Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

Open Source Tool From FireEye Automates Analysis of Flash Files

Security company FireEye this week announced the release of an open source tool designed to automate the analysis of Adobe Flash files in order to identify malware and prevent infections.

Security company FireEye this week announced the release of an open source tool designed to automate the analysis of Adobe Flash files in order to identify malware and prevent infections.

Dubbed FLASHMINGO, the framework integrates with analysis workflows as a stand-alone application, but can also be used as a library, and allows for an expansion of its functionality via custom Python plug-ins.

FLASHMINGO takes advantage of the open SWIFFAS library for the parsing of SWF (Flash) files. It uses a large object named SWFObject to store information about the SWF, including a list of tags, information about methods, strings, constants and embedded binary data, and more.

“It is essentially a representation of the SWF file in an easily queryable format. FLASHMINGO is a collection of plug-ins that operate on the SWFObject and extract interesting information,” FireEye explains.

Plugins included in the framework allow for the identification of suspicious method names, constants, and loops, as well as for the retrieval of all embedded data. The tool also packs a decompiler plugin that uses the FFDEC Flash Decompiler.

Extending FLASHMINGO is easy, courtesy of a template plugin provided to those interested in building their own plugins, the security company says. Every plugin resides in its own directory in a plugins folder, and the tool searches these directories for manifest files and registers them if marked as active.

Adobe is on track to completely kill Flash in 2020, but that doesn’t mean that the multimedia plugin is a thing of the past. Companies are likely to fail eliminating Flash from their environments before it reaches end of support, FireEye says.

Although most of the development community has moved away from Flash a long time ago, Flash exploits continue to be used within malware samples, and the company predicts that the plugin will continue to be used as an infection vector for a while.

“Legacy technologies are juicy targets for attackers due to the lack of security updates. FLASHMINGO provides malware analysts a flexible framework to quickly deal with these pesky Flash samples without getting bogged down in the intricacies of the execution environment and file format,” FireEye concludes.

Related: Russian Hospital Targeted With Flash Zero-Day After Kerch Incident

Related: Exploit for Recent Flash Zero-Day Added to Fallout Exploit Kit

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Risk Management

A threat-based approach to security often focuses on a checklist to meet industry requirements but overlooked the key component of security: reducing risk.

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Audits

Out of the 335 public recommendations on a comprehensive cybersecurity strategy made since 2010, 190 were not implemented by federal agencies as of December...

Cybercrime

Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.