RobloxStudioLauncherBeta[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

RobloxStudioLauncherBeta.exe
Size

1.9MB
MD5

4abf5ef6fa1347049a3e3559aeef541a
SHA1

d179b092d1c491ddb42ea9c9a43cb3a0f5df520c
SHA256

704359102c232cb731fc1385a6963d89d8bd9351e7768524e229d9653f9067e2
SHA512

48c93254c047a066a74a7a445a0282af7a2b2ae2be040c2299df8265114ecf3995696a5391b5386e963e1e11c213f6416d8208872ae804f5f3c913c726c6d081
SSDEEP

49152:3bfz3iHGoSS1OP7kxTwe8Ce5Nw3UFMSQkPKdAFPToaXbrd4n:3zz+GoWPjXbg

Score

1^/10

Malware Config

Signatures

Files

RobloxStudioLauncherBeta.exe
.exe windows:5 windows x86 arch:x86

246c1c3383915df5089e6b42a25b8748

Code Sign

7a:0b:ab:6c:70:f0:a1:28:80:99:f7:7c:b3:c3:c1:aa
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

13/07/2019, 00:00

Not After

12/07/2022, 23:59

Subject

CN=Roblox Corporation,O=Roblox Corporation,L=San Mateo,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5f:19:cd:1e:e5:38:dd:22:af:6d:78:59:a5:88:a0:e1:fa:09:07:83
Signer

Actual PE Digest

5f:19:cd:1e:e5:38:dd:22:af:6d:78:59:a5:88:a0:e1:fa:09:07:83

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\teamcity-agent\work\Trunk2017\build.msvc\Win32\Installer-Release\BootstrapperQTStudio\RobloxStudioLauncherBeta.pdb

Imports

kernel32

GetDriveTypeW
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
GetCurrentDirectoryW
GetFullPathNameW
DeleteCriticalSection
RaiseException
DecodePointer
CreateEventA
GetModuleHandleW
OpenEventW
CreateEventW
OpenMutexW
CreateMutexW
lstrlenW
lstrcmpW
CloseHandle
WaitForSingleObject
ReleaseMutex
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
GetLastError
GetProcessHeap
HeapSize
SwitchToThread
RegisterWaitForSingleObject
UnregisterWaitEx
PostQueuedCompletionStatus
GetQueuedCompletionStatus
CreateIoCompletionPort
DisconnectNamedPipe
ConnectNamedPipe
WaitNamedPipeW
CreateNamedPipeW
TransactNamedPipe
SetNamedPipeHandleState
ReadProcessMemory
VirtualQueryEx
InitializeCriticalSection
GetSystemDefaultLCID
HeapFree
HeapReAlloc
HeapAlloc
GetThreadLocale
GetThreadContext
GetProcessId
SuspendThread
GetProcessTimes
SetProcessShutdownParameters
UnlockFileEx
LockFileEx
GetVersion
GetExitCodeThread
SleepEx
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindFirstFileExW
GetTimeZoneInformation
SetConsoleCtrlHandler
SetEndOfFile
SetStdHandle
EnumSystemLocalesW
IsValidLocale
HeapDestroy
GetProcAddress
LocalFree
FormatMessageA
LockResource
LoadResource
SizeofResource
FindResourceW
FindResourceExW
CreateDirectoryW
CreateFileW
GetFileAttributesW
MultiByteToWideChar
WideCharToMultiByte
GetCurrentThreadId
SetLastError
ReleaseSemaphore
Sleep
GetTickCount
CreateSemaphoreW
WaitForSingleObjectEx
VerSetConditionMask
GetFileSize
WriteFile
ReadFile
FormatMessageW
FindResourceA
GetTempPathW
DeleteFileW
GetVersionExW
VerifyVersionInfoW
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
FreeLibrary
OpenProcess
GetCurrentProcess
TerminateProcess
GetExitCodeProcess
GetCurrentThread
GetStdHandle
FindClose
GetSystemTime
GetLocalTime
SystemTimeToFileTime
CompareFileTime
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
LoadLibraryW
GetModuleFileNameW
CreateProcessW
BeginUpdateResourceW
UpdateResourceA
EndUpdateResourceW
GetDiskFreeSpaceExW
RemoveDirectoryW
SetFileAttributesW
FindFirstFileW
FindNextFileW
CopyFileW
GetGeoInfoW
GetUserGeoID
GetUserDefaultLCID
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
FreeConsole
AttachConsole
GetSystemTimeAsFileTime
CreateSemaphoreA
DuplicateHandle
GetModuleHandleA
GetShortPathNameW
IsWow64Process
GetFileSizeEx
FlushFileBuffers
SetFileTime
lstrcpyW
GetFileAttributesExW
MoveFileW
OpenEventA
GetCurrentProcessId
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetSystemInfo
WaitForMultipleObjectsEx
ResumeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateWaitableTimerW
SetWaitableTimer
FileTimeToSystemTime
QueryPerformanceCounter
QueryPerformanceFrequency
SetFilePointer
GetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
lstrcmpiW
lstrcatW
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
EncodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
RtlUnwind
LoadLibraryExW
GetCommandLineA
GetCommandLineW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetFileType
SetFilePointerEx
ExitProcess
GetACP
GetConsoleMode
ReadConsoleW
GetConsoleCP

user32

GetWindowRect
InvalidateRect
ShowWindow
SetWindowLongW
GetParent
CreateWindowExW
CallWindowProcW
DefWindowProcW
SendMessageW
UnregisterClassW
MessageBoxA
GetWindowLongW
GetSystemMetrics
GetWindowTextW
IsWindowVisible
PostMessageW
LoadBitmapW
FillRect
MessageBoxExW
EndPaint
GetMessageW
TranslateMessage
DispatchMessageW
PostThreadMessageW
SetWindowPos
CharUpperW
CharNextW
SetFocus
LoadAcceleratorsW
TranslateAcceleratorW
SetForegroundWindow
AllowSetForegroundWindow
SetWindowTextW
MessageBoxW
EnumWindows
GetWindowThreadProcessId
LoadIconW
PostQuitMessage
RegisterClassW
DestroyWindow
GetDlgItem
GetDlgCtrlID
SetTimer
BeginPaint
EnableWindow
KillTimer
DrawTextW
GetDC
ReleaseDC

gdi32

CreateSolidBrush
DeleteObject
SetDCBrushColor
SelectObject
SetDCPenColor
Rectangle
GetStockObject
GetDeviceCaps
CreatePen
CreateFontW
SetBkMode
SetTextColor
RoundRect

advapi32

RegQueryValueExW
RegQueryInfoKeyW
GetTokenInformation
CryptAcquireContextW
CryptReleaseContext
CryptGetHashParam
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
CryptCreateHash
CryptHashData
CryptDestroyHash
RegDeleteValueW
ImpersonateNamedPipeClient
DuplicateToken
OpenProcessToken
OpenThreadToken
IsValidSid
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
GetLengthSid
CopySid
GetUserNameW
CheckTokenMembership
RegDeleteKeyW
RegEnumKeyExW
RegEnumValueW
SystemFunction036
RevertToSelf
RegFlushKey

shell32

CommandLineToArgvW
SHGetFolderPathAndSubDirW
ShellExecuteW
ShellExecuteExW
Shell_NotifyIconA
ord165
Shell_NotifyIconW

ole32

CoUninitialize
CoInitialize
CoCreateInstance
CoCreateGuid
StringFromGUID2
CreateStreamOnHGlobal

shlwapi

StrCmpW
PathFileExistsW
PathRemoveExtensionW
StrStrW
PathAppendW
PathRemoveFileSpecW
StrDupW
StrCmpNW
StrCpyW
SHDeleteKeyW
PathAddBackslashW
StrRChrW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

wininet

InternetCloseHandle
InternetOpenW
InternetReadFile
InternetWriteFile
InternetQueryDataAvailable
HttpQueryInfoW
InternetSetOptionW
HttpEndRequestW
HttpSendRequestExW
InternetConnectW
HttpSendRequestW
HttpAddRequestHeadersW
InternetQueryOptionW
HttpOpenRequestW

ws2_32

sendto
socket
closesocket
freeaddrinfo
WSAStartup
WSACleanup
WSAGetLastError
send
connect
htons
getaddrinfo

sensapi

IsNetworkAlive

userenv

UnloadUserProfile

comctl32

InitCommonControlsEx
_TrackMouseEvent

gdiplus

GdipAlloc
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipDisposeImage
GdiplusShutdown
GdiplusStartup
GdipFree
GdipCloneImage

psapi

GetProcessImageFileNameW
EnumProcesses

winmm

timeBeginPeriod
timeSetEvent
timeGetTime
timeGetDevCaps

winhttp

WinHttpConnect
WinHttpCloseHandle
WinHttpOpen
WinHttpReadData
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpWriteData
WinHttpSetTimeouts
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpCrackUrl
WinHttpSendRequest

powrprof

CallNtPowerInformation

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 823KB - Virtual size: 822KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 269KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 344KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

CPADinfo
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 801KB - Virtual size: 801KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

246c1c3383915df5089e6b42a25b8748

Code Sign

7a:0b:ab:6c:70:f0:a1:28:80:99:f7:7c:b3:c3:c1:aaCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

5f:19:cd:1e:e5:38:dd:22:af:6d:78:59:a5:88:a0:e1:fa:09:07:83Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

version

wininet

ws2_32

sensapi

userenv

comctl32

gdiplus

psapi

winmm

winhttp

powrprof

iphlpapi

Sections

.text Size: 823KB - Virtual size: 822KB

.rdata Size: 269KB - Virtual size: 268KB

.data Size: 18KB - Virtual size: 344KB

.tls Size: 512B - Virtual size: 13B

.gfids Size: 512B - Virtual size: 420B

CPADinfo Size: 512B - Virtual size: 40B

.rsrc Size: 801KB - Virtual size: 801KB

.reloc Size: 44KB - Virtual size: 43KB

7a:0b:ab:6c:70:f0:a1:28:80:99:f7:7c:b3:c3:c1:aa
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

5f:19:cd:1e:e5:38:dd:22:af:6d:78:59:a5:88:a0:e1:fa:09:07:83
Signer

.text
Size: 823KB - Virtual size: 822KB

.rdata
Size: 269KB - Virtual size: 268KB

.data
Size: 18KB - Virtual size: 344KB

.tls
Size: 512B - Virtual size: 13B

.gfids
Size: 512B - Virtual size: 420B

CPADinfo
Size: 512B - Virtual size: 40B

.rsrc
Size: 801KB - Virtual size: 801KB

.reloc
Size: 44KB - Virtual size: 43KB