4105bb63e3ce12277e55bdeca60a04ae_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4105bb63e3ce12277e55bdeca60a04ae_JaffaCakes118
Size

5.3MB
MD5

4105bb63e3ce12277e55bdeca60a04ae
SHA1

4ac0bc70262bb774635d4fd2c3b49e6cf8c82e18
SHA256

54218d4bbeffa46d2dfb6f24d7d5aafe817e2fbb8e56f863cbb388dbc6a78625
SHA512

2d41ba46f562cf5c1cb2b5c4addadf5b505296398d7fd485b7a90d118429f56b160bea962ebc1e1d9360a431c172cd3ac592a32f5dd000015cdb989b557a55ff
SSDEEP

98304:mYinWs36gaIPVMlttHe3wyLjPBO76a6P0W1jjTwGBn3MU1X1FfSg5PB6WNMSvPbJ:DiWA6vl7He8+z0W1HkG2U1DfP556WzbJ

Score

7^/10

pdf javascript upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack003/DownloaderActiveX.ocx	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack003/DownloaderActiveX.ocx	upx

PDF contains JavaScript
Detects presence of JavaScript in PDF files.
pdf javascript

Unsigned PE 17 IoCs

Checks for missing Authenticode signature.

resource
unpack003/DownloaderActiveX.ocx
unpack004/out.upx
unpack001/Sava Exploits Pack/FF4.dll
unpack001/Sava Exploits Pack/Flash_Player_10.2.160.1.exe
unpack001/Sava Exploits Pack/LnYxrmYJ.exe
unpack001/Sava Exploits Pack/SiteLoader/TMTQMOSd.exe
unpack001/Sava Exploits Pack/TMTQMOSd.exe
unpack001/Sava Exploits Pack/cmd.exe
unpack001/Sava Exploits Pack/exploit/hxRDqPQE.exe
unpack001/Sava Exploits Pack/generic-1303861015.dll
unpack001/Sava Exploits Pack/generic-1303861322.dll
unpack001/Sava Exploits Pack/generic-1303861510.dll
unpack001/Sava Exploits Pack/generic-1303863152.dll
unpack001/Sava Exploits Pack/hxRDqPQE.exe
unpack001/Sava Exploits Pack/load/Flash_Player_10.2.160.1.exe
unpack001/Sava Exploits Pack/nprhapengine.dll
unpack001/Sava Exploits Pack/truebug_php52ts.dll

Files

4105bb63e3ce12277e55bdeca60a04ae_JaffaCakes118
.zip

Password: infected
Sava Exploits Pack/002.gif
.gif
Sava Exploits Pack/404.php
Sava Exploits Pack/432.js
.js
Sava Exploits Pack/5734.jar
.jar
Sava Exploits Pack/5734/META-INF/MANIFEST.MF
Sava Exploits Pack/5734/ghsdr/Gedsrdc.class
Sava Exploits Pack/5734/ghsdr/Jewredd.class
Sava Exploits Pack/5734/ghsdr/KGwedsdv.class
Sava Exploits Pack/5734/ghsdr/Kocer.class
Sava Exploits Pack/5734/index.html
.html
Sava Exploits Pack/6sRR0EYb853b04nWTlUAgCIp5qyRv8AO.jar
.jar
Sava Exploits Pack/A.class
Sava Exploits Pack/Adobe-2008-2992.php
Sava Exploits Pack/Adobe-2010-1297.php
Sava Exploits Pack/Adobe-2010-1297.swf
Sava Exploits Pack/Adobe-2010-2884.php
Sava Exploits Pack/Adobe-2010-2884.swf
Sava Exploits Pack/Adobe-80-2010-0188.php
Sava Exploits Pack/Adobe-90-2010-0188.php
Sava Exploits Pack/Applet.jar
.jar
Sava Exploits Pack/BasicServiceExploit.class
Sava Exploits Pack/Bol.CAB
.cab
Bol Downloader.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

94d0297a571a7736a2354665a72fbd8c

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2009, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:fb:ef:ca:7e:b7:0a:3e:3c:51:15:8a:1f:f3:8a:f4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

15/09/2005, 00:00

Not After

16/09/2006, 23:59

Subject

CN=Rediff.com India Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=India,O=Rediff.com India Limited,L=Mumbai,ST=Maharashtra,C=IN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

RemovePropA
GetClassLongA
CreateWindowExA
GetDlgCtrlID
GetWindowTextA
GetDlgItem
RegisterClassA
GetClassInfoA
WinHelpA
GetTopWindow
GetPropA
SetPropA
AdjustWindowRectEx
SetFocus
SetActiveWindow
MapWindowPoints
SendDlgItemMessageA
LoadIconA
IsDialogMessageA
SetWindowTextA
MoveWindow
ClientToScreen
GetWindowDC
BeginPaint
GetMessageTime
EqualRect
EndPaint
GetMessagePos
UnregisterClassA
InsertMenuA
GetMenuStringA
GetSysColorBrush
LoadStringA
DestroyIcon
CharUpperA
AppendMenuA
RemoveMenu
GetTabbedTextExtentA
GetDialogBaseUnits
GetDCEx
SetForegroundWindow
RegisterWindowMessageA
DestroyWindow
UnhookWindowsHookEx
wsprintfA
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
PeekMessageA
GetCursorPos
SetWindowsHookExA
GetParent
IsWindow
GetWindowLongA
MessageBoxA
SetCursor
SendMessageA
PostMessageA
PostQuitMessage
EnableWindow
GetForegroundWindow
GetWindow
GetWindowPlacement
GetClassNameA
SetRect
GrayStringA
EndDialog
CreateDialogIndirectParamA
SystemParametersInfoA
DrawTextA
TabbedTextOutA
SetRectEmpty
ReleaseDC
GetCapture
ReleaseCapture
SetCapture
LoadCursorA
PtInRect
GetSystemMetrics
RegisterClipboardFormatA
ScreenToClient
IsChild
IsRectEmpty
IntersectRect
FillRect
DestroyMenu
GetSysColor
GetDesktopWindow
GetMenuItemCount
GetMenu
GetSubMenu
GetMenuItemID
UpdateWindow
InflateRect
GetWindowRect
ShowWindow
OffsetRect
InvalidateRect
DrawEdge
SetParent
SetWindowPos
IsIconic
DefWindowProcA
SetWindowLongA
EnumChildWindows
CallWindowProcA
LockWindowUpdate
IsWindowVisible
ValidateRect
GetDC
GetClientRect
CopyRect
GetLastActivePopup
IsWindowEnabled
CreateMenu

gdi32

CreateFontA
SetRectRgn
GetDeviceCaps
LPtoDP
CreateBitmap
CloseMetaFile
DeleteDC
DeleteMetaFile
CreateMetaFileA
PtVisible
RectVisible
CombineRgn
ExtTextOutA
Escape
TextOutA
GetClipBox
SetTextColor
SaveDC
RestoreDC
GetStockObject
CreateRectRgnIndirect
SelectObject
SetBkMode
SetMapMode
SetROP2
OffsetViewportOrgEx
SetViewportExtEx
SetViewportOrgEx
SetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
SelectClipRgn
SetWindowExtEx
MoveToEx
GetCurrentPositionEx
DeleteObject
CreateRectRgn
CreatePen
CreateSolidBrush
CreatePatternBrush
CopyMetaFileA
CreateDCA
GetTextMetricsA
GetTextExtentPoint32A
GetTextAlign
CreateFontIndirectA
PatBlt
UnrealizeObject
Rectangle
SetBkColor
GetObjectA

shell32

ExtractIconA
ShellExecuteA

ole32

StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleLoadFromStream
ReadClassStm
OleDuplicateData
CoCreateInstance
CreateStreamOnHGlobal
ReadFmtUserTypeStg
StringFromCLSID
CreateOleAdviseHolder
ReleaseStgMedium
CreateDataAdviseHolder
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CoDisconnectObject
CoTaskMemFree
OleSaveToStream
CoTaskMemAlloc
CreateDataCache
CoRevokeClassObject
CoRegisterClassObject
StringFromGUID2

oleaut32

SysAllocStringByteLen
SysStringLen
SysAllocStringLen
VariantCopy
SysAllocString
VariantChangeType
VariantClear
LoadTypeLi
RegisterTypeLi
SysStringByteLen
SysFreeString
LoadRegTypeLi

kernel32

GetFileAttributesA
GlobalSize
CopyFileA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetCPInfo
GetOEMCP
GetShortPathNameA
GetFileSize
GetFileTime
SizeofResource
GetProfileIntA
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetCommandLineA
ExitProcess
TerminateProcess
HeapFree
CreateThread
ExitThread
HeapAlloc
RaiseException
HeapSize
HeapReAlloc
GetACP
SetStdHandle
GetFullPathNameA
RtlUnwind
GetVolumeInformationA
SetHandleCount
GetStdHandle
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
CompareStringA
CompareStringW
SetEnvironmentVariableA
ResetEvent
ResumeThread
FindFirstFileA
FindClose
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetCurrentProcess
DuplicateHandle
GetProcessVersion
WritePrivateProfileStringA
GlobalFlags
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LocalAlloc
lstrcpynA
EnterCriticalSection
GetLastError
FormatMessageA
LocalFree
MulDiv
SetLastError
TerminateThread
LoadLibraryA
LoadResource
FreeLibrary
FindResourceA
lstrcatA
LockResource
GetVersion
GlobalFindAtomA
GlobalGetAtomNameA
GlobalAddAtomA
GetUserDefaultLCID
GetModuleHandleA
GetProcAddress
GlobalUnlock
IsDBCSLeadByte
GlobalFree
GetFileType
WideCharToMultiByte
GetCurrentThreadId
GetCurrentThread
InterlockedDecrement
lstrlenW
lstrlenA
MultiByteToWideChar
lstrcpyA
SuspendThread
InterlockedIncrement
CreateEventA
CloseHandle
SetThreadPriority
SetEvent
GlobalAlloc
GetModuleFileNameA
GlobalLock
lstrcmpiA
GlobalDeleteAtom
lstrcmpA
LCMapStringA
LCMapStringW
WaitForSingleObject

comctl32

ord17

olepro32

ord251
ord252
ord250
ord253

urlmon

URLDownloadToCacheFileA

wininet

HttpSendRequestA
HttpOpenRequestA
InternetCloseHandle
InternetCanonicalizeUrlA
InternetConnectA
InternetOpenA
InternetCrackUrlA

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

comdlg32

GetFileTitleA

advapi32

RegCloseKey
RegEnumKeyA
RegOpenKeyA
RegSetValueExA
RegCreateKeyExA
RegSetValueA
RegCreateKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 172KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bol.inf
Sava Exploits Pack/Client.class
Sava Exploits Pack/Client.jar
.jar
Sava Exploits Pack/Client/Client.class
Sava Exploits Pack/Client/META-INF/MANIFEST.MF
Sava Exploits Pack/Client/META-INF/MICROSOF.RSA
Sava Exploits Pack/Client/META-INF/MICROSOF.SF
Sava Exploits Pack/Client/index.html
.html
Sava Exploits Pack/DownloaderActiveX.cab
.cab
DownloaderActiveX.INF
DownloaderActiveX.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

UPX0
Size: - Virtual size: 172KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 73KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 160KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sava Exploits Pack/EfY6ZtNV8IfBuKQJYhBkxnbUkwZXL0wnfphtobLRPk7643MApZMKYhKgcrVQ7WTKl7gXp5Ro4sIEGx.tar
Sava Exploits Pack/Exploit.class
Sava Exploits Pack/FF4.dll
.dll windows:5 windows x86 arch:x86

4abb28630ef82b4af141d59bce8f1416

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\apache\qoclick.com\www\articles\archive\Project_4\FF4\Debug\FF4.pdb

Imports

mfc100ud

ord1434
ord1018
ord1447
ord337
ord2300
ord2220
ord2316
ord2481
ord2273
ord2324
ord2204
ord1441
ord442
ord7920
ord9064
ord4050
ord2429
ord2301
ord15724
ord2357
ord2470
ord2440
ord2442
ord336
ord2482
ord1017
ord1428
ord991
ord2479
ord1451
ord1442

msvcr100d

memset
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
?terminate@@YAXXZ
__CppXcptFilter
_amsg_exit
_vsnprintf_s
wcscpy
_initterm_e
_initterm
_CrtSetCheckCount
strcpy
_encoded_null
_free_dbg
_malloc_dbg
_onexit
_lock
__dllonexit
_unlock
_CRT_RTC_INITW
__CxxFrameHandler3
??_V@YAXPAX@Z
wprintf
_crt_debugger_hook
wcslen
memmove_s
_wcsicmp
memcmp
_recalloc
calloc
strcpy_s
wcsncpy_s
wcscpy_s
_snwprintf_s
_vsnwprintf_s
_snprintf_s
_errno
_CxxThrowException
_CrtDbgReportW
_CrtDbgReport
free

kernel32

SetUnhandledExceptionFilter
SetEvent
OpenEventA
OutputDebugStringA
OutputDebugStringW
GetLastError
VirtualAlloc
UnmapViewOfFile
GetSystemInfo
MapViewOfFile
CreateFileMappingA
GetCurrentThread
OpenFileMappingA
InterlockedIncrement
InterlockedDecrement
FreeLibrary
VirtualQuery
GetModuleFileNameW
GetProcessHeap
HeapAlloc
HeapFree
UnhandledExceptionFilter
GetCommandLineW
GetModuleHandleW
LocalFree
LocalAlloc
EncodePointer
DecodePointer
InterlockedExchange
Sleep
InterlockedCompareExchange
WideCharToMultiByte
IsDebuggerPresent
MultiByteToWideChar
RaiseException
lstrlenA
GetProcAddress
LoadLibraryW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
CloseHandle

oleaut32

SysFreeString

user32

MessageBoxA

advapi32

RevertToSelf
SetThreadToken
OpenThreadToken

Exports

Exports

??4CFF4@@QAEAAV0@ABV0@@Z

Sections

.textbss
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sava Exploits Pack/Flash_Player_10.2.160.1.exe
.exe windows:4 windows x86 arch:x86

541160bce55bf5030f1053d9ca2f310b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA

kernel32

ExitProcess

Sections

.text
Size: 512B - Virtual size: 38B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 146B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 22B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Sava Exploits Pack/Gallery_Viewer.class
Sava Exploits Pack/Gallery_Viewer.jar
.jar
Sava Exploits Pack/Gallery_Viewer/Gallery_Viewer.class
Sava Exploits Pack/Gallery_Viewer/META-INF/MANIFEST.MF
Sava Exploits Pack/Gallery_Viewer/META-INF/ORACLE.DSA
Sava Exploits Pack/Gallery_Viewer/META-INF/ORACLE.SF
Sava Exploits Pack/Gallery_Viewer/index.html
.html
Sava Exploits Pack/GeoIP.dat
Sava Exploits Pack/GetAccess.class
Sava Exploits Pack/GhzrycqVh.DIR
Sava Exploits Pack/GoogleTrax.class
Sava Exploits Pack/GoogleTrax.jar
.jar
Sava Exploits Pack/GoogleTrax/GoogleTrax.class
Sava Exploits Pack/GoogleTrax/META-INF/MANIFEST.MF
Sava Exploits Pack/GoogleTrax/class.class
Sava Exploits Pack/GoogleTrax/index.html
.html
Sava Exploits Pack/HHCTRL.OCX
.zip
HHCTRL.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

e73b1ee0acde60927eafe3a981a7383d

Code Sign

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

09/04/1996, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

fc:a4:a5:9f:2c:0f:c0:b9:03:98:33:1b:7b:54:54:1d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

16/11/1999, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service CA SW1,OU=VeriSign Trust Network+OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

55:0d:88:f5:3f:64:16:d7:0c:73:00:d8:45:92:16:34
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

19/03/1999, 00:00

Not After

16/04/2000, 23:59

Subject

CN=Microsoft Corporation,OU=VeriSign Commercial Software Publishers CA+OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98+OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Microsoft Corporation,O=VeriSign\, Inc.,L=Internet+L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

shlwapi

StrCpyNW
StrStrIA
StrCatW
StrStrA
StrCmpNIW
StrCmpNIA
StrCpyW
StrPBrkA
StrChrW
StrCmpW
StrCmpIW
StrCmpNA
StrChrA

kernel32

GetDiskFreeSpaceA
SetFileAttributesA
SetFilePointer
lstrcmpA
CopyFileA
FindClose
GetLocaleInfoA
CreateDirectoryA
ExitProcess
LocalFree
SetLastError
CompareFileTime
HeapFree
HeapAlloc
GetThreadLocale
IsValidCodePage
GetCurrentDirectoryA
GetCommandLineA
SetFileApisToOEM
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
TerminateProcess
LCMapStringA
LCMapStringW
SetHandleCount
GetFileType
GetStdHandle
GetStartupInfoA
GetOEMCP
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStringTypeW
GetLocaleInfoW
AreFileApisANSI
WinExec
SetStdHandle
Sleep
_llseek
_lopen
CreateSemaphoreA
_lread
CreateThread
GetTempPathA
_lcreat
GlobalFree
GlobalAlloc
GetFileSize
_lclose
GlobalReAlloc
_lwrite
lstrcpyA
lstrcpynA
GetDriveTypeA
DeleteFileA
WriteFile
ReadFile
CloseHandle
CreateFileA
CompareStringW
CompareStringA
GetLastError
GetACP
GetCPInfo
GetModuleFileNameA
lstrlenA
MultiByteToWideChar
lstrcmpiA
GetFileAttributesA
LocalAlloc
ReleaseSemaphore
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
GetTickCount
lstrlenW
IsDBCSLeadByte
FindNextFileA
SetFileApisToANSI
FindFirstFileA
MulDiv
GetTempFileNameA
IsBadWritePtr
DisableThreadLibraryCalls
HeapDestroy
GetCurrentProcess
GetModuleHandleA
GetCurrentThreadId
DebugBreak
GetSystemDefaultLCID
GetVersion
lstrcatA
IsBadReadPtr
GlobalLock
GlobalUnlock
GetUserDefaultLCID
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetVersionExA
SetThreadPriority
CreateFileMappingA
MapViewOfFile
FormatMessageA
SetErrorMode
GetVolumeInformationA
FreeLibrary
lstrcatW
IsDBCSLeadByteEx
GetStringTypeA
GetSystemDefaultLangID
GetFullPathNameA
GetSystemDirectoryA
GetPrivateProfileStringA
VirtualAlloc
lstrcpyW
VirtualFree
LoadLibraryA
GetProcAddress
ExitThread
WaitForSingleObject
FlushFileBuffers
HeapReAlloc
HeapSize
HeapCreate

user32

OemToCharA
ShowScrollBar
CharPrevA
LoadAcceleratorsA
MessageBoxW
LoadStringW
CharToOemA
SetDlgItemTextW
TranslateAcceleratorA
CreateAcceleratorTableA
CopyAcceleratorTableA
InsertMenuItemA
InsertMenuItemW
DrawEdge
ReleaseCapture
SetTimer
KillTimer
GetDlgItemTextA
AppendMenuW
CharLowerW
GetClassInfoExA
SetScrollRange
SetScrollPos
GetScrollInfo
SetScrollInfo
SetMenu
GetSystemMenu
IsRectEmpty
SetMenuItemInfoA
CheckMenuItem
ModifyMenuA
ModifyMenuW
SetMenuItemInfoW
BeginPaint
EndPaint
SetParent
SetRectEmpty
MapWindowPoints
LoadStringA
SetClassLongA
PeekMessageA
FrameRect
TranslateMessage
DispatchMessageA
SendDlgItemMessageA
FillRect
GetWindowDC
AppendMenuA
TrackPopupMenu
GetWindow
InflateRect
CopyRect
PtInRect
GetSysColor
WinHelpA
SystemParametersInfoA
MoveWindow
DialogBoxParamW
EndDialog
MessageBoxA
SendMessageW
EqualRect
SetForegroundWindow
DrawTextA
DestroyAcceleratorTable
IsWindowUnicode
CallWindowProcW
CallWindowProcA
GetWindowLongW
SetWindowLongW
LoadMenuA
GetSubMenu
GetCursorPos
ClientToScreen
DestroyMenu
GetFocus
PostMessageA
GetMenu
EnableMenuItem
LoadIconA
RegisterClassW
GetDC
ReleaseDC
IsWindowVisible
CreateWindowExW
RegisterClassA
CreateWindowExA
UnregisterClassA
GetActiveWindow
GetDesktopWindow
DefWindowProcW
DefWindowProcA
GetDlgCtrlID
IsWindowEnabled
GetNextDlgGroupItem
GetKeyState
GetNextDlgTabItem
CreatePopupMenu
TrackPopupMenuEx
GetWindowTextLengthA
GetWindowTextA
CharNextA
LoadCursorA
SetCursor
wsprintfW
SetWindowTextW
wsprintfA
SetWindowTextA
EnableWindow
GetWindowRect
SetFocus
IsWindow
ShowWindow
GetParent
InvalidateRect
GetClientRect
GetClassNameA
CreateDialogParamW
CreateDialogParamA
LoadBitmapA
SendMessageA
GetSystemMetrics
SetWindowPos
SetWindowLongA
GetDlgItem
GetWindowLongA
EnumChildWindows
BringWindowToTop
IsIconic
PostQuitMessage
GetCursor
DestroyWindow
IsZoomed
GetForegroundWindow
FindWindowA
EnumWindows
DrawFocusRect
GetWindowThreadProcessId
UpdateWindow
RegisterWindowMessageA
GetWindowPlacement
LoadImageA
OffsetRect
SetWindowRgn
WaitMessage
PeekMessageW
DispatchMessageW
CharUpperA
SetDlgItemTextA
CharLowerA
SetCapture
GetCapture
GetWindowTextW
IntersectRect
GetWindowTextLengthW
ScreenToClient
DialogBoxParamA
IsDialogMessageA

gdi32

GetTextExtentPoint32W
GetTextExtentPoint32A
GetObjectA
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
CreateFontA
GetTextExtentPointA
ExtTextOutA
SetBkColor
SetTextColor
DPtoLP
SetMapMode
CreateSolidBrush
GetNearestColor
GetClipBox
RealizePalette
SelectPalette
CreateDCA
DeleteDC
GetStockObject
CreateICA
CreatePalette
GetDeviceCaps
SetWindowOrgEx
SetViewportOrgEx
LPtoDP
CreateDIBSection
GetTextMetricsA
TranslateCharsetInfo
OffsetWindowOrgEx
CreateRectRgnIndirect
SetBkMode
SetROP2
CreatePatternBrush
CreateBitmap
SetBrushOrgEx
UnrealizeObject
CreateFontW
CreateFontIndirectA
ExtTextOutW
CreateFontIndirectW
GetTextExtentPointW
RestoreDC
SaveDC
DeleteObject
SetPixel
PatBlt

advapi32

RegSetValueA
GetUserNameA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegQueryValueA
RegSetValueExA
RegCreateKeyExA
RegDeleteKeyA
RegEnumKeyExA

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteA

ole32

CoTaskMemAlloc
StringFromCLSID
OleUninitialize
OleInitialize
CoCreateInstance
CreateBindCtx
CoTaskMemFree
CoGetMalloc
OleSetContainedObject
CLSIDFromProgID
StgCreateDocfile
OleCreate
CoGetClassObject
CreateOleAdviseHolder

oleaut32

LoadTypeLi
SetErrorInfo
LoadRegTypeLi
DispGetParam
VariantClear
VariantInit
RegisterTypeLi
VariantChangeType
SysFreeString
SysAllocStringLen
SysAllocString

urlmon

HlinkSimpleNavigateToString
URLDownloadToCacheFileA
CreateURLMoniker
URLDownloadToFileA
RegisterBindStatusCallback

mpr

WNetConnectionDialog
WNetGetConnectionA

wininet

InternetCreateUrlA
InternetCrackUrlA

comctl32

ImageList_GetIconSize
ImageList_Create
ImageList_Draw
ord17
CreatePropertySheetPageA
ImageList_Add
PropertySheetA
ImageList_Destroy
ImageList_GetImageCount
ImageList_LoadImageA

Exports

Exports

AuthorMsg
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
HhWindowThread
HtmlHelpA
HtmlHelpW
LoadHHA
doWinMain

Sections

.text
Size: 348KB - Virtual size: 344KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sava Exploits Pack/I6F3G4N7.class
Sava Exploits Pack/I6F3G4N7.jar
.jar
Sava Exploits Pack/I6F3G4N7/I6F3G4N7.class
Sava Exploits Pack/I6F3G4N7/META-INF/MANIFEST.MF
Sava Exploits Pack/I6F3G4N7/META-INF/SIG.RSA
Sava Exploits Pack/I6F3G4N7/META-INF/SIG.SF
Sava Exploits Pack/I6F3G4N7/class.class
Sava Exploits Pack/I6F3G4N7/index.html
.html
Sava Exploits Pack/Installer.class
Sava Exploits Pack/Jappletim.class
Sava Exploits Pack/Java-2010-0842.jar
.jar
Sava Exploits Pack/Java-2010-0842.php
Sava Exploits Pack/Java-2010-0842/META-INF/MANIFEST.MF
Sava Exploits Pack/Java-2010-0842/META-INF/services/javax.sound.midi.spi.MidiDeviceProvider
Sava Exploits Pack/Java-2010-0842/ToolsDemo.class
Sava Exploits Pack/Java-2010-0842/ToolsDemoSubClass.class
Sava Exploits Pack/Java-2010-0842/index.html
.html
Sava Exploits Pack/Java-2010-0842Helper.php
Sava Exploits Pack/Java-2010-3552.php
Sava Exploits Pack/JavaSignedApplet.jar
.jar
Sava Exploits Pack/JavaSignedApplet.php
Sava Exploits Pack/JavaSignedApplet/META-INF/JAVA.DSA
Sava Exploits Pack/JavaSignedApplet/META-INF/JAVA.SF
Sava Exploits Pack/JavaSignedApplet/META-INF/MANIFEST.MF
Sava Exploits Pack/JavaSignedApplet/RequiredJavaComponent.class
Sava Exploits Pack/JavaSignedApplet/index.html
.html
Sava Exploits Pack/Javaa.jar
.jar
Sava Exploits Pack/Javaa/Jappletim.class
Sava Exploits Pack/Javaa/META-INF/INDEX.LIST
Sava Exploits Pack/Javaa/META-INF/MANIFEST.MF
Sava Exploits Pack/Javaa/META-INF/NB-JWS.DSA
Sava Exploits Pack/Javaa/META-INF/NB-JWS.SF
Sava Exploits Pack/Javaa/desifre.class
Sava Exploits Pack/Javaa/index.html
.html
Sava Exploits Pack/Ledi_Gaga.m3u
Sava Exploits Pack/Ledi_Gaga.pls
Sava Exploits Pack/LnYxrmYJ.exe
.exe windows:4 windows x86 arch:x86

541160bce55bf5030f1053d9ca2f310b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA

kernel32

ExitProcess

Sections

.text
Size: 512B - Virtual size: 38B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 146B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 22B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Sava Exploits Pack/MSFcmd.class
Sava Exploits Pack/MSFcmd.jar
.jar
Sava Exploits Pack/MSFcmd/META-INF/MANIFEST.MF
Sava Exploits Pack/MSFcmd/MSFcmd.class
Sava Exploits Pack/MSFcmd/index.html
.html
Sava Exploits Pack/MSFcmd/mycertificate.cer
Sava Exploits Pack/Main.class
Sava Exploits Pack/NewSecurityClassLoader.class
Sava Exploits Pack/NewURLClassLoader.class
Sava Exploits Pack/PluginDetect.js
.js
Sava Exploits Pack/RequiredJavaComponent.class
Sava Exploits Pack/RequiredJavaComponent/class.class
Sava Exploits Pack/RequiredJavaComponent/index.html
.html
Sava Exploits Pack/SiteLoader.class
Sava Exploits Pack/SiteLoader.jar
.jar
Sava Exploits Pack/SiteLoader/META-INF/MANIFEST.MF
Sava Exploits Pack/SiteLoader/META-INF/SIGNFILE.RSA
Sava Exploits Pack/SiteLoader/META-INF/SIGNFILE.SF
Sava Exploits Pack/SiteLoader/META-INF/mycertificate.cer
Sava Exploits Pack/SiteLoader/SiteLoader.class
Sava Exploits Pack/SiteLoader/TMTQMOSd.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

MEW
Size: - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

�uۊ��
Size: 51KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Sava Exploits Pack/SiteLoader/index.html
.html
Sava Exploits Pack/SiteLoader/metasploit.dat
Sava Exploits Pack/SiteLoader/metasploit/Payload.class
Sava Exploits Pack/SiteLoader/mycertificate.cer
Sava Exploits Pack/Sun_Microsystems_Java_Security_Update_6.class
Sava Exploits Pack/Sun_Microsystems_Java_Security_Update_6.jar
.jar
Sava Exploits Pack/Sun_Microsystems_Java_Security_Update_6/META-INF/MANIFEST.MF
Sava Exploits Pack/Sun_Microsystems_Java_Security_Update_6/META-INF/MYSELF.DSA
Sava Exploits Pack/Sun_Microsystems_Java_Security_Update_6/META-INF/MYSELF.SF
Sava Exploits Pack/Sun_Microsystems_Java_Security_Update_6/Sun_Microsystems_Java_Security_Update_6.class
Sava Exploits Pack/Sun_Microsystems_Java_Security_Update_6/class.class
Sava Exploits Pack/Sun_Microsystems_Java_Security_Update_6/index.html
.html
Sava Exploits Pack/TMTQMOSd.exe
.exe windows:4 windows x86 arch:x86

541160bce55bf5030f1053d9ca2f310b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA

kernel32

ExitProcess

Sections

.text
Size: 512B - Virtual size: 38B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 146B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 22B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Sava Exploits Pack/ToolsDemo.class
Sava Exploits Pack/ToolsDemo/class.class
Sava Exploits Pack/ToolsDemo/index.html
.html
Sava Exploits Pack/ToolsDemoSubClass.class
Sava Exploits Pack/Winamp5.php
Sava Exploits Pack/ZSichaOrDt26MOkE5aAyScB1ZYB1SjzZA3IRIbuYEgZsoVVqPIBf.zip
Sava Exploits Pack/_Config_1/index.php
Sava Exploits Pack/_Config_1/index_iframe.php
Sava Exploits Pack/_Config_2/index.php
Sava Exploits Pack/_Config_2/index_iframe.php
Sava Exploits Pack/_Config_3/index.php
Sava Exploits Pack/_Config_3/index_iframe.php
Sava Exploits Pack/_Config_4/index.php
Sava Exploits Pack/_Config_4/index_iframe.php
Sava Exploits Pack/a.htm
.html
Sava Exploits Pack/adds.class
Sava Exploits Pack/advert/adds.class
Sava Exploits Pack/advert/hujoplo.class
Sava Exploits Pack/advert/index.html
.html
Sava Exploits Pack/advert/lea6.class
Sava Exploits Pack/advert/market_patch.class
Sava Exploits Pack/ascii85.php
Sava Exploits Pack/bl.php
Sava Exploits Pack/bspacer.gif
.gif
Sava Exploits Pack/ch.chm
.chm
Sava Exploits Pack/clip_files/010511061501_4dbddb6596a1f.jpg
.jpg
Sava Exploits Pack/clip_files/010511061501_4dbddb6596a1f_002.jpg
.jpg
Sava Exploits Pack/clip_files/010610094650_4c050f4ab63d5.jpg
.jpg
Sava Exploits Pack/clip_files/020110025009_4b3fa371a057b.jpg
.jpg
Sava Exploits Pack/clip_files/020110061049_4b3fd27929e20.jpg
.jpg
Sava Exploits Pack/clip_files/020110061049_4b3fd27929e20_002.jpg
.jpg
Sava Exploits Pack/clip_files/020110080211_4b3f43d38fc0e.jpg
.jpg
Sava Exploits Pack/clip_files/020110095510_4b3f5e4ef32b3.jpg
.jpg
Sava Exploits Pack/clip_files/020110095510_4b3f5e4ef32b3_002.jpg
.jpg
Sava Exploits Pack/clip_files/020110101508_4b3f62fc49aa5.jpg
.jpg
Sava Exploits Pack/clip_files/020411092501_4d9723ad5a6b3.jpg
.jpg
Sava Exploits Pack/clip_files/020511062931_4dbf304b74c13.jpg
.jpg
Sava Exploits Pack/clip_files/020810042157_4c5728e5d9f4c.jpg
.jpg
Sava Exploits Pack/clip_files/030110012541_4b40e125a40d3.jpg
.jpg
Sava Exploits Pack/clip_files/030110030508_4b40f8746e54e.jpg
.jpg
Sava Exploits Pack/clip_files/030110044508_4b40672456b1b.jpg
.jpg
Sava Exploits Pack/clip_files/030110063011_4b407fc32ccea.jpg
.jpg
Sava Exploits Pack/clip_files/030110073534_4b408f164040d.jpg
.jpg
Sava Exploits Pack/clip_files/030110084020_4b414704d3d3a.jpg
.jpg
Sava Exploits Pack/clip_files/030110121047_4b4026d7e77fa.jpg
.jpg
Sava Exploits Pack/clip_files/030110121047_4b4026d7e77fa_002.jpg
.jpg
Sava Exploits Pack/clip_files/030311121041_4d6f22d1ae894.jpg
.jpg
Sava Exploits Pack/clip_files/030311121041_4d6f22d1ae894_002.jpg
.jpg
Sava Exploits Pack/clip_files/030411093521_4d987799e6f5b.jpg
.jpg
Sava Exploits Pack/clip_files/030411093818_4d98784a7c0ee.jpg
.jpg
Sava Exploits Pack/clip_files/030511063757_4dc083c535fdc.jpg
.jpg
Sava Exploits Pack/clip_files/030511063757_4dc083c535fdc_002.jpg
.jpg
Sava Exploits Pack/clip_files/030511064943_4dc086872ea80.jpg
.jpg
Sava Exploits Pack/clip_files/031010050950_4ca8f11e19ee5.jpg
.jpg
Sava Exploits Pack/clip_files/031110062654_4cd138ee75c2e.jpg
.jpg
Sava Exploits Pack/clip_files/031110062654_4cd138ee75c2e_002.jpg
.jpg
Sava Exploits Pack/clip_files/040110045010_4b426292beb0c.jpg
.jpg
Sava Exploits Pack/clip_files/040110051026_4b426752c27a9.jpg
.jpg
Sava Exploits Pack/clip_files/040110072011_4b41dcfb298d7.jpg
.jpg
Sava Exploits Pack/clip_files/040110072011_4b41dcfb298d7_002.jpg
.jpg
Sava Exploits Pack/clip_files/040110102016_4b42aff08566a.jpg
.jpg
Sava Exploits Pack/clip_files/040110113023_4b42c05feac43.jpg
.jpg
Sava Exploits Pack/clip_files/040111011707_4d236423c16eb.jpg
.jpg
Sava Exploits Pack/clip_files/040111011953_4d2364c9e0b11.jpg
.jpg
Sava Exploits Pack/clip_files/040211012805_4d4c45351d705.jpg
.jpg
Sava Exploits Pack/clip_files/041010031432_4caa2798523ce.jpg
.jpg
Sava Exploits Pack/clip_files/041010034222_4ca9855e780b0.jpg
.jpg
Sava Exploits Pack/clip_files/041010034222_4ca9855e780b0_002.jpg
.jpg
Sava Exploits Pack/clip_files/041010050609_4ca99901c671e.jpg
.jpg
Sava Exploits Pack/clip_files/041010050615_4caa41c7b50ba.jpg
.jpg
Sava Exploits Pack/clip_files/050110050518_4b43b79ed50b9.jpg
.jpg
Sava Exploits Pack/clip_files/050110100009_4b43fcb941b8b.jpg
.jpg
Sava Exploits Pack/clip_files/050110100009_4b43fcb941b8b_002.jpg
.jpg
Sava Exploits Pack/clip_files/050410105446_4bbaa2761900f.jpg
.jpg
Sava Exploits Pack/clip_files/051010010521_4cab5ad1abc9a.jpg
.jpg
Sava Exploits Pack/clip_files/051010052219_4cab970ba1ec5.jpg
.jpg
Sava Exploits Pack/clip_files/051010052219_4cab970ba1ec5_002.jpg
.jpg
Sava Exploits Pack/clip_files/051010054606_4caaf3ded5306.jpg
.jpg
Sava Exploits Pack/clip_files/051010113352_4cab4560e7e71.jpg
.jpg
Sava Exploits Pack/clip_files/051210100105_4cfc51f1c0475.jpg
.jpg
Sava Exploits Pack/clip_files/060110031020_4b44456c3ec55.jpg
.jpg
Sava Exploits Pack/clip_files/060110070056_4b4524386938a.jpg
.jpg
Sava Exploits Pack/clip_files/060110111006_4b455e9e1f397.jpg
.jpg
Sava Exploits Pack/clip_files/060110111006_4b455e9e1f397_002.jpg
.jpg
Sava Exploits Pack/clip_files/060411102234_4d9c772a5c47f.jpg
.jpg
Sava Exploits Pack/clip_files/060510082922_4be35ee21a3b1.jpg
.jpg
Sava Exploits Pack/clip_files/070110080039_4b45daf754039.jpg
.jpg
Sava Exploits Pack/clip_files/070411105432_4d9dd0288ee34.jpg
.jpg
Sava Exploits Pack/clip_files/070510023656_4be3b50890ea6.jpg
.jpg
Sava Exploits Pack/clip_files/070510034849_4be46ea11f219.jpg
.jpg
Sava Exploits Pack/clip_files/070510050210_4be47fd252fc7.jpg
.jpg
Sava Exploits Pack/clip_files/070510050210_4be47fd252fc7_002.jpg
.jpg
Sava Exploits Pack/clip_files/070510091343_4be4bac799d04.jpg
.jpg
Sava Exploits Pack/clip_files/070510091343_4be4bac799d04_002.jpg
.jpg
Sava Exploits Pack/clip_files/070510105539_4be429eb0d666.jpg
.jpg
Sava Exploits Pack/clip_files/070510122244_4be39594566da.jpg
.jpg
Sava Exploits Pack/clip_files/070510122244_4be39594566da_002.jpg
.jpg
Sava Exploits Pack/clip_files/071010091959_4cae71bf5d2e8.jpg
.jpg
Sava Exploits Pack/clip_files/080110022528_4b4786a822c5f.jpg
.jpg
Sava Exploits Pack/clip_files/080110032519_4b4794af97b7d.jpg
.jpg
Sava Exploits Pack/clip_files/080110042506_4b46f9f280342.jpg
.jpg
Sava Exploits Pack/clip_files/080110042506_4b46f9f280342_002.jpg
.jpg
Sava Exploits Pack/clip_files/080110082405_4b47dab539b4e.jpg
.jpg
Sava Exploits Pack/clip_files/080110083204_4b47dc9458151.jpg
.jpg
Sava Exploits Pack/clip_files/080110092011_4b47e7dbefc68.jpg
.jpg
Sava Exploits Pack/clip_files/080110100016_4b474880604d3.jpg
.jpg
Sava Exploits Pack/clip_files/080110103902_4b47fa56f2ebf.jpg
.jpg
Sava Exploits Pack/clip_files/080110104522_4b47fbd2ad943.jpg
.jpg
Sava Exploits Pack/clip_files/080411111221_4d9f25d5b17e9.jpg
.jpg
Sava Exploits Pack/clip_files/080411111221_4d9f25d5b17e9_002.jpg
.jpg
Sava Exploits Pack/clip_files/080510022022_4be5ab668b5d2.jpg
.jpg
Sava Exploits Pack/clip_files/080510022022_4be5ab668b5d2_002.jpg
.jpg
Sava Exploits Pack/clip_files/080510022219_4be5abdbc4665.jpg
.jpg
Sava Exploits Pack/clip_files/080510070647_4be545c7cb022.jpg
.jpg
Sava Exploits Pack/clip_files/080510072226_4be549726b219.jpg
.jpg
Sava Exploits Pack/clip_files/080510094505_4be56ae1e8f0f.jpg
.jpg
Sava Exploits Pack/clip_files/080510120211_4be58b03a33fd.jpg
.jpg
Sava Exploits Pack/clip_files/080510121401_4be58dc94c7b3.jpg
.jpg
Sava Exploits Pack/clip_files/080510125015_4be596471f8b2.jpg
.jpg
Sava Exploits Pack/clip_files/090110021703_4b482d6f736ad.jpg
.jpg
Sava Exploits Pack/clip_files/090110022112_4b482e6848d5f.jpg
.jpg
Sava Exploits Pack/clip_files/090110034506_4b4842123f409.jpg
.jpg
Sava Exploits Pack/clip_files/090510032016_4be66230d63cd.jpg
.jpg
Sava Exploits Pack/clip_files/090510035533_4be66a75c578a.jpg
.jpg
Sava Exploits Pack/clip_files/090510045628_4be678bc33028.jpg
.jpg
Sava Exploits Pack/clip_files/090510045628_4be678bc33028_002.jpg
.jpg
Sava Exploits Pack/clip_files/090510055911_4be7302f05789.jpg
.jpg
Sava Exploits Pack/clip_files/090510084254_4be6adce7fde6.jpg
.jpg
Sava Exploits Pack/clip_files/090510092314_4be6b742a314a.jpg
.jpg
Sava Exploits Pack/clip_files/090510092901_4be6b89d787fe.jpg
.jpg
Sava Exploits Pack/clip_files/090510122618_4be6e22adc600.jpg
.jpg
Sava Exploits Pack/clip_files/091010075405_4cb057dd32244.jpg
.jpg
Sava Exploits Pack/clip_files/091010090557_4cb068b559488.jpg
.jpg
Sava Exploits Pack/clip_files/091010112539_4cb08973dca5f.jpg
.jpg
Sava Exploits Pack/clip_files/091010112539_4cb08973dca5f_002.jpg
.jpg
Sava Exploits Pack/clip_files/100510010321_4be79399c28e6.jpg
.jpg
Sava Exploits Pack/clip_files/100510050608_4be7cc80e0b76.jpg
.jpg
Sava Exploits Pack/clip_files/100510063818_4be88ada711da.jpg
.jpg
Sava Exploits Pack/clip_files/100510080542_4be89f5655a9d.jpg
.jpg
Sava Exploits Pack/clip_files/100510080542_4be89f5655a9d_002.jpg
.jpg
Sava Exploits Pack/clip_files/100510110948_4be8ca7c6ab81.jpg
.jpg
Sava Exploits Pack/clip_files/100510114639_4be82a5fa6808.jpg
.jpg
Sava Exploits Pack/clip_files/101010012632_4cb14e88839e7.jpg
.jpg
Sava Exploits Pack/clip_files/101010104440_4cb27a18327b6.jpg
.jpg
Sava Exploits Pack/clip_files/101010104440_4cb27a18327b6_002.jpg
.jpg
Sava Exploits Pack/clip_files/101210030649_4d01df9976182.jpg
.jpg
Sava Exploits Pack/clip_files/110110090805_4b4bd9855ace3.jpg
.jpg
Sava Exploits Pack/clip_files/110111054045_4d2cdc6ddc966.jpg
.jpg
Sava Exploits Pack/clip_files/110510063513_4be932e164397.jpg
.jpg
Sava Exploits Pack/clip_files/110510063639_4be9333772c40.jpg
.jpg
Sava Exploits Pack/clip_files/110510113705_4bea226171d0b.jpg
.jpg
Sava Exploits Pack/clip_files/110510113705_4bea226171d0b_002.jpg
.jpg
Sava Exploits Pack/clip_files/111010043738_4cb2ccd22c091.jpg
.jpg
Sava Exploits Pack/clip_files/120110023503_4b4ccee7d5adb.jpg
.jpg
Sava Exploits Pack/clip_files/120110023513_4b4ccef1aaef3.jpg
.jpg
Sava Exploits Pack/clip_files/120110023513_4b4ccef1aaef3_002.jpg
.jpg
Sava Exploits Pack/clip_files/120110024342_4b4cd0ee6e7b0.jpg
.jpg
Sava Exploits Pack/clip_files/120110025309_4b4cd325abbea.jpg
.jpg
Sava Exploits Pack/clip_files/120110030008_4b4c2c087277c.jpg
.jpg
Sava Exploits Pack/clip_files/120110030521_4b4cd601577de.jpg
.jpg
Sava Exploits Pack/clip_files/120110032103_4b4cd9af2e7bf.jpg
.jpg
Sava Exploits Pack/clip_files/120110033434_4b4cdcda8b43c.jpg
.jpg
Sava Exploits Pack/clip_files/120110042912_4b4ce9a874718.jpg
.jpg
Sava Exploits Pack/clip_files/120110050806_4b4c4a06ee8c1.jpg
.jpg
Sava Exploits Pack/clip_files/120110064808_4b4d0a389c3d3.jpg
.jpg
Sava Exploits Pack/clip_files/120110065605_4b4d0c15833aa.jpg
.jpg
Sava Exploits Pack/clip_files/120110074721_4b4d181905840.jpg
.jpg
Sava Exploits Pack/clip_files/120110084240_4b4d25105f956.jpg
.jpg
Sava Exploits Pack/clip_files/120110115035_4b4d511bd8403.jpg
.jpg
Sava Exploits Pack/clip_files/120110115035_4b4d511bd8403_002.jpg
.jpg
Sava Exploits Pack/clip_files/120510061858_4bea8092717f2.jpg
.jpg
Sava Exploits Pack/clip_files/120510061858_4bea8092717f2_002.jpg
.jpg
Sava Exploits Pack/clip_files/120510065318_4beb315ec5ffc.jpg
.jpg
Sava Exploits Pack/clip_files/120510123730_4bea308a5e7b0.jpg
.jpg
Sava Exploits Pack/clip_files/121010115418_4cb52d6a21ac7.jpg
.jpg
Sava Exploits Pack/clip_files/130110011411_4b4e0d733dcc7.jpg
.jpg
Sava Exploits Pack/clip_files/130110033320_4b4e2e109a5a0.jpg
.jpg
Sava Exploits Pack/clip_files/130110044500_4b4e3edce6cb7.jpg
.jpg
Sava Exploits Pack/clip_files/130110052253_4b4e47bd40010.jpg
.jpg
Sava Exploits Pack/clip_files/130110052253_4b4e47bd40010_002.jpg
.jpg
Sava Exploits Pack/clip_files/130110061047_4b4daa370d609.jpg
.jpg
Sava Exploits Pack/clip_files/130110072646_4b4e64c635e68.jpg
.jpg
Sava Exploits Pack/clip_files/130110081439_4b4e6fffbbaa0.jpg
.jpg
Sava Exploits Pack/clip_files/130110091751_4b4dd60f3abac.jpg
.jpg
Sava Exploits Pack/clip_files/130110091844_4b4e7f046ff8b.jpg
.jpg
Sava Exploits Pack/clip_files/130110095440_4b4e8770ce454.jpg
.jpg
Sava Exploits Pack/clip_files/130110105748_4b4e963c69a69.jpg
.jpg
Sava Exploits Pack/clip_files/130110105843_4b4e96731ab6a.jpg
.jpg
Sava Exploits Pack/clip_files/130110105843_4b4e96731ab6a_002.jpg
.jpg
Sava Exploits Pack/clip_files/130110120520_4b4dfd50cd212.jpg
.jpg
Sava Exploits Pack/clip_files/130110121904_4b4d57c824f82.jpg
.jpg
Sava Exploits Pack/clip_files/130110125103_4b4d5f475b22a.jpg
.jpg
Sava Exploits Pack/clip_files/130411124807_4da5d3c7d623b.jpg
.jpg
Sava Exploits Pack/clip_files/130510043550_4bebb9e69476a.jpg
.jpg
Sava Exploits Pack/clip_files/130510061114_4bebd042cc0f5.jpg
.jpg
Sava Exploits Pack/clip_files/131010072422_4cb63fa6832ae.jpg
.jpg
Sava Exploits Pack/clip_files/131010100612_4cb6659448935.jpg
.jpg
Sava Exploits Pack/clip_files/140110013754_4b4ebbc297099.jpg
.jpg
Sava Exploits Pack/clip_files/140110034425_4b4f8229be268.jpg
.jpg
Sava Exploits Pack/clip_files/140110045218_4b4ee9524c86b.jpg
.jpg
Sava Exploits Pack/clip_files/140110065811_4b4f06d30f7a4.jpg
.jpg
Sava Exploits Pack/clip_files/140110074732_4b4f126463ae4.jpg
.jpg
Sava Exploits Pack/clip_files/140110080318_4b4fbed604879.jpg
.jpg
Sava Exploits Pack/clip_files/140110080318_4b4fbed604879_002.jpg
.jpg
Sava Exploits Pack/clip_files/140110090533_4b4fcd6d816ee.jpg
.jpg
Sava Exploits Pack/clip_files/140110090533_4b4fcd6d816ee_002.jpg
.jpg
Sava Exploits Pack/clip_files/140110103353_4b4fe2215e526.jpg
.jpg
Sava Exploits Pack/clip_files/140110104112_4b4fe3d8c3f74.jpg
.jpg
Sava Exploits Pack/clip_files/140110114140_4b4ff20440d26.jpg
.jpg
Sava Exploits Pack/clip_files/140510030601_4bed9f1957e6f.jpg
.jpg
Sava Exploits Pack/clip_files/140510030601_4bed9f1957e6f_002.jpg
.jpg
Sava Exploits Pack/clip_files/140510040846_4bed050ec00c1.jpg
.jpg
Sava Exploits Pack/clip_files/140510040846_4bed050ec00c1_002.jpg
.jpg
Sava Exploits Pack/clip_files/140510041039_4bed057f88751.jpg
.jpg
Sava Exploits Pack/clip_files/140510125150_4becd6e624e2f.jpg
.jpg
Sava Exploits Pack/clip_files/140510125832_4becd8781af23.jpg
.jpg
Sava Exploits Pack/clip_files/140710082633_4c3e55b99ac12.jpg
.jpg
Sava Exploits Pack/clip_files/150110025035_4b501e4be5a2b.jpg
.jpg
Sava Exploits Pack/clip_files/150110031929_4b50251162ebe.jpg
.jpg
Sava Exploits Pack/clip_files/150110070053_4b5058f543354.jpg
.jpg
Sava Exploits Pack/clip_files/150110073214_4b50604ebc712.jpg
.jpg
Sava Exploits Pack/clip_files/150110073236_4b506064e5fb3.jpg
.jpg
Sava Exploits Pack/clip_files/150110081907_4b506b4b3adf2.jpg
.jpg
Sava Exploits Pack/clip_files/150110101150_4b5085b6bdcfb.jpg
.jpg
Sava Exploits Pack/clip_files/150110102918_4b51328ecd15e.jpg
.jpg
Sava Exploits Pack/clip_files/150110104050_4b51354272d0f.jpg
.jpg
Sava Exploits Pack/clip_files/150310081236_4b9eccf4803b0.jpg
.jpg
Sava Exploits Pack/clip_files/150510010841_4bee2c59b250a.jpg
.jpg
Sava Exploits Pack/clip_files/150510072023_4bee83779966a.jpg
.jpg
Sava Exploits Pack/clip_files/150510072023_4bee83779966a_002.jpg
.jpg
Sava Exploits Pack/clip_files/150510082014_4bee917eec5a3.jpg
.jpg
Sava Exploits Pack/clip_files/150510082014_4bee917eec5a3_002.jpg
.jpg
Sava Exploits Pack/clip_files/150610031011_4c17d0139f99d.jpg
.jpg
Sava Exploits Pack/clip_files/150610031011_4c17d0139f99d_002.jpg
.jpg
Sava Exploits Pack/clip_files/150610031319_4c17d0cfe056f.jpg
.jpg
Sava Exploits Pack/clip_files/151010022345_4cb7f371a1c72.jpg
.jpg
Sava Exploits Pack/clip_files/151010105030_4cb86a368c88a.jpg
.jpg
Sava Exploits Pack/clip_files/151010105030_4cb86a368c88a_002.jpg
.jpg
Sava Exploits Pack/clip_files/151210043350_4d088b7e1bd07.jpg
.jpg
Sava Exploits Pack/clip_files/151210044123_4d088d43bbee7.jpg
.jpg
Sava Exploits Pack/clip_files/160110091014_4b51c8c63b926.jpg
.jpg
Sava Exploits Pack/clip_files/161010041436_4cb95eec3e27b.jpg
.jpg
Sava Exploits Pack/clip_files/161010100629_4cba5a25d9f3f.jpg
.jpg
Sava Exploits Pack/clip_files/171010041827_4cbab1538ba38.jpg
.jpg
Sava Exploits Pack/clip_files/171010041827_4cbab1538ba38_002.jpg
.jpg
Sava Exploits Pack/clip_files/181010105943_4cbd099f91d3f.jpg
.jpg
Sava Exploits Pack/clip_files/181110084341_4ce5d64d990ce.jpg
.jpg
Sava Exploits Pack/clip_files/190211075157_4d6065ad02f06.jpg
.jpg
Sava Exploits Pack/clip_files/190211075157_4d6065ad02f06_002.jpg
.jpg
Sava Exploits Pack/clip_files/190411020149_4dadce0dad614.jpg
.jpg
Sava Exploits Pack/clip_files/190411021247_4dadd09fd62ca.jpg
.jpg
Sava Exploits Pack/clip_files/190411021247_4dadd09fd62ca_002.jpg
.jpg
Sava Exploits Pack/clip_files/190810071239_4c6dba6750889.jpg
.jpg
Sava Exploits Pack/clip_files/191010040511_4cbd5137e0b70.jpg
.jpg
Sava Exploits Pack/clip_files/191010112029_4cbe5ffde0e80.jpg
.jpg
Sava Exploits Pack/clip_files/200810071853_4c6f0d5d2b5f6.jpg
.jpg
Sava Exploits Pack/clip_files/200810071853_4c6f0d5d2b5f6_002.jpg
.jpg
Sava Exploits Pack/clip_files/211010064758_4cc01a5e168c4.jpg
.jpg
Sava Exploits Pack/clip_files/211110094841_4ce9da09ec723.jpg
.jpg
Sava Exploits Pack/clip_files/211210062403_4d108e53222c9.jpg
.jpg
Sava Exploits Pack/clip_files/220411030742_4db1d1fe6d8da.jpg
.jpg
Sava Exploits Pack/clip_files/220910125740_4c998cc462919.jpg
.jpg
Sava Exploits Pack/clip_files/221010043540_4cc1f59cbfd02.jpg
.jpg
Sava Exploits Pack/clip_files/230411031102_4db3244612769.jpg
.jpg
Sava Exploits Pack/clip_files/230411031102_4db3244612769_002.jpg
.jpg
Sava Exploits Pack/clip_files/231010040825_4cc297f9bcdf2.jpg
.jpg
Sava Exploits Pack/clip_files/231010101434_4cc2edcab830b.jpg
.jpg
Sava Exploits Pack/clip_files/231010111651_4cc2fc63d62fd.jpg
.jpg
Sava Exploits Pack/clip_files/231010111651_4cc2fc63d62fd_002.jpg
.jpg
Sava Exploits Pack/clip_files/240111073850_4d3d72da637f8.jpg
.jpg
Sava Exploits Pack/clip_files/240111073850_4d3d72da637f8_002.jpg
.jpg
Sava Exploits Pack/clip_files/240810080529_4c745e494873e.jpg
.jpg
Sava Exploits Pack/clip_files/260211103337_4d69c6110f4ed.jpg
.jpg
Sava Exploits Pack/clip_files/260211103337_4d69c6110f4ed_002.jpg
.jpg
Sava Exploits Pack/clip_files/260311072411_4d8dccdbde68f.jpg
.jpg
Sava Exploits Pack/clip_files/260411041340_4db727747e951.jpg
.jpg
Sava Exploits Pack/clip_files/260411042225_4db72981db80c.jpg
.jpg
Sava Exploits Pack/clip_files/261210074932_4d1739dc9ce81.jpg
.jpg
Sava Exploits Pack/clip_files/270411043532_4db87e14ec93f.jpg
.jpg
Sava Exploits Pack/clip_files/271209062518_4b37ecde465a0.jpg
.jpg
Sava Exploits Pack/clip_files/271209093121_4b3818792c680.jpg
.jpg
Sava Exploits Pack/clip_files/290411050753_4dbb28a9d8fd1.jpg
.jpg
Sava Exploits Pack/clip_files/290411050753_4dbb28a9d8fd1_002.jpg
.jpg
Sava Exploits Pack/clip_files/290411050759_4dbb28afd5739.jpg
.jpg
Sava Exploits Pack/clip_files/290411051855_4dbb2b3fbc947.jpg
.jpg
Sava Exploits Pack/clip_files/290411052012_4dbb2b8c20f1d.jpg
.jpg
Sava Exploits Pack/clip_files/290411052334_4dbb2c568312e.jpg
.jpg
Sava Exploits Pack/clip_files/291209025010_4b39b4b233a93.jpg
.jpg
Sava Exploits Pack/clip_files/300411052600_4dbc7e68f2d60.jpg
.jpg
Sava Exploits Pack/clip_files/300411054806_4dbc8396183a6.jpg
.jpg
Sava Exploits Pack/clip_files/311209125132_4b3ce4a48e99d.jpg
.jpg
Sava Exploits Pack/clip_files/311209125508_4b3c3cbce2e0c.jpg
.jpg
Sava Exploits Pack/clip_files/311209125508_4b3c3cbce2e0c_002.jpg
.jpg
Sava Exploits Pack/cmd.exe
.exe windows:5 windows x86 arch:x86

dbe5febb7a19ba19945a8e8ba6534abf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

cmd.pdb

Imports

kernel32

FlushConsoleInputBuffer
LoadLibraryA
InterlockedExchange
FreeLibrary
LocalAlloc
GetVDMCurrentDirectories
CmdBatNotification
GetModuleHandleA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetThreadLocale
GetDiskFreeSpaceExW
CompareFileTime
RemoveDirectoryW
GetCurrentDirectoryW
SetCurrentDirectoryW
TerminateProcess
WaitForSingleObject
GetExitCodeProcess
CopyFileW
SetFileAttributesW
DeleteFileW
SetFileTime
CreateDirectoryW
FillConsoleOutputAttribute
SetConsoleTextAttribute
ScrollConsoleScreenBufferW
FormatMessageW
DuplicateHandle
FlushFileBuffers
HeapReAlloc
HeapSize
GetFileAttributesExW
LocalFree
GetDriveTypeW
InitializeCriticalSection
SetConsoleCtrlHandler
GetWindowsDirectoryW
GetConsoleTitleW
GetModuleFileNameW
GetVersion
EnterCriticalSection
LeaveCriticalSection
ExpandEnvironmentStringsW
SearchPathW
WriteFile
GetVolumeInformationW
SetLastError
MoveFileW
SetConsoleTitleW
MoveFileExW
GetBinaryTypeW
GetFileAttributesW
GetCurrentThreadId
CreateProcessW
LoadLibraryW
ReadProcessMemory
SetErrorMode
GetConsoleMode
SetConsoleMode
VirtualAlloc
VirtualFree
SetEnvironmentVariableW
GetEnvironmentVariableW
GetCommandLineW
GetEnvironmentStringsW
GetLocalTime
GetTimeFormatW
FileTimeToLocalFileTime
GetDateFormatW
GetLastError
CloseHandle
SetThreadLocale
GetProcAddress
GetModuleHandleW
SetFilePointer
lstrcmpW
lstrcmpiW
HeapAlloc
GetProcessHeap
HeapFree
MultiByteToWideChar
ReadFile
WriteConsoleW
FillConsoleOutputCharacterW
SetConsoleCursorPosition
ReadConsoleW
GetConsoleScreenBufferInfo
GetStdHandle
GetFileType
VirtualQuery
RaiseException
GetCPInfo
GetConsoleOutputCP
WideCharToMultiByte
GetFileSize
CreateFileW
FindClose
FindNextFileW
FindFirstFileW
GetFullPathNameW
GetUserDefaultLCID
GetLocaleInfoW
SetLocalTime
SystemTimeToFileTime
GetSystemTime
FileTimeToSystemTime

msvcrt

__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__initenv
_cexit
_XcptFilter
_exit
_c_exit
calloc
_wcslwr
qsort
_vsnwprintf
wcsstr
_dup2
_dup
_open_osfhandle
_close
swscanf
_ultoa
_pipe
_seh_longjmp_unwind
_setmode
wcsncmp
iswxdigit
fflush
exit
_wtol
time
srand
__set_app_type
wcsrchr
malloc
free
wcstoul
_errno
iswalpha
printf
rand
swprintf
_iob
fprintf
towlower
realloc
setlocale
_snwprintf
wcscat
_wcsupr
wcsncpy
_wpopen
fgets
_pclose
memmove
wcschr
iswspace
_tell
longjmp
wcscmp
_wcsnicmp
_wcsicmp
wcstol
iswdigit
_getch
_get_osfhandle
_controlfp
_setjmp3
_except_handler3
wcscpy
wcslen
wcsspn
towupper

user32

GetUserObjectInformationW
GetThreadDesktop
MessageBeep
GetProcessWindowStation

Sections

.text
Size: 126KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Sava Exploits Pack/config.php
Sava Exploits Pack/counter.gif
.html
Sava Exploits Pack/cs.php
Sava Exploits Pack/cs2.php
Sava Exploits Pack/desifre.class
Sava Exploits Pack/detect.js
.js
Sava Exploits Pack/dx_ds.gif
Sava Exploits Pack/exe.php
Sava Exploits Pack/exec.php
Sava Exploits Pack/exp0.php
Sava Exploits Pack/exploit.jar
.jar
Sava Exploits Pack/exploit/BasicServiceExploit.class
Sava Exploits Pack/exploit/Exploit.class
Sava Exploits Pack/exploit/META-INF/MANIFEST.MF
Sava Exploits Pack/exploit/hxRDqPQE.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

MEW
Size: - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

�uۊ��
Size: 51KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Sava Exploits Pack/exploit/index.html
.html
Sava Exploits Pack/exploit/metasploit.dat
Sava Exploits Pack/exploit/metasploit/Payload.class
Sava Exploits Pack/exploit/vuln/Exploit$1.class
Sava Exploits Pack/exploit/vuln/Exploit.class
Sava Exploits Pack/exploit/vuln/Link.class
Sava Exploits Pack/fade.png
.png
Sava Exploits Pack/favort.siurele.class
Sava Exploits Pack/fgdtshjdkyfhxtgstre.jar
.jar
Sava Exploits Pack/fgdtshjdkyfhxtgstre/META-INF/MANIFEST.MF
Sava Exploits Pack/fgdtshjdkyfhxtgstre/index.html
.html
Sava Exploits Pack/fgdtshjdkyfhxtgstre/manty/peleza.class
Sava Exploits Pack/fgdtshjdkyfhxtgstre/manty/ronozi.class
Sava Exploits Pack/fgdtshjdkyfhxtgstre/manty/rova.class
Sava Exploits Pack/fgdtshjdkyfhxtgstre/manty/zimbie.class
Sava Exploits Pack/fgdtshjdkyfhxtgstre/olig/arel.class
Sava Exploits Pack/fgdtshjdkyfhxtgstre/olig/arena.class
Sava Exploits Pack/fgdtshjdkyfhxtgstre/olig/arep.class
Sava Exploits Pack/fgdtshjdkyfhxtgstre/olig/aret.class
Sava Exploits Pack/generic-1303861015.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sava Exploits Pack/generic-1303861322.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sava Exploits Pack/generic-1303861510.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sava Exploits Pack/generic-1303863152.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sava Exploits Pack/geoip.php
Sava Exploits Pack/get.php
Sava Exploits Pack/getJavaInfo.jar
.zip
A.class
Sava Exploits Pack/getJavaInfo/A.class
Sava Exploits Pack/getJavaInfo/index.html
.html
Sava Exploits Pack/ghsdr.Gedsrdc.class
Sava Exploits Pack/ghsdr.Jewredd.class
Sava Exploits Pack/ghsdr.KGwedsdv.class
Sava Exploits Pack/ghsdr.Kocer.class
Sava Exploits Pack/ghsdr/Gedsrdc.class
Sava Exploits Pack/ghsdr/Jewredd.class
Sava Exploits Pack/ghsdr/KGwedsdv.class
Sava Exploits Pack/ghsdr/Kocer.class
Sava Exploits Pack/ghsdr/index.html
.html
Sava Exploits Pack/hcp.php
Sava Exploits Pack/hcp_asx.php
Sava Exploits Pack/hxRDqPQE.exe
.exe windows:4 windows x86 arch:x86

541160bce55bf5030f1053d9ca2f310b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA

kernel32

ExitProcess

Sections

.text
Size: 512B - Virtual size: 38B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 146B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 22B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Sava Exploits Pack/i/1.png
.png
Sava Exploits Pack/i/Thumbs.db
Sava Exploits Pack/i/clear.gif
.gif
Sava Exploits Pack/i/country.gif
.gif
Sava Exploits Pack/i/file.gif
.gif
Sava Exploits Pack/i/footer.jpg
.jpg
Sava Exploits Pack/i/form_inputtext.jpg
.jpg
Sava Exploits Pack/i/heading_background.jpg
.jpg
Sava Exploits Pack/i/index.css
Sava Exploits Pack/i/index.html
.html
Sava Exploits Pack/i/logout.gif
.gif
Sava Exploits Pack/i/main.gif
.gif
Sava Exploits Pack/i/referer.gif
.gif
Sava Exploits Pack/i/sell.gif
.gif
Sava Exploits Pack/i/submit.jpg
.jpg
Sava Exploits Pack/i/wrapper-a.jpg
.jpg
Sava Exploits Pack/i/wrapper-b.gif
.gif
Sava Exploits Pack/iS.asx
Sava Exploits Pack/ifrAttacker.html
.html
Sava Exploits Pack/ifrLocal.html
.html
Sava Exploits Pack/index.php
Sava Exploits Pack/index_iframe.php
Sava Exploits Pack/install.php
Sava Exploits Pack/java/GetAccess.class
Sava Exploits Pack/java/Installer.class
Sava Exploits Pack/java/META-INF/MANIFEST.MF
Sava Exploits Pack/java/NewSecurityClassLoader.class
Sava Exploits Pack/java/NewURLClassLoader.class
Sava Exploits Pack/java/index.html
.html
Sava Exploits Pack/java/java.jar
.jar
Sava Exploits Pack/java/java/GetAccess.class
Sava Exploits Pack/java/java/Installer.class
Sava Exploits Pack/java/java/META-INF/MANIFEST.MF
Sava Exploits Pack/java/java/NewSecurityClassLoader.class
Sava Exploits Pack/java/java/NewURLClassLoader.class
Sava Exploits Pack/java_skyline.php
Sava Exploits Pack/java_trust.php
Sava Exploits Pack/libtiff.php
Sava Exploits Pack/load.gif
.gif
Sava Exploits Pack/load.php
Sava Exploits Pack/load/Flash_Player_10.2.160.1.exe
.exe windows:4 windows x86 arch:x86

541160bce55bf5030f1053d9ca2f310b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA

kernel32

ExitProcess

Sections

.text
Size: 512B - Virtual size: 38B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 146B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 22B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Sava Exploits Pack/load/index.php
Sava Exploits Pack/loader.gif
.gif
Sava Exploits Pack/loader2.gif
.jpg
Sava Exploits Pack/main.php
Sava Exploits Pack/manty.peleza.class
Sava Exploits Pack/manty.ronozi.class
Sava Exploits Pack/manty.rova.class
Sava Exploits Pack/manty.zimbie.class
Sava Exploits Pack/manty/index.html
.html
Sava Exploits Pack/manty/peleza.class
Sava Exploits Pack/manty/ronozi.class
Sava Exploits Pack/manty/rova.class
Sava Exploits Pack/manty/zimbie.class
Sava Exploits Pack/mario.advert.hujoplo.class
Sava Exploits Pack/mario.advert.lea6.class
Sava Exploits Pack/mario.advert.market_patch.class
Sava Exploits Pack/mario.jar
.jar
Sava Exploits Pack/mario.search.kiipol.class
Sava Exploits Pack/mario.search.market.class
Sava Exploits Pack/mario.search.parser.class
Sava Exploits Pack/mario.search.searchers.class
Sava Exploits Pack/mario/META-INF/MANIFEST.MF
Sava Exploits Pack/mario/advert/adds.class
Sava Exploits Pack/mario/advert/hujoplo.class
Sava Exploits Pack/mario/advert/lea6.class
Sava Exploits Pack/mario/advert/market_patch.class
Sava Exploits Pack/mario/index.html
.html
Sava Exploits Pack/mario/search/kiipol.class
Sava Exploits Pack/mario/search/market.class
Sava Exploits Pack/mario/search/parser.class
Sava Exploits Pack/mario/search/searchers.class
Sava Exploits Pack/metasploit.dat
Sava Exploits Pack/metasploit/Payload.class
Sava Exploits Pack/metasploit/index.html
.html
Sava Exploits Pack/midi20100842.rmf
Sava Exploits Pack/mndrtdsf.jar
.jar
Sava Exploits Pack/mndrtdsf/META-INF/MANIFEST.MF
Sava Exploits Pack/mndrtdsf/favort/Test.class
Sava Exploits Pack/mndrtdsf/favort/gijupo.class
Sava Exploits Pack/mndrtdsf/favort/jora.class
Sava Exploits Pack/mndrtdsf/favort/kilop.class
Sava Exploits Pack/mndrtdsf/favort/maria.class
Sava Exploits Pack/mndrtdsf/favort/siurele.class
Sava Exploits Pack/mndrtdsf/index.html
.html
Sava Exploits Pack/mycertificate.cer
Sava Exploits Pack/nem2378pdf
.pdf
Sava Exploits Pack/npdf.php
Sava Exploits Pack/nprhapengine.dll
.dll windows:5 windows x86 arch:x86

4abb28630ef82b4af141d59bce8f1416

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\apache\qoclick.com\www\articles\archive\Project_4\FF4\Debug\FF4.pdb

Imports

mfc100ud

ord1434
ord1018
ord1447
ord337
ord2300
ord2220
ord2316
ord2481
ord2273
ord2324
ord2204
ord1441
ord442
ord7920
ord9064
ord4050
ord2429
ord2301
ord15724
ord2357
ord2470
ord2440
ord2442
ord336
ord2482
ord1017
ord1428
ord991
ord2479
ord1451
ord1442

msvcr100d

memset
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
?terminate@@YAXXZ
__CppXcptFilter
_amsg_exit
_vsnprintf_s
wcscpy
_initterm_e
_initterm
_CrtSetCheckCount
strcpy
_encoded_null
_free_dbg
_malloc_dbg
_onexit
_lock
__dllonexit
_unlock
_CRT_RTC_INITW
__CxxFrameHandler3
??_V@YAXPAX@Z
wprintf
_crt_debugger_hook
wcslen
memmove_s
_wcsicmp
memcmp
_recalloc
calloc
strcpy_s
wcsncpy_s
wcscpy_s
_snwprintf_s
_vsnwprintf_s
_snprintf_s
_errno
_CxxThrowException
_CrtDbgReportW
_CrtDbgReport
free

kernel32

SetUnhandledExceptionFilter
SetEvent
OpenEventA
OutputDebugStringA
OutputDebugStringW
GetLastError
VirtualAlloc
UnmapViewOfFile
GetSystemInfo
MapViewOfFile
CreateFileMappingA
GetCurrentThread
OpenFileMappingA
InterlockedIncrement
InterlockedDecrement
FreeLibrary
VirtualQuery
GetModuleFileNameW
GetProcessHeap
HeapAlloc
HeapFree
UnhandledExceptionFilter
GetCommandLineW
GetModuleHandleW
LocalFree
LocalAlloc
EncodePointer
DecodePointer
InterlockedExchange
Sleep
InterlockedCompareExchange
WideCharToMultiByte
IsDebuggerPresent
MultiByteToWideChar
RaiseException
lstrlenA
GetProcAddress
LoadLibraryW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
CloseHandle

oleaut32

SysFreeString

user32

MessageBoxA

advapi32

RevertToSelf
SetThreadToken
OpenThreadToken

Exports

Exports

??4CFF4@@QAEAAV0@ABV0@@Z

Sections

.textbss
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sava Exploits Pack/old_pdf.php
Sava Exploits Pack/olig/arel.class
Sava Exploits Pack/olig/arena.class
Sava Exploits Pack/olig/arep.class
Sava Exploits Pack/olig/aret.class
Sava Exploits Pack/olig/index.html
.html
Sava Exploits Pack/pdf.php
Sava Exploits Pack/play_button.png
.png
Sava Exploits Pack/play_button_on.png
.png
Sava Exploits Pack/player.png
.png
Sava Exploits Pack/progressbar.gif
.gif
Sava Exploits Pack/progressbar_green.gif
.gif
Sava Exploits Pack/read1.php
Sava Exploits Pack/rmanty.ova.class
Sava Exploits Pack/robots.txt
Sava Exploits Pack/search.market.class
Sava Exploits Pack/search.parser.class
Sava Exploits Pack/search/index.html
.html
Sava Exploits Pack/search/kiipol.class
Sava Exploits Pack/search/market.class
Sava Exploits Pack/search/parser.class
Sava Exploits Pack/search/searchers.class
Sava Exploits Pack/shellcode.php
Sava Exploits Pack/signedapplet.jar
.jar
Sava Exploits Pack/signedapplet/META-INF/FIZZIXPU.RSA
Sava Exploits Pack/signedapplet/META-INF/FIZZIXPU.SF
Sava Exploits Pack/signedapplet/META-INF/MANIFEST.MF
Sava Exploits Pack/signedapplet/Main$1.class
Sava Exploits Pack/signedapplet/Main.class
Sava Exploits Pack/signedapplet/index.html
.html
Sava Exploits Pack/spacer.gif
.gif
Sava Exploits Pack/stat.php
Sava Exploits Pack/tr.php
Sava Exploits Pack/truebug_php52ts.dll
.dll windows:5 windows x86 arch:x86

0246839a5cec291d31077f4cf816cbf4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

php5ts

_safe_emalloc
zend_get_executed_filename
zend_execute
php_info_print_table_end
zend_compile_file
zend_llist_count
_zend_hash_add_or_update
php_info_print_table_start
_efree
zend_compile_string
zend_startup_module
zend_hash_del_key_or_index
executor_globals_id
_emalloc
zend_function_dtor
zend_destroy_file_handle
zend_get_extension
zend_error
zend_llist_prepend_element
compile_string
ts_resource_ex
zend_extensions
zend_hash_find
php_info_print_table_row
compile_file
_erealloc
_estrndup
destroy_op_array
zend_timeout

kernel32

GetStartupInfoA
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetProcessHeap
SetEndOfFile
SetFilePointer
GetLocaleInfoA
HeapSize
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetLastError
HeapFree
HeapAlloc
GetModuleHandleW
Sleep
GetProcAddress
ExitProcess
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
HeapDestroy
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
WriteFile
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
RtlUnwind
CloseHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
LoadLibraryA
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
MultiByteToWideChar
ReadFile
CreateFileA
SetStdHandle

Exports

Exports

extension_version_info
get_module
zend_extension_entry

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sava Exploits Pack/update3.gif
.gif
Sava Exploits Pack/util.php
Sava Exploits Pack/video.jpg
.jpg
Sava Exploits Pack/visitor.php
Sava Exploits Pack/vlc.webm
Sava Exploits Pack/vuln.Exploit.class
Sava Exploits Pack/vuln/Exploit$1.class
Sava Exploits Pack/vuln/Exploit.class
Sava Exploits Pack/vuln/Link.class
Sava Exploits Pack/vuln/index.html
.html
Sava Exploits Pack/winamp_js_lib.js
.js
Sava Exploits Pack/x.x
.js

Sharing

General

Malware Config

Signatures

Files

Password: infected

94d0297a571a7736a2354665a72fbd8c

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0aCertificate

Extended Key Usages

Key Usages

71:fb:ef:ca:7e:b7:0a:3e:3c:51:15:8a:1f:f3:8a:f4Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

user32

gdi32

shell32

ole32

oleaut32

kernel32

comctl32

olepro32

urlmon

wininet

winspool.drv

comdlg32

advapi32

Exports

Exports

Sections

.text Size: 172KB - Virtual size: 169KB

.rdata Size: 48KB - Virtual size: 47KB

.data Size: 12KB - Virtual size: 24KB

.rsrc Size: 8KB - Virtual size: 4KB

.reloc Size: 28KB - Virtual size: 25KB

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 172KB

UPX1 Size: 73KB - Virtual size: 76KB

.rsrc Size: 5KB - Virtual size: 8KB

Headers

File Characteristics

Sections

.text Size: 160KB - Virtual size: 156KB

.rdata Size: 32KB - Virtual size: 31KB

.data Size: 8KB - Virtual size: 15KB

.rsrc Size: 8KB - Virtual size: 6KB

.reloc Size: 16KB - Virtual size: 15KB

4abb28630ef82b4af141d59bce8f1416

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc100ud

msvcr100d

kernel32

oleaut32

user32

advapi32

Exports

Exports

Sections

.textbss Size: - Virtual size: 64KB

.text Size: 52KB - Virtual size: 51KB

.rdata Size: 14KB - Virtual size: 13KB

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

71:fb:ef:ca:7e:b7:0a:3e:3c:51:15:8a:1f:f3:8a:f4
Certificate

.text
Size: 172KB - Virtual size: 169KB

.rdata
Size: 48KB - Virtual size: 47KB

.data
Size: 12KB - Virtual size: 24KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 28KB - Virtual size: 25KB

UPX0
Size: - Virtual size: 172KB

UPX1
Size: 73KB - Virtual size: 76KB

.rsrc
Size: 5KB - Virtual size: 8KB

.text
Size: 160KB - Virtual size: 156KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 8KB - Virtual size: 15KB

.rsrc
Size: 8KB - Virtual size: 6KB

.reloc
Size: 16KB - Virtual size: 15KB

.textbss
Size: - Virtual size: 64KB

.text
Size: 52KB - Virtual size: 51KB

.rdata
Size: 14KB - Virtual size: 13KB

.data
Size: 1024B - Virtual size: 2KB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 512B - Virtual size: 38B

.rdata
Size: 512B - Virtual size: 146B

.data
Size: 512B - Virtual size: 22B

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10
Certificate

fc:a4:a5:9f:2c:0f:c0:b9:03:98:33:1b:7b:54:54:1d
Certificate

55:0d:88:f5:3f:64:16:d7:0c:73:00:d8:45:92:16:34
Certificate

.text
Size: 348KB - Virtual size: 344KB

.rdata
Size: 28KB - Virtual size: 25KB

.data
Size: 16KB - Virtual size: 23KB

.rsrc
Size: 88KB - Virtual size: 85KB

.reloc
Size: 24KB - Virtual size: 21KB

.text
Size: 512B - Virtual size: 38B

.rdata
Size: 512B - Virtual size: 146B

.data
Size: 512B - Virtual size: 22B

MEW
Size: - Virtual size: 136KB

�uۊ��
Size: 51KB - Virtual size: 108KB