, Src Tag Boundary 0x0000937a - 0x00009763
      2. From 0x00008a30 to 0x00008835, Src Tag Boundary 0x0000883a - 0x00008f77
      3. From 0x0000ade0 to 0x00012d86, Src Tag Boundary 0x0000a7be - 0x0000b11d
      4. From 0x00009720 to 0x00009375, Src Tag Boundary 0x0000937a - 0x00009763
      5. From 0x000089f9 to 0x00001762, Src Tag Boundary 0x0000883a - 0x00008f77
      6. From 0x00008e41 to 0x000047c8, Src Tag Boundary 0x0000883a - 0x00008f77
      7. From 0x0000891c to 0x00002a37, Src Tag Boundary 0x0000883a - 0x00008f77
      8. From 0x0000afea to 0x00007ea5, Src Tag Boundary 0x0000a7be - 0x0000b11d
      9. From 0x0000b0da to 0x0000a7b9, Src Tag Boundary 0x0000a7be - 0x0000b11d
      10. From 0x00008f35 to 0x00007ab9, Src Tag Boundary 0x0000883a - 0x00008f77


  7. Objects
    1. Date
      1. <NOW>
      2. 2008-03-29

  8. Call Counts
    1. Actions
        2. ActionPushData36419
        ActionGetVariable21234
        ActionNewAdd18749
        ActionPop5373
        ActionSetRegister5364
        ActionCallMethod3909
        LogicalNot3200
        ActionBranchIfTrue3199
        ActionGetMember1503
        ActionBranchAlways1476
        ActionSetVariable1462
        ActionNewLessThan1413
        Multiply1230
        ActionModulo1227
        ActionShiftRight1224
        ActionGreater1224
        ActionBitwiseAnd1224
        ActionBitwiseXor1224
        ActionVarEquals587
        Equal522
        ActionReturn190
        ActionVar186
        ActionSetMember33
        ActionNewEquals28
        Add27
        Subtract26
        ActionDup16
        ActionDefineFunction5
        ActionConstantPool5
        ActionNewMethod5
        ActionCallFunction4
        ActionDefineFunction22
        Divide1
        ActionDecrement1
        ActionEnum21
        Stop1

    2. Methods
        3. [string:parseInt]1235
        [string:slice]1224
        [string:fromCharCode]1224
        [number:1]186
        [string:substr]10
        [string:join]9
        [string:split]9
        [string:getTime]2
        [string:random]2
        [string:floor]2
        [string:getLocal]1
        [string:flush]1
        [string:load]1
        [string:getTimezoneOffset]1
        [string:main]1
        [string:allowDomain]1