RobloxPlayerLauncher[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

RobloxPlayerLauncher.exe
Size

1.6MB
MD5

df0f766b4dae0ca17bb6cb6cf77f8337
SHA1

9573dfebed6b87916ca57615b6078a592ea6a4f6
SHA256

e10bfb5b2153945db2cc8e66816c226dd89dfc6e90d997c32db28f7e442f538c
SHA512

731ccb3cde870c062bf24ec859fb4336981c6502ee3045aebf581bf024ae4787eaac18ff6fd3b5a4008ad31e6e64c6bfb9954c59c5ceb49e2070d18d0078e363
SSDEEP

49152:13C9KLzU5dZ8jj3gv/tfTFKI+3CUJtRwTaa0kpG2TA8MePMQodA8/TN8pPK7/:NC9GDv3C4I+3CUJn8po

Score

1^/10

Malware Config

Signatures

Files

RobloxPlayerLauncher.exe
.exe windows x86

aa9fa5d09b7312d758964b4e5b7f840b

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:47:e5:a2:c3:22:71:bd:9e:93:5f:b8:6f:31:49:93
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

15/01/2021, 00:00

Not After

18/01/2023, 23:59

Subject

SERIALNUMBER=3780902,CN=Roblox Corporation,O=Roblox Corporation,L=San Mateo,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

43:9a:88:ee:16:09:a7:5c:46:76:6e:80:af:bc:a5:c2:68:a0:3d:73
Signer

Actual PE Digest

43:9a:88:ee:16:09:a7:5c:46:76:6e:80:af:bc:a5:c2:68:a0:3d:73

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=3780902,CN=Roblox Corporation,O=Roblox Corporation,L=San Mateo,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

12/10/2021, 20:39
Valid: true

Chain 1

SERIALNUMBER=3780902,CN=Roblox Corporation,O=Roblox Corporation,L=San Mateo,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

powrprof

CallNtPowerInformation

winhttp

WinHttpSendRequest
WinHttpSetOption
WinHttpSetTimeouts
WinHttpOpenRequest
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpAddRequestHeaders
WinHttpReadData
WinHttpConnect
WinHttpCloseHandle
WinHttpOpen
WinHttpCrackUrl
WinHttpWriteData

kernel32

VerifyVersionInfoW
GetSystemTimeAsFileTime
GetStdHandle
FindClose
FindFirstFileW
FindNextFileW
GetDiskFreeSpaceExW
RemoveDirectoryW
SetFileAttributesW
Sleep
GetCurrentProcess
TerminateProcess
GetExitCodeProcess
GetCurrentThread
CreateProcessW
OpenProcess
GetSystemTime
GetLocalTime
GetTickCount
GetVersionExW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
FreeLibrary
GetModuleFileNameW
LoadLibraryW
lstrlenW
BeginUpdateResourceW
UpdateResourceA
EndUpdateResourceW
CopyFileW
SystemTimeToFileTime
GetGeoInfoW
GetUserGeoID
GetUserDefaultLCID
FreeConsole
AttachConsole
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
CreateSemaphoreA
WaitForSingleObjectEx
ReleaseSemaphore
DuplicateHandle
GetModuleHandleA
K32EnumProcesses
K32GetProcessImageFileNameW
GetCommandLineW
GetShortPathNameW
SetLastError
CreateSemaphoreW
IsDebuggerPresent
GetCurrentProcessId
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
IsWow64Process
QueryPerformanceCounter
QueryPerformanceFrequency
FileTimeToSystemTime
FlushFileBuffers
GetFileSizeEx
SetFileTime
lstrcpyW
MoveFileW
OpenEventA
LoadLibraryA
GetFileTime
FormatMessageA
GetSystemInfo
WaitForMultipleObjectsEx
SetWaitableTimer
ResumeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetLogicalProcessorInformation
CreateWaitableTimerA
GetFileType
SetUnhandledExceptionFilter
HeapSize
FormatMessageW
GetExitCodeThread
GetVersion
SetProcessShutdownParameters
SetConsoleCtrlHandler
LockFileEx
SetEndOfFile
UnlockFileEx
GetProcessTimes
SuspendThread
GetProcessId
GetThreadContext
IsProcessorFeaturePresent
GetTimeZoneInformation
GetThreadLocale
GetSystemDefaultLCID
InitializeCriticalSection
VirtualQueryEx
ReadProcessMemory
SetNamedPipeHandleState
TransactNamedPipe
CreateNamedPipeW
WaitNamedPipeW
ConnectNamedPipe
DisconnectNamedPipe
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
UnregisterWaitEx
RegisterWaitForSingleObject
SetFilePointerEx
FindFirstFileExW
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
InitOnceExecuteOnce
HeapFree
ExitProcess
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileInformationByHandle
GetDriveTypeW
GetModuleHandleExW
ExitThread
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
GetCommandLineA
RtlUnwind
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
VirtualFree
VirtualProtect
VirtualAlloc
LoadLibraryExW
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
SetThreadAffinityMask
HeapReAlloc
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
CreateTimerQueue
InitializeSListHead
GetStartupInfoW
UnhandledExceptionFilter
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
SwitchToThread
EncodePointer
LocalFree
InitializeCriticalSectionEx
GetTempPathW
WriteFile
ReadFile
GetFileSize
VerSetConditionMask
GetCurrentThreadId
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
GetFileAttributesW
CreateFileW
CreateDirectoryW
DeleteCriticalSection
FindResourceA
CreateThread
GetProcessHeap
HeapAlloc
HeapDestroy
RaiseException
DecodePointer
MulDiv
CreateEventA
WideCharToMultiByte
MultiByteToWideChar
lstrcmpW
GetProcAddress
GetModuleHandleW
OpenEventW
CreateEventW
CreateMutexW
WaitForSingleObject
ReleaseMutex
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
GetLastError
CloseHandle
DeleteFileW
IsValidLocale
EnumSystemLocalesW
SetStdHandle
GetCurrentDirectoryW
GetFullPathNameW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
WriteConsoleW
SleepEx

user32

GetSystemMetrics
KillTimer
ReleaseDC
BeginPaint
GetDlgCtrlID
GetDlgItem
DrawTextW
SetTimer
EnableWindow
EndPaint
FillRect
LoadIconW
LoadBitmapW
PostMessageW
IsWindowVisible
SetForegroundWindow
GetWindowTextW
CharUpperW
CharNextW
AllowSetForegroundWindow
MessageBoxExW
SendMessageW
DefWindowProcW
CallWindowProcW
CreateWindowExW
ShowWindow
GetDC
InvalidateRect
GetWindowRect
MessageBoxW
GetWindowLongW
SetWindowLongW
MessageBoxA
RegisterClassW
GetParent
UnregisterClassW
GetMessageW
TranslateMessage
PostQuitMessage
DispatchMessageW
PostThreadMessageW
LoadAcceleratorsW
TranslateAcceleratorW
GetWindowThreadProcessId
SetWindowTextW
EnumWindows
DestroyWindow

gdi32

SetDCPenColor
SetDCBrushColor
SelectObject
RoundRect
SetBkMode
GetStockObject
CreatePen
GetDeviceCaps
DeleteObject
CreateSolidBrush
CreateFontW
SetTextColor
Rectangle

shell32

ShellExecuteW
SHGetFolderPathAndSubDirW
CommandLineToArgvW
Shell_NotifyIconA
ShellExecuteExW
ord165

ole32

CoCreateGuid
StringFromGUID2
CoUninitialize
CoInitialize
CreateStreamOnHGlobal
CoCreateInstance

advapi32

CryptReleaseContext
RegQueryValueExA
RegQueryInfoKeyW
RegOpenKeyExA
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteKeyExW
RegDeleteKeyW
GetUserNameW
OpenProcessToken
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
RegCloseKey
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
BuildSecurityDescriptorW
BuildExplicitAccessWithNameW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ImpersonateNamedPipeClient
RevertToSelf
SystemFunction036
GetTokenInformation
CryptAcquireContextW

shlwapi

PathAddBackslashW
SHDeleteKeyW
StrCmpNW
StrStrW
StrCmpW
PathFileExistsW
PathRemoveExtensionW
SHCopyKeyW
PathAppendW
PathRemoveFileSpecW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

sensapi

IsNetworkAlive

wininet

HttpSendRequestExW
HttpEndRequestW
HttpQueryInfoA
HttpAddRequestHeadersW
InternetOpenW
InternetCloseHandle
InternetConnectW
InternetReadFile
InternetWriteFile
InternetQueryDataAvailable
HttpQueryInfoW
InternetQueryOptionW
InternetSetOptionW
HttpOpenRequestW
HttpAddRequestHeadersA
HttpSendRequestW

ws2_32

freeaddrinfo
inet_ntop
getaddrinfo

comctl32

ord345
InitCommonControlsEx
_TrackMouseEvent

gdiplus

GdipAlloc
GdipFree
GdiplusStartup
GdiplusShutdown
GdipDisposeImage
GdipCreateBitmapFromStream
GdipCreateHBITMAPFromBitmap
GdipCloneImage

winmm

timeSetEvent
timeGetDevCaps
timeBeginPeriod
timeGetTime

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 298KB - Virtual size: 298KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 432KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CPADinfo
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 119KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aa9fa5d09b7312d758964b4e5b7f840b

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

02:47:e5:a2:c3:22:71:bd:9e:93:5f:b8:6f:31:49:93Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

43:9a:88:ee:16:09:a7:5c:46:76:6e:80:af:bc:a5:c2:68:a0:3d:73Signer

Signature Validations

Verification

12/10/2021, 20:39 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

powrprof

winhttp

kernel32

user32

gdi32

shell32

ole32

advapi32

shlwapi

version

sensapi

wininet

ws2_32

comctl32

gdiplus

winmm

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 298KB - Virtual size: 298KB

.data Size: 24KB - Virtual size: 432KB

CPADinfo Size: 512B - Virtual size: 40B

.rsrc Size: 119KB - Virtual size: 118KB

.reloc Size: 55KB - Virtual size: 55KB

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

02:47:e5:a2:c3:22:71:bd:9e:93:5f:b8:6f:31:49:93
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

43:9a:88:ee:16:09:a7:5c:46:76:6e:80:af:bc:a5:c2:68:a0:3d:73
Signer

12/10/2021, 20:39
Valid: true

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 298KB - Virtual size: 298KB

.data
Size: 24KB - Virtual size: 432KB

CPADinfo
Size: 512B - Virtual size: 40B

.rsrc
Size: 119KB - Virtual size: 118KB

.reloc
Size: 55KB - Virtual size: 55KB