Roblox[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Roblox.exe
Size

1.4MB
MD5

221148048c504c08d319c0667a107c98
SHA1

fa2b68e9feba9661a60970e335348042a43824e3
SHA256

e9ddb99b0ac893dcdb5e507449698fa5fb90d325322f9003369a18229426be09
SHA512

623f075d2e613bfd197aa6308d7b7c3f1c4fe141bcab0fd8b376c6ef0151c7ab96bca1330b1d78a30a1dd012009985b39ab1e71004d1ed6083b01724098a2841
SSDEEP

24576:KRkPR/GV1qTJJCw25x0xRbqD/2JTMLyloBLjRrMhQJ6uGKFOnmocy8f:KRkPR/G2Tq/xwbO8wLyyFKhQanm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Roblox.exe

Files

Roblox.exe
.exe windows:6 windows x64 arch:x64

e94d7c3a74cfa19138ce510db5437a00

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\nigger\Desktop\private\build\Roblox.pdb

Imports

ntdll

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry
VerSetConditionMask

d3d11

D3D11CreateDeviceAndSwapChain

d3dcompiler_47

D3DCompile

kernel32

MapViewOfFile
UnmapViewOfFile
GetModuleFileNameA
GetModuleFileNameW
QueryFullProcessImageNameW
SetLastError
FormatMessageA
LocalFree
SleepEx
GetSystemDirectoryA
VerifyVersionInfoA
GetTickCount
MoveFileExA
WaitForSingleObjectEx
GetEnvironmentVariableA
GetFileType
PeekNamedPipe
WaitForMultipleObjects
CreateFileA
GetFileSizeEx
GetLocaleInfoEx
GetCurrentDirectoryW
CreateDirectoryW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
HeapDestroy
AreFileApisANSI
GetFileInformationByHandleEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
SetThreadExecutionState
GetModuleHandleW
GetStartupInfoW
FormatMessageW
GetModuleHandleExW
GetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualQuery
GetPrivateProfileStringA
GetPrivateProfileIntA
lstrcmpiA
GetConsoleWindow
ExitProcess
GetFileSize
VirtualAllocEx
Beep
CreateThread
WritePrivateProfileStringA
CloseHandle
Process32Next
GlobalAddAtomA
GetConsoleMode
Sleep
CreateToolhelp32Snapshot
SetCurrentDirectoryA
OpenProcess
CreateFileW
GetProcessId
DeviceIoControl
SetConsoleMode
WriteFile
GetStdHandle
SetConsoleTitleA
VirtualProtect
Process32First
ReadFile
QueryPerformanceCounter
FreeLibrary
GetProcAddress
QueryPerformanceFrequency
LoadLibraryA
GetModuleHandleA
GlobalUnlock
WideCharToMultiByte
GlobalLock
GlobalFree
GlobalAlloc
MultiByteToWideChar
GetProcessHeap
InitializeCriticalSectionEx
GetCurrentProcess
GetFileAttributesExW
CreateFileMappingW

user32

GetMonitorInfoW
UnregisterClassW
EnumDisplayMonitors
SetClipboardData
GetClipboardData
EmptyClipboard
CloseClipboard
EnumDisplayDevicesW
RegisterClassExW
CreateWindowExW
ToUnicode
MapVirtualKeyW
EnumDisplaySettingsExW
RegisterDeviceNotificationW
GetRawInputDeviceList
GetRawInputDeviceInfoA
OpenClipboard
GetCursorPos
ReleaseDC
DestroyIcon
ReleaseCapture
GetClientRect
SetCursor
SetCapture
GetForegroundWindow
TrackMouseEvent
ClientToScreen
ScreenToClient
MonitorFromWindow
GetDC
LoadCursorA
GetKeyState
UpdateWindow
RegisterClassExA
SetWindowLongPtrA
GetDesktopWindow
GetWindowLongPtrA
LoadIconA
TranslateMessage
SetLayeredWindowAttributes
CreateWindowExA
DefWindowProcA
SetMenu
ChangeDisplaySettingsExW
SetCursorPos
GetMessageTime
SendMessageW
PostMessageW
MessageBoxA
RegisterRawInputDevices
GetRawInputData
SystemParametersInfoW
CreateIconIndirect
LoadImageW
LoadCursorW
GetClassLongPtrW
SetWindowLongW
GetWindowLongW
WaitMessage
GetLayeredWindowAttributes
GetWindowPlacement
SetWindowPlacement
FlashWindow
IsWindowVisible
IsIconic
BringWindowToTop
IsZoomed
SetFocus
PeekMessageW
GetActiveWindow
MsgWaitForMultipleObjects
DispatchMessageW
SetForegroundWindow
SetPropW
DispatchMessageA
GetPropW
RemovePropW
MoveWindow
SetWindowTextW
AdjustWindowRectEx
GetWindowRect
DefWindowProcW
SetWindowDisplayAffinity
GetWindowLongA
SetWindowLongA
ShowWindow
GetSystemMetrics
PostMessageA
SetWindowPos
DestroyWindow
EnumDisplaySettingsW
PtInRect
OffsetRect
SetRect
ClipCursor
WindowFromPoint
UnregisterDeviceNotification

gdi32

SetPixelFormat
ChoosePixelFormat
CreateDIBSection
CreateBitmap
DescribePixelFormat
SwapBuffers
DeleteObject
CreateRectRgn
GetDeviceCaps
CreateDCW
DeleteDC
GetDeviceGammaRamp
SetDeviceGammaRamp

shell32

ShellExecuteA
DragAcceptFiles
DragFinish
SHFileOperationA
DragQueryFileW
DragQueryPoint

msvcp140

?good@ios_base@std@@QEBA_NXZ
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
_Query_perf_frequency
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Winerror_map@std@@YAHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?id@?$ctype@D@std@@2V0locale@2@A
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Syserror_map@std@@YAPEBDH@Z
_Query_perf_counter
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?setf@ios_base@std@@QEAAHHH@Z
??Bios_base@std@@QEBA_NXZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
??7ios_base@std@@QEBA_NXZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?_Xbad_function_call@std@@YAXXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?uncaught_exceptions@std@@YAHXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Xlength_error@std@@YAXPEBD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext
ImmSetCandidateWindow

dwmapi

DwmExtendFrameIntoClientArea

normaliz

IdnToAscii

wldap32

ord143
ord217
ord46
ord211
ord60
ord45
ord50
ord41
ord22
ord26
ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord27

crypt32

CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertGetCertificateChain
CertFreeCertificateChain
CertFreeCertificateChainEngine
CertFreeCertificateContext

ws2_32

sendto
select
gethostname
ntohl
closesocket
recv
send
WSAGetLastError
bind
connect
freeaddrinfo
getpeername
getsockname
getaddrinfo
getsockopt
htons
ntohs
setsockopt
recvfrom
__WSAFDIsSet
socket
WSASetLastError
WSAIoctl
WSAStartup
WSACleanup
accept
htonl
listen
ioctlsocket

shlwapi

PathFindFileNameW

rpcrt4

RpcStringFreeA
UuidToStringA
UuidCreate

psapi

GetModuleInformation

userenv

UnloadUserProfile

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memcmp
memchr
_CxxThrowException
memmove
memcpy
strrchr
wcsstr
__C_specific_handler
strchr
strstr
__std_terminate
__std_exception_copy
__std_exception_destroy
__current_exception_context
__current_exception
memset

api-ms-win-crt-runtime-l1-1-0

system
_invalid_parameter_noinfo_noreturn
_initialize_narrow_environment
strerror
__sys_nerr
_invalid_parameter_noinfo
_resetstkoflw
exit
_beginthreadex
_getpid
abort
_configure_narrow_argv
_errno
_register_thread_local_exe_atexit_callback
_c_exit
__p___argv
__p___argc
_initialize_onexit_table
_exit
_initterm_e
_initterm
_get_initial_narrow_environment
_set_app_type
_seh_filter_exe
terminate
_cexit
_crt_atexit
_register_onexit_function

api-ms-win-crt-heap-l1-1-0

_set_new_mode
_callnewh
free
calloc
malloc
realloc

api-ms-win-crt-stdio-l1-1-0

__p__commode
fread
_read
_write
__stdio_common_vsscanf
_close
_lseeki64
_open
_set_fmode
fputc
feof
fputs
fopen
__stdio_common_vsprintf
_wfopen
__acrt_iob_func
fwrite
fseek
fflush
_pclose
fgets
fclose
__stdio_common_vsprintf_s
fgetc
ftell
_get_stream_buffer_pointers
_fseeki64
fsetpos
ungetc
__stdio_common_vsnprintf_s
setvbuf
fgetpos
_popen
__stdio_common_vfprintf

api-ms-win-crt-string-l1-1-0

strspn
strcmp
tolower
strcspn
_strdup
strpbrk
isupper
strncmp
strncpy

api-ms-win-crt-utility-l1-1-0

rand
srand
qsort

api-ms-win-crt-convert-l1-1-0

strtoll
strtol
strtoul
atof
atoi
strtod
strtoull

api-ms-win-crt-time-l1-1-0

_localtime64_s
strftime
_localtime64
_gmtime64
_time64

api-ms-win-crt-filesystem-l1-1-0

_fstat64
remove
_access
_stat64
_unlock_file
_lock_file
_unlink

api-ms-win-crt-math-l1-1-0

atan
atan2
asin
ceilf
fminf
cos
_dclass
cosf
acosf
powf
_dsign
fmodf
tanf
fmod
__setusermatherr
sin
sinf
sqrtf

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
___lc_codepage_func
localeconv

advapi32

OpenProcessToken
AddAccessAllowedAce
GetLengthSid
GetTokenInformation
InitializeAcl
IsValidSid
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
ConvertSidToStringSidA
CopySid
SetSecurityInfo

Sections

.text
Size: 971KB - Virtual size: 970KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 414KB - Virtual size: 413KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 464B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e94d7c3a74cfa19138ce510db5437a00

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

d3d11

d3dcompiler_47

kernel32

user32

gdi32

shell32

msvcp140

imm32

dwmapi

normaliz

wldap32

crypt32

ws2_32

shlwapi

rpcrt4

psapi

userenv

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-locale-l1-1-0

advapi32

Sections

.text Size: 971KB - Virtual size: 970KB

.rdata Size: 414KB - Virtual size: 413KB

.data Size: 8KB - Virtual size: 28KB

.pdata Size: 35KB - Virtual size: 35KB

_RDATA Size: 512B - Virtual size: 464B

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 971KB - Virtual size: 970KB

.rdata
Size: 414KB - Virtual size: 413KB

.data
Size: 8KB - Virtual size: 28KB

.pdata
Size: 35KB - Virtual size: 35KB

_RDATA
Size: 512B - Virtual size: 464B

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 3KB - Virtual size: 3KB