RobloxStudioLauncherBeta[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

RobloxStudioLauncherBeta.exe
Size

4.8MB
MD5

fdb04b4dd596699ea1b87af827b24f57
SHA1

f2f8c1f94677f283018b155cb610bad2cf92d7f5
SHA256

a6d5cb5d9bea3e2f83867de4aae16eca270e2e50c4a78ff341762d06f4125298
SHA512

05daa8b99e2ad2f3e5c1f0d85786187c7115bee5cf28772c3daa73559b3294a9f9202f3ed1f17afc6c0fad88f3ecbd9a32567c4578dc856397ffb10e11c712a5
SSDEEP

98304:KBvq54FqGwzhex8xkmH6Vgk4ZoNvXo/Bkhor1QNYJbhh/XXy7:AY4FqlzS88gATSQyJ/i

Score

1^/10

Malware Config

Signatures

Files

RobloxStudioLauncherBeta.exe
.exe windows:6 windows x86

94be4eef49b6aa0a1fe31886770899f0

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

02:19:17:fa:ad:69:b1:d7:5b:b4:3c:5e:86:45:30:2f
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

10-11-2022 00:00

Not After

09-11-2023 23:59

Subject

SERIALNUMBER=3780902,CN=Roblox Corporation,O=Roblox Corporation,L=San Mateo,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:19:17:fa:ad:69:b1:d7:5b:b4:3c:5e:86:45:30:2f
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

10-11-2022 00:00

Not After

09-11-2023 23:59

Subject

SERIALNUMBER=3780902,CN=Roblox Corporation,O=Roblox Corporation,L=San Mateo,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

27:5d:fa:2e:49:08:c3:96:33:18:a0:ca:c2:a8:0f:d6:e3:03:83:bc:9e:1b:c3:74:62:04:f1:0a:ac:97:f4:1f
Signer

Actual PE Digest

27:5d:fa:2e:49:08:c3:96:33:18:a0:ca:c2:a8:0f:d6:e3:03:83:bc:9e:1b:c3:74:62:04:f1:0a:ac:97:f4:1f

Digest Algorithm

sha256

PE Digest Matches

true

12:08:b2:28:4d:f1:7c:73:e5:c3:d2:9d:5f:bd:25:44:54:1e:34:61
Signer

Actual PE Digest

12:08:b2:28:4d:f1:7c:73:e5:c3:d2:9d:5f:bd:25:44:54:1e:34:61

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

ord165
SHGetFolderPathAndSubDirW
SHGetKnownFolderPath
ShellExecuteExW
Shell_NotifyIconA
CommandLineToArgvW
ShellExecuteW

iphlpapi

GetAdaptersAddresses

ws2_32

inet_ntop
freeaddrinfo
getaddrinfo
ntohl
socket
bind
closesocket
getsockname
htons
ntohs
recv
select
send
setsockopt
shutdown
WSAStartup
WSACleanup
WSASetLastError
htonl
gethostname
WSAIoctl
WSAGetLastError
getsockopt
getpeername
ioctlsocket
connect
__WSAFDIsSet
getnameinfo

crypt32

CertGetCertificateContextProperty
CertFreeCertificateContext
CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore

powrprof

CallNtPowerInformation

winhttp

WinHttpConnect
WinHttpOpenRequest
WinHttpSendRequest
WinHttpCrackUrl
WinHttpReadData
WinHttpWriteData
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpAddRequestHeaders
WinHttpSetTimeouts
WinHttpSetOption
WinHttpCloseHandle
WinHttpOpen

kernel32

OpenEventW
GetModuleHandleW
GetProcAddress
LoadLibraryW
lstrlenW
SetSearchPathMode
CreateDirectoryW
CreateFileW
GetFileAttributesW
SetLastError
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
MultiByteToWideChar
VerSetConditionMask
DeleteFileW
GetFileSize
ReadFile
GetTempPathW
LocalAlloc
LocalFree
FormatMessageW
CopyFileW
MoveFileW
VerifyVersionInfoW
GetSystemTimeAsFileTime
FindClose
FindFirstFileW
FindNextFileW
GetDiskFreeSpaceExW
RemoveDirectoryW
SetFileAttributesW
DebugBreak
Sleep
GetCurrentProcess
TerminateProcess
GetExitCodeProcess
GetCurrentThreadId
CreateProcessW
OpenProcess
GetSystemTime
GetLocalTime
GetTickCount
GetVersionExW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
FreeLibrary
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleExW
SystemTimeToFileTime
GetGeoInfoW
GetUserGeoID
GetUserDefaultLCID
CreateEventA
K32EnumProcesses
K32GetProcessImageFileNameW
GetCommandLineW
IsDebuggerPresent
OutputDebugStringW
MulDiv
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
FlushFileBuffers
SetFileTime
WriteFile
lstrcpyW
GetShortPathNameW
LoadLibraryA
ReleaseSemaphore
CreateSemaphoreW
WideCharToMultiByte
GetFileTime
CreateSemaphoreA
WaitForSingleObjectEx
DuplicateHandle
GetModuleHandleA
WaitForMultipleObjectsEx
CreateFileA
CreateMutexA
LCMapStringEx
GetCurrentProcessorNumber
GlobalMemoryStatusEx
GetSystemInfo
GetVersionExA
IsWow64Process
K32GetProcessMemoryInfo
OutputDebugStringA
GetCurrentProcessId
QueryPerformanceCounter
QueryPerformanceFrequency
SwitchToThread
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
VirtualAlloc
GetEnvironmentVariableA
SleepEx
FormatMessageA
VerifyVersionInfoA
GetEnvironmentVariableW
GetStdHandle
GetConsoleMode
SetConsoleMode
OpenMutexW
ReadConsoleW
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SwitchToFiber
DeleteFiber
CreateFiber
GetFileType
ConvertFiberToThread
ConvertThreadToFiber
FileTimeToSystemTime
GetNativeSystemInfo
LoadLibraryExW
VirtualQuery
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
SetWaitableTimer
ResumeThread
CreateWaitableTimerA
GetCurrentDirectoryW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
SetEndOfFile
SetFilePointerEx
DeviceIoControl
MoveFileExW
AreFileApisANSI
SetUnhandledExceptionFilter
CreateThread
GetExitCodeThread
GetVersion
SetProcessShutdownParameters
SetConsoleCtrlHandler
LockFileEx
UnlockFileEx
SuspendThread
GetProcessId
GetThreadContext
IsProcessorFeaturePresent
GetTimeZoneInformation
GetThreadLocale
GetSystemDefaultLCID
VirtualQueryEx
ReadProcessMemory
SetNamedPipeHandleState
TransactNamedPipe
CreateNamedPipeW
WaitNamedPipeW
ConnectNamedPipe
DisconnectNamedPipe
CreateIoCompletionPort
WriteConsoleW
PostQueuedCompletionStatus
UnregisterWaitEx
RegisterWaitForSingleObject
GetFileSizeEx
FindFirstFileExW
TryEnterCriticalSection
InitOnceExecuteOnce
InitializeSRWLock
GetStartupInfoW
UnhandledExceptionFilter
InitializeSListHead
CreateMutexW
WaitForSingleObject
ReleaseMutex
ResetEvent
SetEvent
CloseHandle
DeleteCriticalSection
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
CompareStringEx
GetCPInfo
GetLocaleInfoEx
GetStringTypeW
RtlUnwind
ExitThread
FreeLibraryAndExitThread
GetCommandLineA
GetConsoleOutputCP
SetStdHandle
GetDriveTypeW
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
ExitProcess
GetDateFormatW
GetTimeFormatW
RaiseException
DecodePointer
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
InitOnceBeginInitialize
InitOnceComplete
GetFileInformationByHandleEx
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesW
CreateEventW
ReadConsoleA
EncodePointer
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessTimes
GetQueuedCompletionStatus

user32

BeginPaint
ReleaseDC
GetDC
DrawTextW
GetSystemMetrics
EnableWindow
KillTimer
SetTimer
GetDlgCtrlID
GetDlgItem
DestroyWindow
RegisterClassW
PostQuitMessage
MessageBoxA
GetWindowThreadProcessId
EnumWindows
MessageBoxW
EndPaint
AllowSetForegroundWindow
TranslateAcceleratorW
LoadAcceleratorsW
CharNextW
CharUpperW
PostThreadMessageW
DispatchMessageW
TranslateMessage
GetMessageW
GetParent
SetWindowLongW
GetWindowLongW
GetWindowRect
MessageBoxExW
FillRect
LoadIconW
LoadBitmapW
PostMessageW
IsWindowVisible
DefWindowProcW
SetForegroundWindow
GetWindowTextW
MonitorFromWindow
GetMonitorInfoA
EnumDisplayDevicesA
SendMessageW
UnregisterClassW
GetProcessWindowStation
CallWindowProcW
GetUserObjectInformationW
SetWindowTextW
CreateWindowExW
ShowWindow
InvalidateRect

gdi32

DeleteObject
CreateFontW
CreatePen
GetDeviceCaps
GetStockObject
Rectangle
RoundRect
SelectObject
SetDCBrushColor
CreateSolidBrush
SetDCPenColor
SetBkMode
SetTextColor

ole32

CoUninitialize
CoCreateInstance
CoInitialize
CreateStreamOnHGlobal
CoCreateGuid
CoTaskMemFree
StringFromGUID2
CoTaskMemAlloc
CoInitializeEx

advapi32

RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
OpenProcessToken
GetUserNameW
RegDeleteKeyW
RegDeleteKeyExW
RegEnumKeyExW
RegEnumValueW
RegFlushKey
RegOpenKeyExA
RegQueryInfoKeyW
RegQueryValueExA
RegGetValueW
CryptAcquireContextW
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
GetTokenInformation
RegDeleteTreeW
RegCreateKeyExA
RegSetValueExA
CryptDestroyKey
SystemFunction036
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptSignHashW
CryptEnumProvidersW
BuildSecurityDescriptorW
BuildExplicitAccessWithNameW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ImpersonateNamedPipeClient
RevertToSelf
RegSetKeyValueW

shlwapi

PathFileExistsW
StrCmpW
PathRemoveFileSpecW
PathAppendW
SHCopyKeyW
StrStrW
StrCmpNW
SHDeleteKeyW
PathAddBackslashW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

sensapi

IsNetworkAlive

comctl32

InitCommonControlsEx
_TrackMouseEvent
ord345

gdiplus

GdipAlloc
GdiplusStartup
GdiplusShutdown
GdipCloneImage
GdipDisposeImage
GdipCreateBitmapFromStream
GdipFree
GdipCreateHBITMAPFromBitmap

wininet

HttpAddRequestHeadersA
HttpAddRequestHeadersW
HttpSendRequestW
HttpSendRequestExW
HttpEndRequestW
HttpQueryInfoA
HttpQueryInfoW
InternetWriteFile
InternetReadFile
InternetConnectW
InternetCloseHandle
InternetOpenW
InternetQueryDataAvailable
HttpOpenRequestW
InternetSetOptionW
InternetQueryOptionW

bcrypt

BCryptGenRandom

winmm

timeBeginPeriod
timeGetTime
timeGetDevCaps
timeSetEvent

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1003KB - Virtual size: 1002KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CPADinfo
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 154KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

94be4eef49b6aa0a1fe31886770899f0

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

02:19:17:fa:ad:69:b1:d7:5b:b4:3c:5e:86:45:30:2fCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

02:19:17:fa:ad:69:b1:d7:5b:b4:3c:5e:86:45:30:2fCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

27:5d:fa:2e:49:08:c3:96:33:18:a0:ca:c2:a8:0f:d6:e3:03:83:bc:9e:1b:c3:74:62:04:f1:0a:ac:97:f4:1fSigner

12:08:b2:28:4d:f1:7c:73:e5:c3:d2:9d:5f:bd:25:44:54:1e:34:61Signer

Headers

DLL Characteristics

File Characteristics

Imports

shell32

iphlpapi

ws2_32

crypt32

powrprof

winhttp

kernel32

user32

gdi32

ole32

advapi32

shlwapi

version

sensapi

comctl32

gdiplus

wininet

bcrypt

winmm

Sections

.text Size: 3.5MB - Virtual size: 3.5MB

.rdata Size: 1003KB - Virtual size: 1002KB

.data Size: 68KB - Virtual size: 2.9MB

CPADinfo Size: 512B - Virtual size: 40B

.rsrc Size: 114KB - Virtual size: 114KB

.reloc Size: 154KB - Virtual size: 153KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

02:19:17:fa:ad:69:b1:d7:5b:b4:3c:5e:86:45:30:2f
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

02:19:17:fa:ad:69:b1:d7:5b:b4:3c:5e:86:45:30:2f
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

27:5d:fa:2e:49:08:c3:96:33:18:a0:ca:c2:a8:0f:d6:e3:03:83:bc:9e:1b:c3:74:62:04:f1:0a:ac:97:f4:1f
Signer

12:08:b2:28:4d:f1:7c:73:e5:c3:d2:9d:5f:bd:25:44:54:1e:34:61
Signer

.text
Size: 3.5MB - Virtual size: 3.5MB

.rdata
Size: 1003KB - Virtual size: 1002KB

.data
Size: 68KB - Virtual size: 2.9MB

CPADinfo
Size: 512B - Virtual size: 40B

.rsrc
Size: 114KB - Virtual size: 114KB

.reloc
Size: 154KB - Virtual size: 153KB