version-ddd9de6fd55e4df2-Roblox[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

version-ddd9de6fd55e4df2-Roblox.exe
Size

387KB
MD5

d4afaf5dad6869771a263e05f52066e0
SHA1

ff9bb7af8d7846b33023635bdde9b1b476ce9306
SHA256

67cb43ef2d9dbe62447edd8da8e1abc11a06aa0ea8008b22c536490524c25c8b
SHA512

32050f77ada650cfce92fd5ab0dee3cfd4f9e5348aed7c6eece163cc30b68f398b9e7f3d9100dac96d3386dc59a3bff2d23010be221b548a16d38d938ccee0d1
SSDEEP

6144:y06VDlJUKTVHEZ5M1iDGUGkhR0G6ZWTBjFOrx/Xu0:y06V3UKTVkZ5MiDrGC0XZWTZFYu0

Score

1^/10

Malware Config

Signatures

Files

version-ddd9de6fd55e4df2-Roblox.exe
.exe windows x86

00dc35f1ff62fe70ecc32d8ebe85fd16

Code Sign

5c:4d:e3:8a:33:c8:a8:c6:f2:4f:2c:9c:46:db:88:c8
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

28/07/2010, 00:00

Not After

10/09/2011, 23:59

Subject

CN=ROBLOX Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ROBLOX Corporation,L=Menlo Park,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

84:10:4c:ec:dc:7a:5d:b7:ee:7f:ca:3c:f7:c0:63:cb:75:b9:2e:e9
Signer

Actual PE Digest

84:10:4c:ec:dc:7a:5d:b7:ee:7f:ca:3c:f7:c0:63:cb:75:b9:2e:e9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrCmpW
PathAddBackslashA
PathFileExistsA
SHDeleteKeyA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

ws2_32

WSAGetLastError
getaddrinfo
WSACleanup
freeaddrinfo
connect
WSAStartup
WSASetLastError
closesocket
WSARecv
setsockopt
WSASocketA
WSASend

sensapi

IsNetworkAlive

userenv

UnloadUserProfile

msi

ord141
ord204
ord15

wininet

InternetConnectA
InternetQueryDataAvailable
HttpAddRequestHeadersA
HttpSendRequestA
InternetReadFile
HttpOpenRequestA
HttpQueryInfoA
InternetCloseHandle
InternetOpenA
HttpEndRequestA
InternetWriteFile
HttpSendRequestExA

psapi

GetProcessImageFileNameA
EnumProcesses

comctl32

InitCommonControlsEx

kernel32

GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileW
SetEndOfFile
LoadLibraryW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CloseHandle
GetLastError
CreateEventA
ResetEvent
SetEvent
CreateMutexA
ReleaseMutex
CreateSemaphoreA
ReleaseSemaphore
WaitForSingleObject
FormatMessageA
HeapAlloc
GetProcessHeap
HeapFree
Sleep
InterlockedIncrement
InterlockedDecrement
CreateIoCompletionPort
InterlockedExchange
InterlockedExchangeAdd
GetQueuedCompletionStatus
PostQueuedCompletionStatus
GetCurrentThreadId
InterlockedCompareExchange
lstrlenA
WideCharToMultiByte
GetCurrentProcess
MultiByteToWideChar
GetCurrentThread
GetModuleFileNameA
DuplicateHandle
LocalFree
GetTempPathA
GetShortPathNameW
CreateProcessA
RaiseException
GetVersionExA
GetTickCount
GetModuleHandleW
GetProcAddress
DeleteFileA
CreateFileA
CreateFileMappingA
UnmapViewOfFile
GetFileSizeEx
LoadLibraryA
FreeLibrary
GetLongPathNameW
GetLocalTime
GetModuleFileNameW
CreateDirectoryA
VerSetConditionMask
VerifyVersionInfoA
GetDiskFreeSpaceExA
FindFirstFileA
FindClose
SetFileAttributesA
FindNextFileA
RemoveDirectoryA
GetModuleHandleA
MapViewOfFile
GetSystemTimeAsFileTime
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
TlsAlloc
TlsFree
TlsGetValue
SetWaitableTimer
SystemTimeToFileTime
TlsSetValue
WaitForMultipleObjects
GetCurrentProcessId
CreateWaitableTimerA
ResumeThread
lstrcpyA
lstrcatA
WriteFile
GetFileAttributesA
GetFileTime
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
OpenProcess
GetExitCodeProcess
TerminateProcess
GetUserDefaultLCID
HeapDestroy
HeapReAlloc
HeapSize
GetCommandLineA
GetStartupInfoA
ExitProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
CreateThread
RtlUnwind
LCMapStringA
LCMapStringW
GetCPInfo
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
SetLastError
HeapCreate
VirtualFree
QueryPerformanceCounter
GetACP
GetOEMCP
IsValidCodePage
VirtualAlloc
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
SetFilePointer
ReadFile
FlushFileBuffers

user32

IsWindowVisible
SetForegroundWindow
PostMessageA
GetWindowTextA
EnumWindows
SendMessageA
ShowWindow
GetDlgItem
SetWindowTextA
EndDialog
GetWindowLongA
SetWindowLongA
GetWindowThreadProcessId
CreateDialogParamA
DestroyWindow
EnableWindow
PostThreadMessageA
LoadAcceleratorsA
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
MessageBoxA
CharUpperA
LoadIconA
AllowSetForegroundWindow
CharNextA

advapi32

IsValidSid
GetLengthSid
CopySid
OpenProcessToken
OpenThreadToken
RegOpenKeyExA
RegSetValueExW
RegCloseKey
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
CheckTokenMembership
GetTokenInformation
CryptGetHashParam
CryptHashData
CryptDestroyHash
CryptReleaseContext
CryptCreateHash
CryptAcquireContextA
RegDeleteKeyA
RegCreateKeyExA
GetUserNameW
RegSetValueExA
RegQueryValueExA
DuplicateToken

shell32

SHGetFolderPathAndSubDirW
ShellExecuteExA

ole32

CoCreateInstance
CoInitialize
OleRun
CoTaskMemFree
CoUninitialize
StringFromGUID2
CoCreateGuid

oleaut32

SysFreeString
RegisterTypeLi
SysAllocStringLen
SafeArrayDestroy
GetErrorInfo
VariantClear
SysAllocString

Sections

.text
Size: 253KB - Virtual size: 253KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

00dc35f1ff62fe70ecc32d8ebe85fd16

Code Sign

5c:4d:e3:8a:33:c8:a8:c6:f2:4f:2c:9c:46:db:88:c8Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

84:10:4c:ec:dc:7a:5d:b7:ee:7f:ca:3c:f7:c0:63:cb:75:b9:2e:e9Signer

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

version

ws2_32

sensapi

userenv

msi

wininet

psapi

comctl32

kernel32

user32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 253KB - Virtual size: 253KB

.rdata Size: 77KB - Virtual size: 77KB

.data Size: 12KB - Virtual size: 19KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 19KB - Virtual size: 18KB

.reloc Size: 21KB - Virtual size: 20KB

5c:4d:e3:8a:33:c8:a8:c6:f2:4f:2c:9c:46:db:88:c8
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

84:10:4c:ec:dc:7a:5d:b7:ee:7f:ca:3c:f7:c0:63:cb:75:b9:2e:e9
Signer

.text
Size: 253KB - Virtual size: 253KB

.rdata
Size: 77KB - Virtual size: 77KB

.data
Size: 12KB - Virtual size: 19KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 19KB - Virtual size: 18KB

.reloc
Size: 21KB - Virtual size: 20KB