working reblex for xp[.]zip

Resubmissions

31/12/2024, 04:33

241231-e6z8ssvker 8

29/06/2023, 03:46

230629-eb6gbsbh66 8

29/06/2023, 03:41

230629-d81fxacg6y 8

Sharing

Copy URL Twitter E-mail

General

Target

working reblex for xp.zip
Size

814KB
MD5

76807be1ec3e3dacf2ab970e4048602a
SHA1

3d9eb211fcc26fce46374493aa3ee333721c3b68
SHA256

a836d7eff1ef2160094d1d21b1980f4fa0a24ebdeff93a11986c984c0bd791e6
SHA512

b41c23e5f63fb54f7163a6ac16f4e39e32630343bb94f28b6f737b9a7ab03bbc4b19553764ae2e45f7dc6f3b1a9361a964a261357cc499d90e0ab2b915d9602e
SSDEEP

12288:zlD7iCyFkOQnLQLu7nxVbM+/mBEJGA0E+S3kBWOviS4QYXud1DIEQusTAIn6:zhiCyxCV44Qs+mkBWU4QYXuT6uzF

Score

1^/10

Malware Config

Signatures

Files

working reblex for xp.zip
.zip
working reblex for xp/RobloxPlayerLauncher.exe
.exe windows x86

aea93b4034e5b9ba2843145e016c01c4

Code Sign

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

09/06/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:d2:14:54:b9:65:47:3d:98:52:3a:1f:48:c9:2f:49
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

15/01/2021, 00:00

Not After

18/01/2023, 23:59

Subject

SERIALNUMBER=3780902,CN=Roblox Corporation,O=Roblox Corporation,L=San Mateo,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

54:0c:4f:06:b0:c5:79:7a:79:c7:98:c9:c0:38:81:e7:fa:34:39:b2
Signer

Actual PE Digest

54:0c:4f:06:b0:c5:79:7a:79:c7:98:c9:c0:38:81:e7:fa:34:39:b2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

powrprof

CallNtPowerInformation

winhttp

WinHttpSetOption
WinHttpSetTimeouts
WinHttpReadData
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpConnect
WinHttpCloseHandle
WinHttpOpen
WinHttpWriteData
WinHttpOpenRequest
WinHttpCrackUrl

kernel32

MoveFileW
VerifyVersionInfoW
GetSystemTimeAsFileTime
GetStdHandle
FindClose
FindFirstFileW
FindNextFileW
GetDiskFreeSpaceExW
RemoveDirectoryW
SetFileAttributesW
Sleep
GetCurrentProcess
TerminateProcess
GetExitCodeProcess
CreateProcessW
OpenProcess
GetSystemTime
GetLocalTime
GetTickCount
GetVersionExW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
FreeLibrary
GetModuleFileNameW
LoadLibraryW
lstrlenW
BeginUpdateResourceW
UpdateResourceA
EndUpdateResourceW
SystemTimeToFileTime
GetGeoInfoW
GetUserGeoID
GetUserDefaultLCID
FreeConsole
AttachConsole
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
CreateEventA
K32EnumProcesses
K32GetProcessImageFileNameW
GetCommandLineW
GetShortPathNameW
SetLastError
ReleaseSemaphore
CreateSemaphoreW
IsDebuggerPresent
GetCurrentProcessId
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
IsWow64Process
QueryPerformanceCounter
QueryPerformanceFrequency
FileTimeToSystemTime
DebugBreak
GetModuleFileNameA
GetModuleHandleExW
FlushFileBuffers
GetFileSizeEx
SetFileTime
lstrcpyW
OpenEventA
WaitForSingleObjectEx
LoadLibraryA
OutputDebugStringW
GetFileTime
FormatMessageA
GetSystemInfo
WaitForMultipleObjectsEx
GetModuleHandleA
SetWaitableTimer
ResumeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateWaitableTimerA
GetFileType
SetUnhandledExceptionFilter
SleepEx
CreateThread
GetExitCodeThread
GetVersion
SetProcessShutdownParameters
SetConsoleCtrlHandler
LockFileEx
SetEndOfFile
UnlockFileEx
GetProcessTimes
SuspendThread
GetProcessId
GetThreadContext
IsProcessorFeaturePresent
GetTimeZoneInformation
GetThreadLocale
GetSystemDefaultLCID
InitializeCriticalSection
DuplicateHandle
VirtualQueryEx
ReadProcessMemory
SetNamedPipeHandleState
TransactNamedPipe
CreateNamedPipeW
WaitNamedPipeW
ConnectNamedPipe
DisconnectNamedPipe
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
UnregisterWaitEx
RegisterWaitForSingleObject
SetFilePointerEx
FindFirstFileExW
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
InitOnceExecuteOnce
CopyFileW
CompareStringW
ExitProcess
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileInformationByHandle
GetDriveTypeW
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
GetCommandLineA
FreeLibraryAndExitThread
ExitThread
LoadLibraryExW
RtlUnwind
GetCPInfo
GetStringTypeW
FindResourceA
LCMapStringEx
EncodePointer
SleepConditionVariableSRW
SleepConditionVariableCS
FormatMessageW
LocalFree
LocalAlloc
InitializeCriticalSectionEx
GetTempPathW
WriteFile
ReadFile
GetFileSize
VerSetConditionMask
GetCurrentThreadId
FindResourceW
SizeofResource
LockResource
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
InitOnceComplete
InitOnceBeginInitialize
InitializeSListHead
GetStartupInfoW
UnhandledExceptionFilter
LoadResource
FindResourceExW
GetFileAttributesW
CreateFileW
CreateDirectoryW
MulDiv
WideCharToMultiByte
MultiByteToWideChar
lstrcmpW
GetProcAddress
GetModuleHandleW
OpenEventW
CreateEventW
CreateMutexW
WaitForSingleObject
ReleaseMutex
ResetEvent
SetEvent
CloseHandle
DeleteFileW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
RaiseException
DecodePointer
LCMapStringW
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesW
SetStdHandle
GetCurrentDirectoryW
GetFullPathNameW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
WriteConsoleW

user32

GetDC
InvalidateRect
GetWindowRect
MessageBoxW
GetWindowLongW
SetWindowLongW
GetParent
GetMessageW
TranslateMessage
DispatchMessageW
PostThreadMessageW
LoadAcceleratorsW
CreateWindowExW
SetWindowTextW
EnumWindows
GetWindowThreadProcessId
MessageBoxA
PostQuitMessage
RegisterClassW
DestroyWindow
GetDlgItem
GetDlgCtrlID
SetTimer
CallWindowProcW
DefWindowProcW
SendMessageW
KillTimer
EnableWindow
GetSystemMetrics
ReleaseDC
BeginPaint
EndPaint
FillRect
LoadIconW
LoadBitmapW
PostMessageW
IsWindowVisible
SetForegroundWindow
GetWindowTextW
MessageBoxExW
AllowSetForegroundWindow
CharNextW
CharUpperW
UnregisterClassW
ShowWindow
DrawTextW
TranslateAcceleratorW

gdi32

SetBkMode
SetDCPenColor
SetDCBrushColor
SelectObject
SetTextColor
Rectangle
RoundRect
GetStockObject
CreatePen
GetDeviceCaps
DeleteObject
CreateSolidBrush
CreateFontW

shell32

CommandLineToArgvW
ShellExecuteExW
Shell_NotifyIconA
SHGetFolderPathAndSubDirW
ord165
ShellExecuteW

ole32

CoInitialize
CoUninitialize
StringFromGUID2
CoCreateGuid
CreateStreamOnHGlobal
CoCreateInstance

advapi32

SystemFunction036
RevertToSelf
ImpersonateNamedPipeClient
ConvertStringSecurityDescriptorToSecurityDescriptorW
BuildExplicitAccessWithNameW
BuildSecurityDescriptorW
RegDeleteTreeW
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
RegGetValueW
GetTokenInformation
RegQueryValueExA
RegQueryInfoKeyW
RegOpenKeyExA
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteKeyExW
RegDeleteKeyW
GetUserNameW
RegDeleteValueW
OpenProcessToken
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shlwapi

PathRemoveFileSpecW
PathAppendW
SHCopyKeyW
PathRemoveExtensionW
PathFileExistsW
PathAddBackslashW
SHDeleteKeyW
StrCmpW
StrCmpNW
StrStrW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

sensapi

IsNetworkAlive

wininet

InternetOpenW
InternetCloseHandle
InternetConnectW
InternetReadFile
InternetWriteFile
InternetQueryDataAvailable
HttpQueryInfoW
HttpQueryInfoA
HttpEndRequestW
HttpSendRequestExW
HttpSendRequestW
HttpAddRequestHeadersW
HttpAddRequestHeadersA
HttpOpenRequestW
InternetQueryOptionW
InternetSetOptionW

ws2_32

inet_ntop
freeaddrinfo
getaddrinfo

comctl32

ord345
InitCommonControlsEx
_TrackMouseEvent

gdiplus

GdipCreateBitmapFromStream
GdipCreateHBITMAPFromBitmap
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdiplusShutdown
GdipAlloc

winmm

timeGetDevCaps
timeSetEvent
timeGetTime
timeBeginPeriod

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 289KB - Virtual size: 288KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 430KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CPADinfo
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 119KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

aea93b4034e5b9ba2843145e016c01c4

Code Sign

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0Certificate

Extended Key Usages

Key Usages

0d:d2:14:54:b9:65:47:3d:98:52:3a:1f:48:c9:2f:49Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

54:0c:4f:06:b0:c5:79:7a:79:c7:98:c9:c0:38:81:e7:fa:34:39:b2Signer

Headers

DLL Characteristics

File Characteristics

Imports

powrprof

winhttp

kernel32

user32

gdi32

shell32

ole32

advapi32

shlwapi

version

sensapi

wininet

ws2_32

comctl32

gdiplus

winmm

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 289KB - Virtual size: 288KB

.data Size: 22KB - Virtual size: 430KB

CPADinfo Size: 512B - Virtual size: 40B

.rsrc Size: 119KB - Virtual size: 118KB

.reloc Size: 52KB - Virtual size: 51KB

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0
Certificate

0d:d2:14:54:b9:65:47:3d:98:52:3a:1f:48:c9:2f:49
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

54:0c:4f:06:b0:c5:79:7a:79:c7:98:c9:c0:38:81:e7:fa:34:39:b2
Signer

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 289KB - Virtual size: 288KB

.data
Size: 22KB - Virtual size: 430KB

CPADinfo
Size: 512B - Virtual size: 40B

.rsrc
Size: 119KB - Virtual size: 118KB

.reloc
Size: 52KB - Virtual size: 51KB