Multi-License Discount Quote

Change Region

English
Threat Database Trojans Exploit:SWF/ShellCode.L

Exploit:SWF/ShellCode.L

By JubileeX in Trojans

Threat Scorecard

Popularity Rank: 23,174
Threat Level: 90 % (High)
Infected Computers: 12
First Seen: October 17, 2012
Last Seen: December 28, 2025
OS(es) Affected: Windows

Exploit:SWF/ShellCode.L is a Trojan that propagates as a malicious SWF (ShockWave Flash) file. Exploit:SWF/ShellCode.L exploits a vulnerability found in Adobe Flash Player prior to version 10.1.85.3. A cybercriminal who successfully exploits the vulnerability could potentially execute a malicious code and obtain control of the corrupted PC. After successful exploitation, Exploit:SWF/ShellCode.L aims at downloading an encrypted binary file from an indicated web address. If the file is downloaded successfully, Exploit:SWF/ShellCode.L then aims at decrypting and running it.

Analysis Report

General information

Family Name: Trojan.Crypt.B
Signature status: No Signature

Known Samples

MD5: fe8ab414c8cabe9693f6c8f9ede10bf2
SHA1: 3f5db594aa553126be477736b25399f5bbc5a7fa
SHA256: DD0DF3570F82F5CBE819ED791E98FE2DEC52EA0A86B76C11790157930C8ABF7A
File Size: 4.77 MB, 4770390 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have relocations information
  • File doesn't have security information
  • File has exports table
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
Show More
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

File Traits

  • 2+ executable sections
  • HighEntropy
  • No Version Info
  • packed
  • PECompact v2.20
  • x86

Files Modified

File Attributes
c:\arquivos de programas\mozilla firefox\firefox.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\arquivos de programas\mozilla firefox\firefox.exe Generic Write,Read Attributes,Delete,LEFT 262144
c:\arquivos de programas\mozilla firefox\firefox.exe Generic Write,Read Data,Read Attributes,Delete,LEFT 262144
c:\documents and settings\all users\menu iniciar\programas\inicializar\iniciar.cmd Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\documents and settings\all users\menu iniciar\programas\inicializar\iniciar.cmd Generic Write,Read Attributes,Delete,LEFT 262144
c:\documents and settings\all users\menu iniciar\programas\inicializar\iniciar.cmd Generic Write,Read Data,Read Attributes,Delete,LEFT 262144
c:\program files\mozilla firefox\firefox.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\aplicativo itau\itauaplicativo.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\aplicativo itau\itauaplicativo.exe Generic Write,Read Attributes,Delete,LEFT 262144
c:\users\user\appdata\local\aplicativo itau\itauaplicativo.exe Generic Write,Read Data,Read Attributes,Delete,LEFT 262144
Show More
c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\iniciar.cmd Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\__tmp_rar_sfx_access_check_3257718 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\windows\backup.bkp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\dia.mp3 Generic Write,Read Attributes
c:\windows\dia.mp3 Synchronize,Write Attributes
c:\windows\iniciar.txt Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\windows\systema.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\windoxp.exe Generic Write,Read Attributes
c:\windows\windoxp.exe Synchronize,Write Attributes

Registry Modifications

Key::Value Data API Name
HKCU\software\winrar sfx::c%%windows C:\Windows RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
Show More
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 鲗ȁ獖} RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::iexplorer C:\Windows\windoxp.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::firefox C:\Program Files\Mozilla Firefox\firefox.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::systema C:\Windows\systema.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::windows C:\Arquivos de programas\Mozilla Firefox\firefox.exe RegNtPreCreateKey

Windows API Usage

Category API
Keyboard Access
  • GetKeyState
Process Manipulation Evasion
  • NtUnmapViewOfSection
Process Shell Execute
  • ShellExecuteEx
Anti Debug
  • IsDebuggerPresent
User Data Access
  • GetUserName
  • GetUserObjectInformation
Network Winsock2
  • WSAStartup
Process Terminate
  • TerminateProcess

Shell Command Execution

(NULL) C:\Windows\windoxp.exe

Trending

Most Viewed

Loading...