C:\Trunk2012\Roblox-Bootstrapper\BootstrapperClient\bin\Release\RobloxPlayerLauncher.pdb
Static task
static1
Behavioral task
behavioral1
Sample
$RRJ1FQU.exe
Resource
win10v2004-20250502-en
Behavioral task
behavioral2
Sample
$RRJ1FQU.exe
Resource
win11-20250619-en
General
-
Target
$RRJ1FQU.exe
-
Size
689KB
-
MD5
073f1916542ee2817c9760f0c0367334
-
SHA1
ef41394d8ebcc6f157b2a5835236dfc4cdfff927
-
SHA256
6a51fd09f20a918cb416a84716f91219d0af5d2d3b1ffe7d4075d97f4cac89cf
-
SHA512
a70f87eef56911b8fef0f1bcd1dc99cae1d3ff4db34d86baf5e4afec51e1eb09bdf29ea2ca3ad03a5c5916d9e6e313d5194ab8864692454433c7d019a345df03
-
SSDEEP
6144:jghqvXBNmS42ufwckYOUEpNnK1uQwEMWIZLA5EWTBU7J+Ju+qNuhienWBBjN4J7a:jhYO8XE7ZQRSkyWTG7JGkeH4D
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource $RRJ1FQU.exe
Files
-
$RRJ1FQU.exe.exe windows:6 windows x86 arch:x86
aa60b15624e92d08e042371f6a99b571
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
kernel32
VerifyVersionInfoW
VerSetConditionMask
SetLastError
GetQueuedCompletionStatus
SetWaitableTimer
CreateIoCompletionPort
PostQueuedCompletionStatus
LoadResource
FindResourceExW
Sleep
SizeofResource
GetModuleHandleW
LocalFree
GetProcAddress
ResetEvent
CloseHandle
QueryPerformanceCounter
SleepEx
QueueUserAPC
TerminateThread
WaitForMultipleObjects
LeaveCriticalSection
EnterCriticalSection
FormatMessageA
LockResource
WaitForSingleObjectEx
GetCurrentThreadId
GetCurrentThread
LoadLibraryW
FreeLibrary
CreateProcessW
RaiseException
TerminateProcess
GetTickCount
GetUserGeoID
GetGeoInfoW
CompareFileTime
DeleteFileW
GetLocalTime
OpenProcess
FindResourceW
GetDiskFreeSpaceExW
SetFileAttributesW
RemoveDirectoryW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetShortPathNameW
CreateFileW
GetFileAttributesExW
GetFileSizeEx
GetFileAttributesW
MulDiv
GetExitCodeProcess
lstrcpyW
lstrcatW
WriteFile
GetFileTime
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
IsDebuggerPresent
OutputDebugStringW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
WaitForMultipleObjectsEx
OpenEventA
ResumeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleA
CreateWaitableTimerA
FindFirstFileW
FindNextFileW
FindClose
GetSystemTimeAsFileTime
CreateSemaphoreA
GetCurrentProcess
DuplicateHandle
lstrcmpW
ReleaseSemaphore
CreateDirectoryW
CreateEventA
SetEvent
FormatMessageW
CreateEventW
ReleaseMutex
GetVersionExW
OpenEventW
WaitForSingleObject
CreateMutexW
GetTempPathW
GetModuleFileNameW
GetSystemTime
WideCharToMultiByte
GetProcessHeap
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapReAlloc
GetLastError
MultiByteToWideChar
HeapSize
InitializeCriticalSectionAndSpinCount
lstrlenW
HeapFree
QueryPerformanceFrequency
user32
InvalidateRect
GetParent
PostQuitMessage
GetClientRect
SetWindowLongW
EndPaint
ShowWindow
ReleaseDC
GetDC
GetSystemMetrics
AllowSetForegroundWindow
CreateWindowExW
BeginPaint
SetTimer
RegisterClassW
LoadIconW
GetDlgItem
SetFocus
EnumWindows
GetWindowThreadProcessId
PostThreadMessageW
MessageBoxW
SetWindowPos
SetWindowTextW
CharUpperW
MessageBoxA
CharNextW
KillTimer
GetWindowTextW
PostMessageW
SetForegroundWindow
EnableWindow
SendMessageW
LoadAcceleratorsW
GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
FillRect
GetWindowRect
CallWindowProcW
DestroyWindow
LoadBitmapW
DefWindowProcW
GetWindowLongW
IsWindowVisible
gdi32
GetDeviceCaps
GetStockObject
Rectangle
SelectObject
CreatePen
SetBkColor
SetBkMode
SetTextColor
CreateFontW
DeleteObject
CreateSolidBrush
advapi32
GetTokenInformation
CryptHashData
CryptDestroyHash
CryptReleaseContext
CryptCreateHash
CryptAcquireContextW
RegFlushKey
RegEnumKeyExW
RegDeleteKeyW
DuplicateToken
CheckTokenMembership
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
OpenThreadToken
OpenProcessToken
CopySid
GetLengthSid
IsValidSid
RegDeleteValueW
CryptGetHashParam
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
GetUserNameW
RegQueryValueExW
shell32
ShellExecuteW
ShellExecuteExW
SHGetFolderPathAndSubDirW
ole32
CoInitialize
StringFromGUID2
CoUninitialize
CoCreateInstance
CoCreateGuid
oleaut32
SysFreeString
VariantClear
SysAllocString
VariantInit
RegisterTypeLi
shlwapi
StrStrW
StrCmpW
PathFileExistsW
StrCmpNW
PathAddBackslashW
StrDupW
StrRChrW
StrCpyW
SHDeleteKeyW
msvcp140
?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHH@Z
?seekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE?AV?$fpos@U_Mbstatet@@@2@_JHH@Z
?seekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE?AV?$fpos@U_Mbstatet@@@2@V32@H@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?seekp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@U_Mbstatet@@@2@@Z
?tellp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAI@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
??_D?$basic_istream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
??7ios_base@std@@QBE_NXZ
??Bios_base@std@@QBE_NXZ
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??1facet@locale@std@@MAE@XZ
??0facet@locale@std@@IAE@I@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UAEXXZ
?_Gettrue@_Locinfo@std@@QBEPBDXZ
?_Getfalse@_Locinfo@std@@QBEPBDXZ
?_Getlconv@_Locinfo@std@@QBEPBUlconv@@XZ
??1_Locinfo@std@@QAE@XZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@U_Mbstatet@@@2@@Z
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?id@?$numpunct@_W@std@@2V0locale@2@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@N@Z
?uncaught_exception@std@@YA_NXZ
?_Xlength_error@std@@YAXPBD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?id@?$numpunct@D@std@@2V0locale@2@A
?__ExceptionPtrCopyException@@YAXPAXPBX1@Z
?id@?$ctype@D@std@@2V0locale@2@A
?__ExceptionPtrRethrow@@YAXPBX@Z
?__ExceptionPtrCurrentException@@YAXPAX@Z
?__ExceptionPtrAssign@@YAXPAXPBX@Z
?__ExceptionPtrCreate@@YAXPAX@Z
?__ExceptionPtrCopy@@YAXPAXPBX@Z
?__ExceptionPtrDestroy@@YAXPAX@Z
?classic@locale@std@@SAABV12@XZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
??Bid@locale@std@@QAEIXZ
?always_noconv@codecvt_base@std@@QBE_NXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?good@ios_base@std@@QBE_NXZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
_Mbrtowc
?_Xbad_alloc@std@@YAXXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Xout_of_range@std@@YAXPBD@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??0_Lockit@std@@QAE@H@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
??0_Locinfo@std@@QAE@PBD@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ
??1_Lockit@std@@QAE@XZ
version
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW
ws2_32
getaddrinfo
freeaddrinfo
connect
getsockopt
setsockopt
WSASocketW
WSASend
WSARecv
select
ioctlsocket
closesocket
WSASetLastError
WSAStartup
WSAGetLastError
WSACleanup
wininet
HttpQueryInfoW
HttpEndRequestW
InternetWriteFile
HttpSendRequestExW
InternetReadFile
InternetQueryDataAvailable
HttpAddRequestHeadersW
InternetSetOptionW
InternetConnectW
InternetCloseHandle
HttpSendRequestW
InternetOpenW
HttpOpenRequestW
sensapi
IsNetworkAlive
userenv
UnloadUserProfile
comctl32
InitCommonControlsEx
_TrackMouseEvent
psapi
EnumProcesses
GetProcessImageFileNameW
vcruntime140
memcpy
_setjmp3
__CxxFrameHandler3
__std_exception_destroy
__std_exception_copy
__std_terminate
longjmp
memchr
_purecall
wcsstr
memmove
memset
__current_exception
__current_exception_context
_except_handler4_common
_CxxThrowException
__std_type_info_compare
memcmp
api-ms-win-crt-string-l1-1-0
isspace
_wcsicmp
wcsnlen
wcsncpy_s
tolower
strncpy
ispunct
wmemcpy_s
wcscpy_s
wcscat_s
strcpy_s
api-ms-win-crt-heap-l1-1-0
_aligned_malloc
free
malloc
_callnewh
realloc
calloc
_recalloc
_set_new_mode
_aligned_free
api-ms-win-crt-convert-l1-1-0
wcstombs_s
_wtoi
atoi
api-ms-win-crt-stdio-l1-1-0
fputc
fflush
fclose
fopen
_set_fmode
fgetc
fwrite
ftell
ferror
fseek
__stdio_common_vsprintf
fgetpos
setvbuf
ungetc
__p__commode
fread
_fseeki64
_get_stream_buffer_pointers
__stdio_common_vsnprintf_s
__stdio_common_vsnwprintf_s
__stdio_common_vswprintf
__stdio_common_vsprintf_s
__stdio_common_vswprintf_s
fsetpos
api-ms-win-crt-runtime-l1-1-0
_beginthreadex
_set_app_type
_seh_filter_exe
_cexit
_controlfp_s
_crt_atexit
strerror
_register_onexit_function
_initialize_onexit_table
terminate
_configure_wide_argv
_register_thread_local_exe_atexit_callback
__p___argc
_c_exit
_initialize_wide_environment
_get_wide_winmain_command_line
_initterm
_initterm_e
exit
_exit
__p___wargv
_invalid_parameter_noinfo_noreturn
_getpid
_errno
_invalid_parameter_noinfo
api-ms-win-crt-utility-l1-1-0
srand
rand
api-ms-win-crt-filesystem-l1-1-0
_unlock_file
_lock_file
api-ms-win-crt-time-l1-1-0
_time64
_gmtime64
api-ms-win-crt-math-l1-1-0
__setusermatherr
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
iphlpapi
GetAdaptersInfo
Sections
.text Size: 246KB - Virtual size: 245KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 112KB - Virtual size: 112KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 10KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 300KB - Virtual size: 299KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 19KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ