RobloxPlayerBeta_exe_PID3f28_hiddenmodule_26E75E40000_x64[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

RobloxPlayerBeta_exe_PID3f28_hiddenmodule_26E75E40000_x64.exe
Size

97.9MB
MD5

8ae0376632aeaa64c901baf607715cf5
SHA1

a3eaa8b0f9e1d26f5e0ddefe6a21ab17ad6c06eb
SHA256

81d3e73de9df7e7ef586aada34cdbcb9ed4e69a497499db8ea2a0bb51a5d4cce
SHA512

d8ff79389d4912cccfd99d6445138c986bacf3487b79a9b874d10303727e9a4dff4c92afac71721c22a210de04adde0b1af5fd8139d21d67e030debae7d34fbf
SSDEEP

1572864:f/7t/rNNX7IubZRh1DIv/n2Rk11fBQDbZ+QjxlUF63QpsQ:nlNNLhn1DIv/n2RkvZQjxiu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
RobloxPlayerBeta_exe_PID3f28_hiddenmodule_26E75E40000_x64.exe

Files

RobloxPlayerBeta_exe_PID3f28_hiddenmodule_26E75E40000_x64.exe
.exe windows:6 windows x64 arch:x64

f26c060b557c7fcd003e8c02884dc663

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

robloxplayerbeta

run

cryptsp

CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptCreateHash

cryptbase

SystemFunction036

kernelbase

RegSetValueExW
EqualSid
AllocateAndInitializeSid
RegQueryValueExW
GetSidSubAuthorityCount
GetSidSubAuthority
RegOpenKeyExW
RegGetValueW
OpenProcessToken
GetTokenInformation
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
SleepConditionVariableSRW
InitOnceComplete
InitOnceBeginInitialize
GetStringTypeW
GetDiskFreeSpaceExW
FlsAlloc
FlsGetValue
FlsSetValue
GetCPInfo
GetLocaleInfoEx
GetStartupInfoW
InitializeCriticalSectionEx
GetLastError
RaiseException
GetModuleFileNameA
FindFirstFileW
GetSystemTimeAsFileTime
FindNextFileW
ReleaseSemaphore
GetModuleHandleExW
OutputDebugStringA
GetModuleFileNameW
WaitForMultipleObjects
GetTempPathW
CreateMutexA
WaitForSingleObject
ReleaseMutex
UnmapViewOfFile
GetModuleHandleA
MultiByteToWideChar
Sleep
SetEvent
WaitForSingleObjectEx
GlobalAlloc
DeleteFileW
CloseHandle
ResetEvent
LoadResource
SetCurrentDirectoryW
GetProcessHeap
SystemTimeToFileTime
GetModuleHandleW
GetCommandLineA
GetSystemTime
CreateEventA
MapViewOfFile
GetCurrentProcess
GetProcessTimes
FreeLibrary
LoadLibraryExA
CreateMutexW
CreateFileMappingW
CreateEventW
WriteFile
VirtualAlloc
ResumeThread
CreateFileA
LoadLibraryA
GetVersionExA
CompareFileTime
FindFirstFileA
FindNextFileA
FileTimeToSystemTime
CreateFileW
LocalAlloc
LocalFree
LoadLibraryW
SetThreadPriority
SetErrorMode
DuplicateHandle
GetACP
GetSystemInfo
OpenProcess
GetLocaleInfoW
WaitForMultipleObjectsEx
LCMapStringW
GetStdHandle
GetFileType
SleepEx
GetExitCodeThread
GetVersion
CreateDirectoryW
GetFileAttributesW
LockFileEx
SetEndOfFile
UnlockFileEx
FindClose
SetNamedPipeHandleState
TransactNamedPipe
CreateNamedPipeW
GetFileSizeEx
ReadFile
SetFilePointerEx
GetFileTime
RemoveDirectoryW
MoveFileExW
VirtualQuery
GlobalMemoryStatusEx
GetEnvironmentVariableW
LoadLibraryExW
SetFilePointer
InitializeCriticalSectionAndSpinCount
GetEnvironmentVariableA
TlsSetValue
TlsAlloc
GetNativeSystemInfo
GetProcessImageFileNameA
GetProcessMemoryInfo
FreeEnvironmentStringsA
GetEnvironmentStringsW
SetWaitableTimer
GetFullPathNameW
SetFileTime
GetFileAttributesExW
GetCurrentDirectoryW
AreFileApisANSI
GetCommandLineW
SetConsoleCtrlHandler
GetTimeZoneInformation
HeapQueryInformation
IsValidCodePage
WideCharToMultiByte
PathAddBackslashA
PathAppendA
PathFindFileNameA
PathFindFileNameW
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueA
GetLastError

ntdll

RtlFreeSid
RtlInitializeConditionVariable
RtlPcToFileHeader
RtlUnwindEx
RtlDecodePointer
RtlDeleteCriticalSection
RtlFreeHeap
RtlRestoreLastWin32Error
RtlEnterCriticalSection
RtlLeaveCriticalSection
RtlSizeHeap
RtlReAllocateHeap
RtlAllocateHeap
VerSetConditionMask
RtlInitializeCriticalSection
TpSetPoolMaxThreads
TpPostWork
RtlInitializeSListHead
RtlInterlockedPopEntrySList
RtlAddVectoredExceptionHandler
RtlQueryPerformanceCounter
RtlQueryPerformanceFrequency
RtlRemoveVectoredExceptionHandler
RtlWakeConditionVariable
RtlInitializeConditionVariable
RtlWakeAllConditionVariable
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
RtlGetCurrentProcessorNumber
RtlReleaseSRWLockShared
RtlAcquireSRWLockShared
RtlEncodePointer

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
BuildExplicitAccessWithNameA
BuildSecurityDescriptorW

crypt32

CryptProtectData
CryptUnprotectData

gdi32

DeleteObject
CreateDIBSection
CreateBitmap

imm32

ImmGetDefaultIMEWnd
ImmGetContext
ImmGetOpenStatus
ImmSetOpenStatus
ImmSetCompositionWindow

iphlpapi

GetAdaptersAddresses

kernel32

GetTickCount
GetGeoInfoA
GetCurrentThreadId
GlobalFree
GetUserGeoID
GetProcAddress
GlobalLock
CreateFileMappingA
GlobalUnlock
CreateProcessW
VerifyVersionInfoW
GetShortPathNameW
FindResourceExA
GetTickCount64
CreateThread
CreateSemaphoreA
CreateThreadpool
SetThreadpoolThreadMinimum
CreateThreadpoolCleanupGroup
CreateThreadpoolWork
Process32First
CreateToolhelp32Snapshot
Process32Next
CreateWaitableTimerA
FreeLibraryAndExitThread
timeGetTime
timeGetDevCaps
timeBeginPeriod
timeEndPeriod

oleaut32

VariantClear
VariantInit

powrprof

CallNtPowerInformation

setupapi

SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
SetupDiDestroyDeviceInfoList

user32

MapVirtualKeyW
PostMessageW
GetClassInfoExW
LoadCursorW
CallWindowProcW
RegisterDeviceNotificationA
RegisterClassW
GetMonitorInfoA
CreateWindowExA
GetClientRect
SetWindowLongPtrA
RegisterClassExA
UpdateWindow
GetClipboardData
LoadKeyboardLayoutA
MapVirtualKeyExA
PtInRect
GetCursorPos
EnableWindow
GetClassLongPtrA
CreateIconIndirect
SetClassLongPtrA
GetSystemMetrics
DispatchMessageW
TranslateMessage
CreateWindowExW
DestroyCursor
OpenClipboard
CloseClipboard
LoadStringW
SetForegroundWindow
GetMessageW
PeekMessageW
RegisterClassExW
LoadIconW
RegisterClipboardFormatW
LoadCursorA
MonitorFromWindow
ScreenToClient
SetWindowTextW
IsWindow
ClientToScreen
CallWindowProcA
EnumDisplayDevicesA

win32u

NtUserGetForegroundWindow
NtUserRegisterRawInputDevices
NtUserClipCursor
NtUserSetCursor
NtUserWindowFromPoint
NtUserGetKeyboardLayoutList
NtUserGetDoubleClickTime
NtUserGetRawInputData
NtUserTrackMouseEvent
NtUserShowWindow

winmm

timeSetEvent

ws2_32

getsockname
sendto
recvfrom
__WSAFDIsSet
select
send
socket
bind
setsockopt
WSAStartup
inet_pton
FreeAddrInfoW
getaddrinfo
inet_ntop
htonl
htonl
htons
htons
accept
getsockopt
WSACreateEvent
WSACloseEvent
WSAIoctl
connect
listen
gethostname
ioctlsocket
getnameinfo
recv

bcrypt

BCryptGenRandom

combase

PropVariantClear
CoInitializeEx
CoTaskMemAlloc
StringFromGUID2
CoCreateInstance
CoCreateGuid
CoUninitialize
CoTaskMemFree

urlmon

ObtainUserAgentString
UrlMkSetSessionOption

Exports

Exports

?generic_category@system@boost@@YAAEBVerror_category@12@XZ
?system_category@system@boost@@YAAEBVerror_category@12@XZ
AmdPowerXpressRequestHighPerformance
NvOptimusEnablement

Sections

.text
Size: 56.8MB - Virtual size: 56.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18.8MB - Virtual size: 18.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14.9MB - Virtual size: 14.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

CPADinfo
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 4.7MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 630KB - Virtual size: 629KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.acedia
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f26c060b557c7fcd003e8c02884dc663

Headers

DLL Characteristics

File Characteristics

Imports

robloxplayerbeta

cryptsp

cryptbase

kernelbase

ntdll

advapi32

crypt32

gdi32

imm32

iphlpapi

kernel32

oleaut32

powrprof

setupapi

user32

win32u

winmm

ws2_32

bcrypt

combase

urlmon

Exports

Exports

Sections

.text Size: 56.8MB - Virtual size: 56.8MB

.rodata Size: 2KB - Virtual size: 2KB

.rdata Size: 18.8MB - Virtual size: 18.8MB

.data Size: 14.9MB - Virtual size: 14.9MB

.pdata Size: 1.9MB - Virtual size: 1.9MB

CPADinfo Size: 512B - Virtual size: 56B

_RDATA Size: 41KB - Virtual size: 41KB

.vmp0 Size: 4.7MB - Virtual size: 4.7MB

.reloc Size: 630KB - Virtual size: 629KB

.rsrc Size: 152KB - Virtual size: 152KB

.acedia Size: 28KB - Virtual size: 28KB

.text
Size: 56.8MB - Virtual size: 56.8MB

.rodata
Size: 2KB - Virtual size: 2KB

.rdata
Size: 18.8MB - Virtual size: 18.8MB

.data
Size: 14.9MB - Virtual size: 14.9MB

.pdata
Size: 1.9MB - Virtual size: 1.9MB

CPADinfo
Size: 512B - Virtual size: 56B

_RDATA
Size: 41KB - Virtual size: 41KB

.vmp0
Size: 4.7MB - Virtual size: 4.7MB

.reloc
Size: 630KB - Virtual size: 629KB

.rsrc
Size: 152KB - Virtual size: 152KB

.acedia
Size: 28KB - Virtual size: 28KB