Connect with us

Hi, what are you looking for?


Application Security

Open Source Tool From FireEye Automates Analysis of Flash Files

Security company FireEye this week announced the release of an open source tool designed to automate the analysis of Adobe Flash files in order to identify malware and prevent infections.

Security company FireEye this week announced the release of an open source tool designed to automate the analysis of Adobe Flash files in order to identify malware and prevent infections.

Dubbed FLASHMINGO, the framework integrates with analysis workflows as a stand-alone application, but can also be used as a library, and allows for an expansion of its functionality via custom Python plug-ins.

FLASHMINGO takes advantage of the open SWIFFAS library for the parsing of SWF (Flash) files. It uses a large object named SWFObject to store information about the SWF, including a list of tags, information about methods, strings, constants and embedded binary data, and more.

“It is essentially a representation of the SWF file in an easily queryable format. FLASHMINGO is a collection of plug-ins that operate on the SWFObject and extract interesting information,” FireEye explains.

Plugins included in the framework allow for the identification of suspicious method names, constants, and loops, as well as for the retrieval of all embedded data. The tool also packs a decompiler plugin that uses the FFDEC Flash Decompiler.

Extending FLASHMINGO is easy, courtesy of a template plugin provided to those interested in building their own plugins, the security company says. Every plugin resides in its own directory in a plugins folder, and the tool searches these directories for manifest files and registers them if marked as active.

Adobe is on track to completely kill Flash in 2020, but that doesn’t mean that the multimedia plugin is a thing of the past. Companies are likely to fail eliminating Flash from their environments before it reaches end of support, FireEye says.

Although most of the development community has moved away from Flash a long time ago, Flash exploits continue to be used within malware samples, and the company predicts that the plugin will continue to be used as an infection vector for a while.

Advertisement. Scroll to continue reading.

“Legacy technologies are juicy targets for attackers due to the lack of security updates. FLASHMINGO provides malware analysts a flexible framework to quickly deal with these pesky Flash samples without getting bogged down in the intricacies of the execution environment and file format,” FireEye concludes.

Related: Russian Hospital Targeted With Flash Zero-Day After Kerch Incident

Related: Exploit for Recent Flash Zero-Day Added to Fallout Exploit Kit

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...