ProjectXPlayerLauncher[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

ProjectXPlayerLauncher.exe
Size

1.2MB
MD5

f91e7873fabec34bb4ef53aeeaa3d148
SHA1

fd5bdf143a0e9ab4c96a242e07991b83b3d0c1cd
SHA256

507fc6305f31f8f365ea37d26d2fb5bd729fc9f172f4bd9774e1419407151178
SHA512

ef3105f5c59e9ebd47c0981eb7cc52e5e279e93a4c1b4cd957b6e2abe869842c04021cb722926dfd31d7ec1d9360b61bf2dce0d92690b0adac665edd35012907
SSDEEP

12288:f03U8c2nE/XHw+/CTtQD+XS+o9bGGD1Fil12T0CHUJa:f03U8/Sd6TG+i+odGGqz2+Ja

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ProjectXPlayerLauncher.exe

Files

ProjectXPlayerLauncher.exe
.exe windows:6 windows x86 arch:x86

feefc7a21046388a0aaea8d5bbc876d3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Trunk2012\Roblox-Bootstrapper\BootstrapperClient\bin\Release\RobloxPlayerLauncher.pdb

Imports

kernel32

FindResourceExW
LoadResource
LockResource
FindNextFileW
FindClose
FindResourceW
FormatMessageA
GetModuleHandleW
LocalFree
GetProcAddress
ResetEvent
CloseHandle
GetCurrentThread
Sleep
VerifyVersionInfoW
VerSetConditionMask
SetLastError
GetQueuedCompletionStatus
SetWaitableTimer
CreateIoCompletionPort
PostQueuedCompletionStatus
SleepEx
QueueUserAPC
TerminateThread
WaitForMultipleObjects
LeaveCriticalSection
EnterCriticalSection
SizeofResource
FindFirstFileW
FreeLibrary
CreateProcessW
RaiseException
TerminateProcess
GetTickCount
GetUserGeoID
GetGeoInfoW
DeleteFileW
lstrlenW
GetLocalTime
lstrcmpW
GetSystemTimeAsFileTime
GetDiskFreeSpaceExW
SetFileAttributesW
RemoveDirectoryW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetShortPathNameW
CreateFileW
GetFileAttributesExW
GetFileSizeEx
GetFileAttributesW
MulDiv
GetExitCodeProcess
lstrcpyW
lstrcatW
WriteFile
GetFileTime
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
IsDebuggerPresent
OutputDebugStringW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
WaitForMultipleObjectsEx
OpenEventA
ResumeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleA
CreateWaitableTimerA
CreateSemaphoreA
GetCurrentProcess
DuplicateHandle
ReleaseSemaphore
QueryPerformanceCounter
QueryPerformanceFrequency
WaitForSingleObjectEx
CreateDirectoryW
GetCurrentThreadId
OpenProcess
CreateEventA
SetEvent
FormatMessageW
CreateEventW
ReleaseMutex
GetVersionExW
OpenEventW
WaitForSingleObject
CreateMutexW
GetTempPathW
GetModuleFileNameW
GetSystemTime
WideCharToMultiByte
GetProcessHeap
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapReAlloc
GetLastError
MultiByteToWideChar
HeapSize
InitializeCriticalSectionAndSpinCount
CompareFileTime
HeapFree
LoadLibraryW

user32

AllowSetForegroundWindow
CharUpperW
InvalidateRect
GetParent
SetWindowLongW
LoadBitmapW
MessageBoxA
SendMessageW
CreateWindowExW
GetWindowRect
CallWindowProcW
DefWindowProcW
CharNextW
GetWindowTextW
GetWindowLongW
PostMessageW
SetFocus
SetForegroundWindow
IsWindowVisible
EnableWindow
DestroyWindow
KillTimer
ReleaseDC
GetDC
GetSystemMetrics
RegisterClassW
LoadIconW
EndPaint
FillRect
BeginPaint
PostQuitMessage
GetDlgItem
EnumWindows
GetWindowThreadProcessId
PostThreadMessageW
MessageBoxW
SetWindowPos
SetWindowTextW
LoadAcceleratorsW
GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
ShowWindow
SetTimer

gdi32

GetDeviceCaps
GetStockObject
Rectangle
SelectObject
CreatePen
SetBkMode
SetTextColor
CreateFontW
DeleteObject
CreateSolidBrush

advapi32

GetTokenInformation
CryptHashData
CryptDestroyHash
CryptReleaseContext
CryptCreateHash
CryptAcquireContextW
RegFlushKey
RegEnumKeyExW
RegDeleteKeyW
DuplicateToken
CheckTokenMembership
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
OpenThreadToken
OpenProcessToken
CopySid
GetLengthSid
IsValidSid
RegDeleteValueW
CryptGetHashParam
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
GetUserNameW
RegQueryValueExW

shell32

ShellExecuteW
ShellExecuteExW
SHGetFolderPathAndSubDirW

ole32

StringFromGUID2
CoInitialize
CoUninitialize
CoCreateInstance
CoCreateGuid

oleaut32

VariantClear
SysAllocString
VariantInit
SysFreeString
RegisterTypeLi

shlwapi

PathAddBackslashW
StrCmpNW
PathFileExistsW
StrDupW
StrRChrW
SHDeleteKeyW
StrCpyW
StrCmpW
StrStrW

msvcp140

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?seekp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@U_Mbstatet@@@2@@Z
?tellp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAI@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
??_D?$basic_istream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
??7ios_base@std@@QBE_NXZ
??Bios_base@std@@QBE_NXZ
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??1facet@locale@std@@MAE@XZ
??0facet@locale@std@@IAE@I@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UAEXXZ
?_Gettrue@_Locinfo@std@@QBEPBDXZ
?_Getfalse@_Locinfo@std@@QBEPBDXZ
?_Getlconv@_Locinfo@std@@QBEPBUlconv@@XZ
??1_Locinfo@std@@QAE@XZ
??0_Locinfo@std@@QAE@PBD@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@U_Mbstatet@@@2@@Z
?seekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE?AV?$fpos@U_Mbstatet@@@2@V32@H@Z
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?id@?$numpunct@_W@std@@2V0locale@2@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@N@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?uncaught_exception@std@@YA_NXZ
?_Xlength_error@std@@YAXPBD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?seekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE?AV?$fpos@U_Mbstatet@@@2@_JHH@Z
?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHH@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?id@?$numpunct@D@std@@2V0locale@2@A
?__ExceptionPtrCopyException@@YAXPAXPBX1@Z
?id@?$ctype@D@std@@2V0locale@2@A
?__ExceptionPtrRethrow@@YAXPBX@Z
?__ExceptionPtrCurrentException@@YAXPAX@Z
?__ExceptionPtrAssign@@YAXPAXPBX@Z
?__ExceptionPtrCreate@@YAXPAX@Z
?__ExceptionPtrCopy@@YAXPAXPBX@Z
?__ExceptionPtrDestroy@@YAXPAX@Z
?classic@locale@std@@SAABV12@XZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
??Bid@locale@std@@QAEIXZ
?always_noconv@codecvt_base@std@@QBE_NXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?good@ios_base@std@@QBE_NXZ
_Mbrtowc
?_Xbad_alloc@std@@YAXXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Xout_of_range@std@@YAXPBD@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

ws2_32

setsockopt
getaddrinfo
freeaddrinfo
connect
getsockopt
WSASocketW
WSASend
WSARecv
select
ioctlsocket
closesocket
WSAStartup
WSACleanup
WSAGetLastError
WSASetLastError

wininet

HttpQueryInfoW
HttpEndRequestW
InternetWriteFile
HttpSendRequestExW
InternetReadFile
InternetQueryDataAvailable
HttpAddRequestHeadersW
InternetSetOptionW
InternetConnectW
InternetCloseHandle
HttpSendRequestW
InternetOpenW
HttpOpenRequestW

sensapi

IsNetworkAlive

userenv

UnloadUserProfile

comctl32

InitCommonControlsEx
_TrackMouseEvent

psapi

EnumProcesses
GetProcessImageFileNameW

vcruntime140

memcpy
memchr
__CxxFrameHandler3
__std_exception_destroy
__std_exception_copy
__std_terminate
longjmp
__std_type_info_compare
_purecall
wcsstr
memmove
memset
__current_exception
__current_exception_context
_except_handler4_common
_CxxThrowException
memcmp
_setjmp3

api-ms-win-crt-string-l1-1-0

strcpy_s
_wcsicmp
isspace
ispunct
wcsncpy_s
wmemcpy_s
wcsnlen
strncpy
wcscpy_s
tolower
wcscat_s

api-ms-win-crt-heap-l1-1-0

_recalloc
realloc
free
malloc
calloc
_callnewh
_set_new_mode
_aligned_malloc
_aligned_free

api-ms-win-crt-convert-l1-1-0

_wtoi
atoi
wcstombs_s

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s
fflush
fclose
fopen
fgetc
fwrite
__stdio_common_vsprintf
fsetpos
ferror
fseek
fgetpos
setvbuf
ungetc
__p__commode
fread
_fseeki64
_get_stream_buffer_pointers
__stdio_common_vsnprintf_s
__stdio_common_vsnwprintf_s
__stdio_common_vswprintf
fputc
__stdio_common_vswprintf_s
_set_fmode
ftell

api-ms-win-crt-runtime-l1-1-0

_beginthreadex
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_controlfp_s
strerror
_register_onexit_function
_initialize_onexit_table
terminate
_initialize_wide_environment
_get_wide_winmain_command_line
__p___argc
__p___wargv
_register_thread_local_exe_atexit_callback
_initterm
_c_exit
_initterm_e
exit
_invalid_parameter_noinfo
_configure_wide_argv
_getpid
_invalid_parameter_noinfo_noreturn
_exit
_errno

api-ms-win-crt-utility-l1-1-0

rand
srand

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-time-l1-1-0

_time64
_gmtime64

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 246KB - Virtual size: 245KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 831KB - Virtual size: 831KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

feefc7a21046388a0aaea8d5bbc876d3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

msvcp140

version

ws2_32

wininet

sensapi

userenv

comctl32

psapi

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

iphlpapi

Sections

.text Size: 246KB - Virtual size: 245KB

.rdata Size: 112KB - Virtual size: 112KB

.data Size: 10KB - Virtual size: 11KB

.rsrc Size: 831KB - Virtual size: 831KB

.reloc Size: 19KB - Virtual size: 19KB

.text
Size: 246KB - Virtual size: 245KB

.rdata
Size: 112KB - Virtual size: 112KB

.data
Size: 10KB - Virtual size: 11KB

.rsrc
Size: 831KB - Virtual size: 831KB

.reloc
Size: 19KB - Virtual size: 19KB