Coco Z[.]rar | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Coco Z.rar
Size

19.5MB
MD5

3286f82e67a559077624009897232fd5
SHA1

6f79ab26d7c756038d3662def26c44225ea49cfa
SHA256

944f6757838a5122a431b916e2c924fceb3836636a4d976309eb0f7a3c6ed8bf
SHA512

4880eef393f615714cb8ab287c7a1dadf22c59b97a45737326d2b4732976bd76e8fafd3cd542848f2692d27b68e5f037882a778910b305f9e4fc00115efdece8
SSDEEP

393216:0BiDujPnnmnDHyVvsaqUALk+Euz3QEQpADPHKWXEimMS/A/FvFMP6wqMTknD:0XjPnc7yVvssBHF9pAbHKWXRmMSY/JFV

Score

7^/10

themida vmprotect

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/Coco Z/execprg/Injector.exe	themida

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/Coco Z/execprg/OtherInjector.exe	vmprotect

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Coco Z/CocoZ4.exe
unpack001/Coco Z/discord-rpc-w32.dll
unpack001/Coco Z/execprg/CocoBytecode.dll
unpack001/Coco Z/execprg/CocoHWID.dll
unpack001/Coco Z/execprg/CocoLauncher.exe
unpack001/Coco Z/execprg/Injector.exe
unpack001/Coco Z/execprg/OtherInjector.exe
unpack001/Coco Z/execprg/RobloxMultiInstance.exe

Files

Coco Z.rar
.rar
Coco Z/A Note from Owner.txt
Coco Z/CocoZ4.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 6.2MB - Virtual size: 6.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Coco Z/bin/Coco.xshd
.xml
Coco Z/bin/CocoLinkKey.txt
Coco Z/bin/Poppins.ttf
Coco Z/discord-rpc-w32.dll
.dll windows:6 windows x86 arch:x86

6310e6aa09f46f952e994ef81548691a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitNamedPipeW
GetCurrentProcessId
GetCurrentProcess
PeekNamedPipe
lstrlenW
MultiByteToWideChar
K32GetModuleFileNameExW
GetLastError
CloseHandle
WriteFile
ReadFile
lstrcpyW
CreateFileW
DuplicateHandle
WaitForSingleObjectEx
Sleep
GetCurrentThread
GetCurrentThreadId
GetExitCodeThread
QueryPerformanceCounter
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
GetProcAddress
WideCharToMultiByte
SetEvent
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
TerminateProcess
InitializeSListHead
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
EncodePointer
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
GetModuleFileNameW
GetModuleHandleA
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualFree
VirtualProtect
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
LoadLibraryW
RtlUnwind
RaiseException
ExitThread
GetModuleHandleExW
HeapAlloc
HeapFree
ExitProcess
GetModuleFileNameA
LCMapStringW
DecodePointer
GetStdHandle
GetFileType
GetACP
GetProcessHeap
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
GetStringTypeW
SetStdHandle
SetFilePointerEx
HeapSize
HeapReAlloc
WriteConsoleW

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegSetKeyValueW

Exports

Exports

Discord_Initialize
Discord_Respond
Discord_RunCallbacks
Discord_Shutdown
Discord_UpdatePresence

Sections

.text
Size: 204KB - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 226KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Coco Z/execprg/A Note from Roblox Multi Instance.txt
Coco Z/execprg/CocoBytecode.dll
.dll windows:6 windows x86 arch:x86

895106451adf217c96fea2a325a49175

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\adamr\source\repos\CocoBytecode.dll\CocoBytecode.dll\Release\CocoBytecode.pdb

Imports

kernel32

AllocConsole
VirtualQuery
ConnectNamedPipe
InterlockedExchange
InterlockedCompareExchange
FlushInstructionCache
HeapCreate
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
GetCurrentThreadId
OpenThread
GetThreadContext
SetThreadContext
SuspendThread
ResumeThread
CreateToolhelp32Snapshot
Thread32First
Thread32Next
GetConsoleScreenBufferInfo
WriteConsoleA
WriteFile
GetDynamicTimeZoneInformation
ExpandEnvironmentStringsA
GetConsoleMode
GetModuleHandleExA
GetFileAttributesA
CreateEventA
K32GetProcessImageFileNameA
WaitForSingleObject
FreeLibraryAndExitThread
CreateThread
TerminateThread
ExitProcess
FreeLibrary
SystemTimeToTzSpecificLocalTime
K32GetModuleInformation
FreeConsole
CloseHandle
IsBadReadPtr
FormatMessageA
DisableThreadLibraryCalls
Sleep
DisconnectNamedPipe
GetModuleHandleA
VirtualAlloc
GetStdHandle
GetCurrentProcess
SetConsoleTitleA
VirtualFree
SetConsoleTextAttribute
CreateNamedPipeA
VirtualProtect
CreateFileA
VerifyVersionInfoA
VerSetConditionMask
FormatMessageW
WaitForMultipleObjects
PeekNamedPipe
MoveFileExA
GetEnvironmentVariableA
GetSystemDirectoryA
SleepEx
GetTickCount
HeapSize
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
GetTimeZoneInformation
CreatePipe
GetExitCodeProcess
GetFileSizeEx
GetConsoleCP
FlushFileBuffers
GetConsoleWindow
GetModuleHandleW
GetCurrentThread
GetCurrentProcessId
ReadFile
SetEvent
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetProcAddress
LoadLibraryA
GetLastError
GetModuleFileNameA
QueryPerformanceCounter
QueryPerformanceFrequency
GlobalUnlock
GlobalLock
GlobalFree
WriteConsoleW
GlobalAlloc
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
ResetEvent
WaitForSingleObjectEx
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
RaiseException
MultiByteToWideChar
WideCharToMultiByte
GetStartupInfoW
GetSystemTimeAsFileTime
InitializeSListHead
GetProcessHeap
SetLastError
LoadLibraryExW
LocalFree
InitOnceComplete
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
GetFileInformationByHandle
SetEndOfFile
SetFilePointerEx
GetTempPathW
AreFileApisANSI
InitOnceBeginInitialize
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
TryEnterCriticalSection
GetExitCodeThread
EncodePointer
DecodePointer
LCMapStringEx
GetLocaleInfoEx
GetStringTypeW
CompareStringEx
GetCPInfo
RtlUnwind
InterlockedFlushSList
GetModuleFileNameW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleExW
DuplicateHandle
CreateProcessW
SetStdHandle
GetFileType
GetDriveTypeW
GetFullPathNameW
SetEnvironmentVariableW
GetCurrentDirectoryW
RemoveDirectoryW
DeleteFileW
MoveFileExW
ExitThread
ReadConsoleW
FileTimeToSystemTime

user32

EmptyClipboard
CloseClipboard
OpenClipboard
GetCursorPos
SetCursorPos
LoadCursorW
DestroyWindow
DefWindowProcA
CreateWindowExA
GetClipboardData
RegisterClassExA
PostQuitMessage
GetWindowThreadProcessId
IsWindowVisible
GetSystemMetrics
ShowWindow
GetAsyncKeyState
GetWindowTextA
MessageBoxA
FindWindowW
mouse_event
SendInput
GetKeyState
SetClipboardData
GetForegroundWindow
IsChild
ClientToScreen
UnregisterClassA
GetClientRect
SetCursor
ScreenToClient

ole32

CoCreateInstance
CoSetProxyBlanket
CoTaskMemFree
CoInitializeEx

oleaut32

VariantClear
SysAllocString
SysFreeString

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

d3dcompiler_47

D3DCompile

xinput1_4

ord2
ord4

wininet

InternetCloseHandle
InternetReadFile
InternetOpenA
InternetOpenUrlA

advapi32

CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA

ws2_32

ioctlsocket
getaddrinfo
freeaddrinfo
gethostname
htonl
sendto
WSASetLastError
recvfrom
__WSAFDIsSet
WSAGetLastError
inet_pton
socket
send
recv
closesocket
accept
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
listen
ntohl
WSACleanup
WSAStartup
WSAIoctl
setsockopt
ntohs
bind
getsockopt
getsockname
getpeername
select
connect
htons

crypt32

CertCreateCertificateChainEngine
CertFreeCertificateChain
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertFreeCertificateChainEngine
CertGetCertificateChain

wldap32

ord27
ord22
ord41
ord50
ord45
ord60
ord211
ord46
ord143
ord32
ord33
ord35
ord79
ord30
ord200
ord301
ord26

Sections

)
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

&$#%
Size: 806KB - Virtual size: 806KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

!$
Size: 19KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

*$%
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

%*(
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 233B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Coco Z/execprg/CocoHWID.dll
.dll windows:6 windows x86 arch:x86

face7a8210b72720e07aae3f941e741f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Admin\source\repos\CocoHWID\Release\CocoHWID.pdb

Imports

kernel32

GetModuleFileNameA
GetModuleHandleA
MultiByteToWideChar
LocalFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetLastError

user32

MessageBoxA

ole32

CoCreateInstance
CoSetProxyBlanket

oleaut32

VariantClear
SysAllocString
SysFreeString

msvcp140

?out@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PB_W1AAPB_WPAD3AAPAD@Z
?_Addfac@_Locimp@locale@std@@AAEXPAVfacet@23@I@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UAEXXZ
??Bid@locale@std@@QAEIXZ
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
??0?$codecvt@_WDU_Mbstatet@@@std@@QAE@I@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MAE@XZ
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_New_Locimp@_Locimp@locale@std@@CAPAV123@ABV123@@Z
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z

vcruntime140

__std_type_info_destroy_list
_except_handler4_common
memset
_CxxThrowException
__std_terminate
__std_exception_copy
memchr
memcpy
memmove
__CxxFrameHandler3
__std_exception_destroy

api-ms-win-crt-runtime-l1-1-0

_cexit
_crt_atexit
exit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
_execute_onexit_table
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-heap-l1-1-0

free
_callnewh
malloc

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf

api-ms-win-crt-string-l1-1-0

_strdup

Exports

Exports

_bogie_for_president_3045@0

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Coco Z/execprg/CocoLauncher.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Coco Z/execprg/Injector.exe
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 7KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 182B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 266B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Coco Z/execprg/OtherInjector.exe
.exe windows:6 windows x86 arch:x86

be90f46cfdbd17bda42579e0b663ce5a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleScreenBufferInfo
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetWindowThreadProcessId
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

msvcp140

?_Throw_Cpp_error@std@@YAXH@Z

vcruntime140

__std_exception_copy

api-ms-win-crt-runtime-l1-1-0

_crt_atexit

api-ms-win-crt-stdio-l1-1-0

__p__commode

api-ms-win-crt-heap-l1-1-0

_callnewh

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

wtsapi32

WTSSendMessageW

Exports

Exports

�U�l�N�Q�i77��fWF��d�&5�P�B��¬��=|��Y�F�vY5v�ud҃N��΅l�#i��k;�l�h��~��B��e0U �="VA7Ɲ?�ZˤPHsk��R��vI��-Jx��e�B�=�aˊ��)�s�r�m@#(�9x6W��]�nT%\y]*�e��b�i�5�l�j�"2i�y�X��f�g�#�:��@��"g6v��~��?F�J�>!+C��ε��QJ-��#D=㋘+�Zw��t��\#sx��>��;i��Q��w��4�}f7X[��ˎ3vm��a�{B́� �T�G��kn�s��)s��/��+ȉ2��qHҝV�P`�z=Xy;��6��6"W�A�Ty��ԑ��^�Y��TQe�GW��-�R�9�@��@�?��R��A��ȕ��lcy �j�˭��! ��(`��#�B��%L�?��Q?�g�7��Q��nx}��O��^�#_Ź�޺Q��(��.��a�;��5'K��YB��$�Ǣ{�0�θ�U��~ތ��@l��x5\m��tآO/�Qǽ~��4��=c��\�4��3*��ыL�}��K�)��z��RG!0�q�Fx�x�u�Y��Z�I��_��_-9��Pj��RՉ�~�ڝw蜥!ƣ��!3�O �K<�ws��N�ˋ�^�{�M��8�m3�G�� d�[��`�0?�mP��7U8K<_r�K�O��uF��U��2;b�s`d�?QTzs_A�� B��'q{L� ��l^S�z�{x#7��O�) ��E��\!_�:��M3C��>$,MIF��1M2�*��Z��D ;/��-. �X�b3��iP� ��? cm��w��&�uwi��;p�2�b� {m�˭�� #��6@��r�Q7kT)�z�ų�&�� 8��|&�6�Efys��#@0`��Z��T��qCEd@�b�#��v2�z�g�Ό�^ $��#��l�x.�f3�c��O� �n�k��g�ϒ��?u\�"�J�ƕxՍ�=��<t�M0��/�U�p��Dk��J��%�&�l��C_'�C��|�Yi�R+�� ]I��q�HZR��hөt��%��,N׭�'Z{v��.�㽅�2�c�X��S�ky. H��8�hjz�ȑ�d�њʰ�gN�H6�6��?%�yg�aC��B��a{�Ly�)�,?|�KM!-�׭�%��s�3��y��I�P'%]'KJI�wYFȖ��5�d��\R��oq�߱n��Z�*�z�~�b�P�"��nC��ߟ��%�vocC(��E��, ��S� 1��aJ�Ե�Jb�N?+�?<�T��c��gWN��Z�}�Y�+g|p{�^��~ݦ~_J�b�K"?w�2?�gn�nw��b��E�Ky�`��8��t��g�!��͗|t�5��l6,@�9�~y��lp *�4�En��ʇGҘݢU0*+m�E�ݪ�Pz��k`rBi��`��h�� P%�S%/�6< Q+"�8��B;��;a3��p*N$�u�T�'n{�ʷí�Vd��7�<n[�!��lt��E��ywW�࠙)��e��e��~��m�ÖL��i�#A�۸d薖|�!�` h�g4a�#��[}�j�١�xnj�c�3k�0�}A�h��V��f��u��M^ �W�p��v7�KI�2I<'��?5�u�Ato6/�p� ��yl𐚹t�Y�wV��s��4��V1�@�Gg�'��q�[�S��7f��U�B�<gο��O{�&R~a��@��"S`p K��q�ϟ��g>�|,>F��y��#@��l4<�I� �?��`W��v �%��VC��]�Z4<�2�(�%|��8N[e�� a��&g3��N1B��架l��L��Z�%��Z�Љ��\.�i϶�򥵽9��<�mw�R�p,��9��D1��t��*��VT�T�,��La5^jLV��<��FY�'-rV��+��:Ar�:��iX�O��2�L�.�nqDx��?�^��'H`r��K۵��Άl-�!K\��x��ݘ�S �Ɨ�x�Y��u��dzE�3PrY�� j��pݼO�ʅ.��ںs��$I��y=;�a,B(��u�=��D��ш��ֽY|��42#8��Nи�!d��g��HU�m Ɠ�C>��4�j`�=*7aك"<��W��-�`�T��EDO�0Q��]�2��*%��P�vw��^6��C��}�q��3 ~-�C��;c��M�O��X J��_|�skk<�Q�y�0]��i6��JXl��hs�vP�g:!T4Z�q��4��R>��=��T�~x�i�9/=+�|B�б��9w/5r!LvK�N�7��/��i~Gw!�!�3�;]��>�W|A�t�zЬ��^$�f�~.A�N7��z_U]��k��*��F�'��x�ך_��_XXF`+n��N'�ؚ<��Ӿ�oK��5��?��Y82�mi�큟:9l0Qfϝɮ��eq4Ǔz1�k��-�rl%>5!��~ ��H粮��i�ԤE�m1�Z��>A�%�O�䈳��խ��z��w��tQ7\=�z"�C�e�A�1�OI��U吲�]��W�$۟�2Ԑ��D�&��T�k��fo�m��媜wȎ7JA��r�vK��b��8�I��c-zzI��,��_��t-[̣� ��L�Zy�Tx��Ntfe)��0U�E�"��U��?色'�@!Ѡ;��#u�;p�l܄�[�@F�[X�|B��bޡ|_��Azj��=�Lkr,V��d��B~�~T��x�\�W�@5�U��r�ιvl�2O�Cy��Q��нV߽'YN�%��X�� ᏾ ��>_�M�>�Io'��`A�

Sections

.text
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Coco Z/execprg/RobloxMultiInstance.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Xiaom\source\repos\RobloxMultiInstance\RobloxMultiInstance\obj\Release\RobloxMultiInstance.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Coco Z/execprg/RobloxPlayerLauncher.exe
.exe windows:5 windows x86 arch:x86

b0c56608567b8330b598049228698913

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:47:e5:a2:c3:22:71:bd:9e:93:5f:b8:6f:31:49:93
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

15/01/2021, 00:00

Not After

18/01/2023, 23:59

Subject

SERIALNUMBER=3780902,CN=Roblox Corporation,O=Roblox Corporation,L=San Mateo,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

15:e3:f9:b9:98:0a:38:45:64:d9:40:d6:f2:fc:b5:09:fd:0e:56:1f
Signer

Actual PE Digest

15:e3:f9:b9:98:0a:38:45:64:d9:40:d6:f2:fc:b5:09:fd:0e:56:1f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\teamcity-agent\work\trunk_ninja_boot-x86\build.ninja\common\vs2017\x86\release\Installer\BootstrapperClient\BootstrapperClient.pdb

Imports

powrprof

CallNtPowerInformation

winhttp

WinHttpAddRequestHeaders
WinHttpQueryHeaders
WinHttpSetTimeouts
WinHttpOpenRequest
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpWriteData
WinHttpReadData
WinHttpConnect
WinHttpCloseHandle
WinHttpOpen
WinHttpCrackUrl
WinHttpSetOption

kernel32

VerifyVersionInfoW
GetSystemTimeAsFileTime
GetStdHandle
FindClose
FindFirstFileW
FindNextFileW
GetDiskFreeSpaceExW
RemoveDirectoryW
SetFileAttributesW
Sleep
GetCurrentProcess
TerminateProcess
GetExitCodeProcess
GetCurrentThread
CreateProcessW
OpenProcess
GetSystemTime
GetLocalTime
GetTickCount
GetVersionExW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
FreeLibrary
GetModuleFileNameW
LoadLibraryW
lstrlenW
BeginUpdateResourceW
UpdateResourceA
EndUpdateResourceW
CopyFileW
SystemTimeToFileTime
GetGeoInfoW
GetUserGeoID
GetUserDefaultLCID
FreeConsole
AttachConsole
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
CreateSemaphoreA
WaitForSingleObjectEx
ReleaseSemaphore
DuplicateHandle
GetModuleHandleA
K32EnumProcesses
K32GetProcessImageFileNameW
GetCommandLineW
GetShortPathNameW
SetLastError
CreateSemaphoreW
IsDebuggerPresent
GetCurrentProcessId
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
IsWow64Process
QueryPerformanceCounter
QueryPerformanceFrequency
FileTimeToSystemTime
FlushFileBuffers
GetFileSizeEx
SetFileTime
lstrcpyW
MoveFileW
OpenEventA
LoadLibraryA
GetFileTime
FormatMessageA
GetSystemInfo
WaitForMultipleObjectsEx
SetWaitableTimer
ResumeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetLogicalProcessorInformation
CreateWaitableTimerA
GetFileType
SetUnhandledExceptionFilter
HeapSize
FormatMessageW
GetExitCodeThread
GetVersion
LockFileEx
SetEndOfFile
UnlockFileEx
SetProcessShutdownParameters
SetConsoleCtrlHandler
GetProcessTimes
SuspendThread
GetProcessId
GetThreadContext
IsProcessorFeaturePresent
GetTimeZoneInformation
GetThreadLocale
GetSystemDefaultLCID
InitializeCriticalSection
VirtualQueryEx
ReadProcessMemory
SetNamedPipeHandleState
TransactNamedPipe
CreateNamedPipeW
WaitNamedPipeW
SetFilePointerEx
FindFirstFileExW
ConnectNamedPipe
DisconnectNamedPipe
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
UnregisterWaitEx
RegisterWaitForSingleObject
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
InitOnceExecuteOnce
HeapFree
ExitProcess
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileInformationByHandle
GetDriveTypeW
GetModuleHandleExW
ExitThread
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
GetCommandLineA
RtlUnwind
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
VirtualFree
VirtualProtect
VirtualAlloc
LoadLibraryExW
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
HeapReAlloc
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
CreateTimerQueue
InitializeSListHead
GetStartupInfoW
UnhandledExceptionFilter
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
SwitchToThread
EncodePointer
LocalFree
InitializeCriticalSectionEx
GetTempPathW
WriteFile
ReadFile
GetFileSize
VerSetConditionMask
GetCurrentThreadId
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
GetFileAttributesW
CreateFileW
CreateDirectoryW
DeleteCriticalSection
FindResourceA
CreateThread
GetProcessHeap
HeapAlloc
HeapDestroy
RaiseException
DecodePointer
MulDiv
CreateEventA
WideCharToMultiByte
MultiByteToWideChar
lstrcmpW
GetProcAddress
GetModuleHandleW
OpenEventW
CreateEventW
CreateMutexW
WaitForSingleObject
ReleaseMutex
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
GetLastError
CloseHandle
DeleteFileW
IsValidLocale
EnumSystemLocalesW
SetStdHandle
GetCurrentDirectoryW
GetFullPathNameW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
WriteConsoleW
SleepEx

user32

IsWindowVisible
DrawTextW
LoadBitmapW
FillRect
GetWindowTextW
SetForegroundWindow
PostMessageW
EndPaint
EnableWindow
KillTimer
SetTimer
GetDlgCtrlID
DestroyWindow
RegisterClassW
PostQuitMessage
CharUpperW
CharNextW
AllowSetForegroundWindow
MessageBoxExW
SendMessageW
DefWindowProcW
CallWindowProcW
CreateWindowExW
ShowWindow
GetDC
InvalidateRect
GetWindowRect
MessageBoxW
GetWindowLongW
SetWindowLongW
GetParent
UnregisterClassW
GetMessageW
TranslateMessage
DispatchMessageW
PostThreadMessageW
LoadAcceleratorsW
TranslateAcceleratorW
SetWindowTextW
BeginPaint
GetSystemMetrics
GetDlgItem
MessageBoxA
LoadIconW
EnumWindows
GetWindowThreadProcessId
ReleaseDC

gdi32

SetTextColor
SetBkMode
SetDCPenColor
SetDCBrushColor
CreateFontW
RoundRect
Rectangle
GetStockObject
CreatePen
GetDeviceCaps
DeleteObject
CreateSolidBrush
SelectObject

shell32

ShellExecuteW
CommandLineToArgvW
SHGetFolderPathAndSubDirW
ShellExecuteExW
Shell_NotifyIconW
Shell_NotifyIconA
ord165

ole32

CoCreateGuid
StringFromGUID2
CoUninitialize
CoInitialize
CreateStreamOnHGlobal
CoCreateInstance

advapi32

CryptGetHashParam
RegQueryValueExA
RegQueryInfoKeyW
RegOpenKeyExA
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteKeyExW
RegDeleteKeyW
GetUserNameW
OpenProcessToken
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
RegCloseKey
GetTokenInformation
CryptCreateHash
CryptHashData
CryptDestroyHash
BuildSecurityDescriptorW
BuildExplicitAccessWithNameW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ImpersonateNamedPipeClient
RevertToSelf
SystemFunction036
CryptAcquireContextW
CryptReleaseContext

shlwapi

PathAddBackslashW
SHDeleteKeyW
StrCmpNW
StrStrW
StrCmpW
PathFileExistsW
PathRemoveExtensionW
SHCopyKeyW
PathAppendW
PathRemoveFileSpecW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

sensapi

IsNetworkAlive

wininet

HttpQueryInfoW
HttpQueryInfoA
HttpEndRequestW
HttpSendRequestExW
InternetOpenW
InternetCloseHandle
InternetConnectW
InternetReadFile
InternetWriteFile
InternetQueryDataAvailable
HttpOpenRequestW
InternetQueryOptionW
InternetSetOptionW
HttpAddRequestHeadersA
HttpAddRequestHeadersW
HttpSendRequestW

ws2_32

inet_ntop
freeaddrinfo
getaddrinfo
closesocket
connect
htons
send
sendto
WSAStartup
WSACleanup
WSAGetLastError
socket

comctl32

InitCommonControlsEx
ord345
_TrackMouseEvent

gdiplus

GdipFree
GdiplusStartup
GdiplusShutdown
GdipCloneImage
GdipDisposeImage
GdipCreateBitmapFromStream
GdipCreateHBITMAPFromBitmap
GdipAlloc

winmm

timeSetEvent
timeGetDevCaps
timeBeginPeriod
timeGetTime

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 299KB - Virtual size: 298KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 432KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

rbxi
Size: 512B - Virtual size: 396B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

CPADinfo
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 119KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Coco Z/execprg/RobloxPlayerLauncherBackup.exe
.exe windows:5 windows x86 arch:x86

b0c56608567b8330b598049228698913

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:47:e5:a2:c3:22:71:bd:9e:93:5f:b8:6f:31:49:93
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

15/01/2021, 00:00

Not After

18/01/2023, 23:59

Subject

SERIALNUMBER=3780902,CN=Roblox Corporation,O=Roblox Corporation,L=San Mateo,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

15:e3:f9:b9:98:0a:38:45:64:d9:40:d6:f2:fc:b5:09:fd:0e:56:1f
Signer

Actual PE Digest

15:e3:f9:b9:98:0a:38:45:64:d9:40:d6:f2:fc:b5:09:fd:0e:56:1f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\teamcity-agent\work\trunk_ninja_boot-x86\build.ninja\common\vs2017\x86\release\Installer\BootstrapperClient\BootstrapperClient.pdb

Imports

powrprof

CallNtPowerInformation

winhttp

WinHttpAddRequestHeaders
WinHttpQueryHeaders
WinHttpSetTimeouts
WinHttpOpenRequest
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpWriteData
WinHttpReadData
WinHttpConnect
WinHttpCloseHandle
WinHttpOpen
WinHttpCrackUrl
WinHttpSetOption

kernel32

VerifyVersionInfoW
GetSystemTimeAsFileTime
GetStdHandle
FindClose
FindFirstFileW
FindNextFileW
GetDiskFreeSpaceExW
RemoveDirectoryW
SetFileAttributesW
Sleep
GetCurrentProcess
TerminateProcess
GetExitCodeProcess
GetCurrentThread
CreateProcessW
OpenProcess
GetSystemTime
GetLocalTime
GetTickCount
GetVersionExW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
FreeLibrary
GetModuleFileNameW
LoadLibraryW
lstrlenW
BeginUpdateResourceW
UpdateResourceA
EndUpdateResourceW
CopyFileW
SystemTimeToFileTime
GetGeoInfoW
GetUserGeoID
GetUserDefaultLCID
FreeConsole
AttachConsole
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
CreateSemaphoreA
WaitForSingleObjectEx
ReleaseSemaphore
DuplicateHandle
GetModuleHandleA
K32EnumProcesses
K32GetProcessImageFileNameW
GetCommandLineW
GetShortPathNameW
SetLastError
CreateSemaphoreW
IsDebuggerPresent
GetCurrentProcessId
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
IsWow64Process
QueryPerformanceCounter
QueryPerformanceFrequency
FileTimeToSystemTime
FlushFileBuffers
GetFileSizeEx
SetFileTime
lstrcpyW
MoveFileW
OpenEventA
LoadLibraryA
GetFileTime
FormatMessageA
GetSystemInfo
WaitForMultipleObjectsEx
SetWaitableTimer
ResumeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetLogicalProcessorInformation
CreateWaitableTimerA
GetFileType
SetUnhandledExceptionFilter
HeapSize
FormatMessageW
GetExitCodeThread
GetVersion
LockFileEx
SetEndOfFile
UnlockFileEx
SetProcessShutdownParameters
SetConsoleCtrlHandler
GetProcessTimes
SuspendThread
GetProcessId
GetThreadContext
IsProcessorFeaturePresent
GetTimeZoneInformation
GetThreadLocale
GetSystemDefaultLCID
InitializeCriticalSection
VirtualQueryEx
ReadProcessMemory
SetNamedPipeHandleState
TransactNamedPipe
CreateNamedPipeW
WaitNamedPipeW
SetFilePointerEx
FindFirstFileExW
ConnectNamedPipe
DisconnectNamedPipe
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
UnregisterWaitEx
RegisterWaitForSingleObject
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
InitOnceExecuteOnce
HeapFree
ExitProcess
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileInformationByHandle
GetDriveTypeW
GetModuleHandleExW
ExitThread
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
GetCommandLineA
RtlUnwind
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
VirtualFree
VirtualProtect
VirtualAlloc
LoadLibraryExW
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
HeapReAlloc
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
CreateTimerQueue
InitializeSListHead
GetStartupInfoW
UnhandledExceptionFilter
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
SwitchToThread
EncodePointer
LocalFree
InitializeCriticalSectionEx
GetTempPathW
WriteFile
ReadFile
GetFileSize
VerSetConditionMask
GetCurrentThreadId
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
GetFileAttributesW
CreateFileW
CreateDirectoryW
DeleteCriticalSection
FindResourceA
CreateThread
GetProcessHeap
HeapAlloc
HeapDestroy
RaiseException
DecodePointer
MulDiv
CreateEventA
WideCharToMultiByte
MultiByteToWideChar
lstrcmpW
GetProcAddress
GetModuleHandleW
OpenEventW
CreateEventW
CreateMutexW
WaitForSingleObject
ReleaseMutex
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
GetLastError
CloseHandle
DeleteFileW
IsValidLocale
EnumSystemLocalesW
SetStdHandle
GetCurrentDirectoryW
GetFullPathNameW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
WriteConsoleW
SleepEx

user32

IsWindowVisible
DrawTextW
LoadBitmapW
FillRect
GetWindowTextW
SetForegroundWindow
PostMessageW
EndPaint
EnableWindow
KillTimer
SetTimer
GetDlgCtrlID
DestroyWindow
RegisterClassW
PostQuitMessage
CharUpperW
CharNextW
AllowSetForegroundWindow
MessageBoxExW
SendMessageW
DefWindowProcW
CallWindowProcW
CreateWindowExW
ShowWindow
GetDC
InvalidateRect
GetWindowRect
MessageBoxW
GetWindowLongW
SetWindowLongW
GetParent
UnregisterClassW
GetMessageW
TranslateMessage
DispatchMessageW
PostThreadMessageW
LoadAcceleratorsW
TranslateAcceleratorW
SetWindowTextW
BeginPaint
GetSystemMetrics
GetDlgItem
MessageBoxA
LoadIconW
EnumWindows
GetWindowThreadProcessId
ReleaseDC

gdi32

SetTextColor
SetBkMode
SetDCPenColor
SetDCBrushColor
CreateFontW
RoundRect
Rectangle
GetStockObject
CreatePen
GetDeviceCaps
DeleteObject
CreateSolidBrush
SelectObject

shell32

ShellExecuteW
CommandLineToArgvW
SHGetFolderPathAndSubDirW
ShellExecuteExW
Shell_NotifyIconW
Shell_NotifyIconA
ord165

ole32

CoCreateGuid
StringFromGUID2
CoUninitialize
CoInitialize
CreateStreamOnHGlobal
CoCreateInstance

advapi32

CryptGetHashParam
RegQueryValueExA
RegQueryInfoKeyW
RegOpenKeyExA
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteKeyExW
RegDeleteKeyW
GetUserNameW
OpenProcessToken
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
RegCloseKey
GetTokenInformation
CryptCreateHash
CryptHashData
CryptDestroyHash
BuildSecurityDescriptorW
BuildExplicitAccessWithNameW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ImpersonateNamedPipeClient
RevertToSelf
SystemFunction036
CryptAcquireContextW
CryptReleaseContext

shlwapi

PathAddBackslashW
SHDeleteKeyW
StrCmpNW
StrStrW
StrCmpW
PathFileExistsW
PathRemoveExtensionW
SHCopyKeyW
PathAppendW
PathRemoveFileSpecW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

sensapi

IsNetworkAlive

wininet

HttpQueryInfoW
HttpQueryInfoA
HttpEndRequestW
HttpSendRequestExW
InternetOpenW
InternetCloseHandle
InternetConnectW
InternetReadFile
InternetWriteFile
InternetQueryDataAvailable
HttpOpenRequestW
InternetQueryOptionW
InternetSetOptionW
HttpAddRequestHeadersA
HttpAddRequestHeadersW
HttpSendRequestW

ws2_32

inet_ntop
freeaddrinfo
getaddrinfo
closesocket
connect
htons
send
sendto
WSAStartup
WSACleanup
WSAGetLastError
socket

comctl32

InitCommonControlsEx
ord345
_TrackMouseEvent

gdiplus

GdipFree
GdiplusStartup
GdiplusShutdown
GdipCloneImage
GdipDisposeImage
GdipCreateBitmapFromStream
GdipCreateHBITMAPFromBitmap
GdipAlloc

winmm

timeSetEvent
timeGetDevCaps
timeBeginPeriod
timeGetTime

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 299KB - Virtual size: 298KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 432KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

rbxi
Size: 512B - Virtual size: 396B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

CPADinfo
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 119KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Coco Z/execprg/kill_coco.bat
Coco Z/scripts/Aimbot 3.0.txt
.js
Coco Z/scripts/Aimbot.txt
.js
Coco Z/scripts/Alt+Print.txt
Coco Z/scripts/ArsenalHitboxExtender.txt
Coco Z/scripts/BloxHunt.txt
Coco Z/scripts/Boys And Girls Hangout Gun.txt
Coco Z/scripts/CBROKillAll.txt
Coco Z/scripts/CC Aimbot V2.txt
Coco Z/scripts/CC Aimbot.txt
.js
Coco Z/scripts/CTRL+Del.txt
Coco Z/scripts/Click TP Tool.txt
Coco Z/scripts/CocoHub.txt
Coco Z/scripts/Dark Hub.txt
Coco Z/scripts/DexV1.txt
Coco Z/scripts/DexV4.txt
Coco Z/scripts/DivineSisters.txt
Coco Z/scripts/EclipseMM2.txt
Coco Z/scripts/FPSBoost.txt
Coco Z/scripts/Flee The Facility.txt
Coco Z/scripts/Infinite Yield.txt
Coco Z/scripts/Invisible Fling.txt
Coco Z/scripts/Jailbreak.txt
Coco Z/scripts/Kraken Hub.txt
Coco Z/scripts/LucidityMM2.txt
Coco Z/scripts/MM2.txt
Coco Z/scripts/MM2Autofarm.txt
Coco Z/scripts/Mad City 2.txt
.js
Coco Z/scripts/Mad City GUI.txt
Coco Z/scripts/Mad City.txt
Coco Z/scripts/Mad Emotes.txt
Coco Z/scripts/MheeHub.txt
Coco Z/scripts/NoClipKeybind.txt
Coco Z/scripts/OxieHub.txt
Coco Z/scripts/Prisonware.txt
Coco Z/scripts/Reviz Admin.txt
Coco Z/scripts/SharkBite.txt
Coco Z/scripts/UnitClassifiedGUI.txt
Coco Z/scripts/ZyrexHub.txt
Coco Z/scripts/oofNotoriety.txt
Coco Z/workspace/WhiteKey.lua

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 6.2MB - Virtual size: 6.2MB

.rsrc Size: 37KB - Virtual size: 37KB

.reloc Size: 512B - Virtual size: 12B

6310e6aa09f46f952e994ef81548691a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

Exports

Exports

Sections

.text Size: 204KB - Virtual size: 204KB

.rdata Size: 56KB - Virtual size: 55KB

.data Size: 12KB - Virtual size: 226KB

.gfids Size: 3KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 12KB - Virtual size: 11KB

895106451adf217c96fea2a325a49175

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

ole32

oleaut32

imm32

d3dcompiler_47

xinput1_4

wininet

advapi32

ws2_32

crypt32

wldap32

Sections

) Size: 1.6MB - Virtual size: 1.6MB

&$#% Size: 806KB - Virtual size: 806KB

!$ Size: 19KB - Virtual size: 34KB

*$% Size: 4KB - Virtual size: 4KB

%*( Size: 512B - Virtual size: 12B

  Size: 9KB - Virtual size: 8KB

 Size: 63KB - Virtual size: 63KB

 Size: 512B - Virtual size: 233B

face7a8210b72720e07aae3f941e741f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

ole32

oleaut32

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 6KB - Virtual size: 6KB

.text
Size: 6.2MB - Virtual size: 6.2MB

.rsrc
Size: 37KB - Virtual size: 37KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 204KB - Virtual size: 204KB

.rdata
Size: 56KB - Virtual size: 55KB

.data
Size: 12KB - Virtual size: 226KB

.gfids
Size: 3KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 12KB - Virtual size: 11KB

)
Size: 1.6MB - Virtual size: 1.6MB

&$#%
Size: 806KB - Virtual size: 806KB

!$
Size: 19KB - Virtual size: 34KB

*$%
Size: 4KB - Virtual size: 4KB

%*(
Size: 512B - Virtual size: 12B

Size: 9KB - Virtual size: 8KB

Size: 63KB - Virtual size: 63KB

Size: 512B - Virtual size: 233B

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 3.7MB - Virtual size: 3.7MB

.reloc
Size: 512B - Virtual size: 12B

.rsrc
Size: 37KB - Virtual size: 37KB

.imports
Size: 1024B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 4KB

.themida
Size: - Virtual size: 3.3MB

.boot
Size: 1.8MB - Virtual size: 1.8MB

.text
Size: - Virtual size: 12KB

.rdata
Size: - Virtual size: 7KB

.data
Size: - Virtual size: 1KB

.vmp0
Size: - Virtual size: 3.4MB

.vmp1
Size: 5.4MB - Virtual size: 5.4MB

.rsrc
Size: 512B - Virtual size: 469B

.text
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 29KB - Virtual size: 28KB

.reloc
Size: 512B - Virtual size: 12B

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate