Wepawet is a service for detecting and analyzing web-based malware. It currently handles Flash, JavaScript, and PDF files.
Flash reports
02b3c6a39de2b21d3399e3de18defee9
A malicious Flash advertisment that redirects the user to a fake online malware scanner. It uses various obfuscation techniques in an attempt to hide its behavior such as hiding ActionScript, dynamically decrypting malicious code, and examining its execution environment to selectively activate its malicious code.
0d4f7aef9e740091bd5a20c52f7b7ad6
A malicious Flash file that utilize the CVE-2007-0071 Scene Count exploit to execute malicious shellcode. The shellcode is correctly identified and is located at file offset 0x10b in the uncompressed SWF file. The shellcode uses a small XOR decryption routine in an attempt to hide the majority of the shellcode.
JavaScript reports
Drive-by-download page launching tens of exploits
A malicious page attempting at least 14 different exploits. Notice that the report shows the identified exploits, the shellcode, and the unobfuscated code. The malware downloaded in the attack is retrieved and submitted for analysis to Anubis and VirusTotal.
Page exploiting MS09-002
A malicious page that exploits the MS09-002 vulnerability. The evals section reveals the exploit code, which is almost identical to that published on milw0rm. Note that even if we do not have a signature for this specific exploit, the page is still flagged as suspicious.
Malicious PDF file
A malicious PDF file that attempts to exploit two vulnerabilities in Adobe Reader and Acrobat.
