Windows Analysis Report RobloxPlayerBeta.exe
Overview
General Information
Detection
Score: | 56 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
No yara matches |
---|
Sigma Overview |
---|
No Sigma rule has matched |
---|
Jbx Signature Overview |
---|
- • Cryptography
- • Compliance
- • Networking
- • Key, Mouse, Clipboard, Microphone and Screen Capturing
- • System Summary
- • Data Obfuscation
- • Hooking and other Techniques for Hiding and Protection
- • Malware Analysis System Evasion
- • Anti Debugging
- • Language, Device and Operating System Detection
Click to jump to signature section
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
System Summary: |
---|
Detected VMProtect packer |
Source: | Static PE information: |
Source: | Process created: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Process created: | ||
Source: | Process created: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Hooking and other Techniques for Hiding and Protection: |
---|
Overwrites code with unconditional jumps - possibly settings hooks in foreign process |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion: |
---|
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) |
Source: | Binary or memory string: |
Tries to detect virtualization through RDTSC time measurements |
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Process queried: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation | DLL Side-Loading1 | Process Injection1 | Masquerading1 | Credential API Hooking1 | Security Software Discovery211 | Remote Services | Credential API Hooking1 | Exfiltration Over Other Network Medium | Data Obfuscation | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | DLL Side-Loading1 | Virtualization/Sandbox Evasion1 | Input Capture11 | Virtualization/Sandbox Evasion1 | Remote Desktop Protocol | Input Capture11 | Exfiltration Over Bluetooth | Junk Data | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Process Injection1 | Security Account Manager | Process Discovery1 | SMB/Windows Admin Shares | Archive Collected Data1 | Automated Exfiltration | Steganography | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Timestomp1 | NTDS | System Information Discovery12 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | DLL Side-Loading1 | LSA Secrets | Remote System Discovery1 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings |
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse |
No Antivirus matches |
---|
No Antivirus matches |
---|
No Antivirus matches |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
No contacted domains info |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| low | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| low | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| low | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| low | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| low |
No contacted IP infos |
---|
General Information |
---|
Joe Sandbox Version: | 33.0.0 White Diamond |
Analysis ID: | 464540 |
Start date: | 13.08.2021 |
Start time: | 03:37:38 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 5m 16s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | RobloxPlayerBeta.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 29 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal56.evad.winEXE@2/4@0/0 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: | Failed |
Cookbook Comments: |
|
Warnings: | Show All
|
Time | Type | Description |
---|---|---|
03:38:51 | API Interceptor |
No context |
---|
No context |
---|
No context |
---|
No context |
---|
No context |
---|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 13616 |
Entropy (8bit): | 3.769994155026186 |
Encrypted: | false |
SSDEEP: | 192:H/3d5XZ8+MIH951JjRnJFD/u7sSS274It52:H/3TJPp951Jjh/u7sSX4It52 |
MD5: | 9DEACDCC23552EDC96D82DDBFC625EC9 |
SHA1: | 411E61ED46700BB83A1A1429DFF3FF795945B939 |
SHA-256: | 21FC54FEE7FB07825044D04DB6ED2774E9138EEC5F2CA5F9050DA287A2BF6824 |
SHA-512: | 6D44A13AE32646F7FE8C074E36A85DE7AEC824F421B86B3C8EAAB19319259ED82835F964D9379E2E4806DCBB57AC8ADA8D70441EF6150E8C456356CB5B01F06F |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 63538 |
Entropy (8bit): | 2.2917492500178267 |
Encrypted: | false |
SSDEEP: | 192:ZLpSHAbqj9llhRNRV1vL/qtI7aovoDPr2NKy6dTyKwLfmt2UeZp+y3IMMBFIqtKX:jSgeR1vOK7xgKNgyKtheZp+OIFB+Y5u |
MD5: | 48AAD875428A5B1687532B54243E3B29 |
SHA1: | 7FF376241DA5D2084C438CF6CEC9D32FE29FDE76 |
SHA-256: | CE48E640214C7BDE7CD1C0FA5534220D9F5F8D0226CB7DFCB4446B8F73791EE6 |
SHA-512: | A3733CA8D02E9513E7396731FE3F73B7C22FB7D6184B5F0F3C3B5A3F4D19CACC061ABE25946361E8A724B59C6F84025C11A7D64B638A0683F292651F193DB87C |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8446 |
Entropy (8bit): | 3.695613808776714 |
Encrypted: | false |
SSDEEP: | 192:Rrl7r3GLNipB6AS6YS7SUpNTCEgmftSyCpDo89b2dsf/ym:RrlsNi/6N6YOSUTTCEgmftSn2Wf7 |
MD5: | 201C91FD74D01DCA7224B9C32FC03A7C |
SHA1: | 6E50C63ED2C9D3B65941C8B5E763D1920D000285 |
SHA-256: | 545525FB4268C95651BC6C7A5AD7CAAB6B23BC544E8B66284F20C86D8F6C9A3B |
SHA-512: | 248558E4455944A1FAFFFD94FC51BB058C1DAC7D4A878E6D39AE215BD0F8C6A33B4784C6E64897CF0C253D1641A9B048653EEBDDEB72F55AF4CE1CF1A1755CB7 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4800 |
Entropy (8bit): | 4.477425712209682 |
Encrypted: | false |
SSDEEP: | 48:cvIwSD8zsLJgtWI9gJ8RWSC8B+8fm8M4J+wfTlwFo/+q8vTfTlzvI5sH8kFwqF8V:uITflbJ8ASNlJ+wbV/KTbZI5iFwqF4d |
MD5: | 7AC36B501A5975A4B3775C48ABA0DFF4 |
SHA1: | B30B2D69F25AC8B4ED073E194EC9B1D8627F53DF |
SHA-256: | D98AFD3BE307ECED38B2AFD31F6AF9D278B386AACD4DA3EA3A7AFA71D41664AD |
SHA-512: | C0D6BC1760D52712767713DBAFBBFC42D05EFDA07973B6D39219735C54232918EEB16CB86C3C6A891BBE316AE7CD60D14C25D706F4B2646A8F8D18FAE745B751 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 7.298572110312639 |
TrID: |
|
File name: | RobloxPlayerBeta.exe |
File size: | 43335640 |
MD5: | 710d9b62fb4a44ada297c90890d655eb |
SHA1: | 0e6459ba901763b1d644924a74e807c75224b0fd |
SHA256: | df7eeecca08052d1a779af121c975fc7e67e45589a55037f8bf7833c42532a59 |
SHA512: | e5cf0fb34732c7084a181ec228c068ac1686b073f7d234dc6a6af7a2a5884c1b67c80a79f4fe5ed6be44fa21b107b11f3bff120cc25551b66af35e075b930868 |
SSDEEP: | 786432:u/j5asOcuT4Mymj+Q3Ukn+tbU9AUP03Yy0ZzsnW4mh7je6ySzWwi/6gn4LNFg3/g:bsOHT4Mymj+Q3Ukn+tbU9AUP0IyQzsn+ |
File Content Preview: | MZ......................@...................................P...........!..L.!This program cannot be run in DOS mode....$.......l.._(...(...(...<.......<........R[.....z.......z.......z.......<...)...<...i...........<...-.......*...........(.......3o6.).. |
File Icon |
---|
Icon Hash: | 7ce080cccedae0c0 |
General | |
---|---|
Entrypoint: | 0x412a878 |
Entrypoint Section: | .vmp1 |
Digitally signed: | true |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE |
DLL Characteristics: | TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
Time Stamp: | 0x973ACCFF [Thu May 26 21:26:23 2050 UTC] |
TLS Callbacks: | 0x36ae54e, 0x1df15f9, 0x6133e0, 0x1df1677, 0x613410 |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 0 |
File Version Major: | 6 |
File Version Minor: | 0 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 0 |
Import Hash: | 29e6bd1835aaef096c5c7af6684f0731 |
Signature Valid: | true |
Signature Issuer: | CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US |
Signature Validation Error: | The operation completed successfully |
Error Number: | 0 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | 5C460FB7E07674686CB93C2A036450FE |
Thumbprint SHA-1: | 6650B1AB4BEEBA75501A7A8C2EB177388E890802 |
Thumbprint SHA-256: | 42A4E28E18BF52D6376334F6458BD9B3A0F459A0103776AC0FA041965C96164C |
Serial: | 7A0BAB6C70F0A1288099F77CB3C3C1AA |
Instruction |
---|
push 758A51E7h |
call 00007FEE9823085Dh |
add ebp, ecx |
jmp 00007FEE982197C9h |
test di, di |
xor bx, cx |
clc |
lea ebp, dword ptr [ebp-00000002h] |
mov word ptr [ebp+00h], cx |
bt ecx, ecx |
mov ecx, dword ptr [esi] |
lea esi, dword ptr [esi+00000004h] |
stc |
test esp, 69286055h |
cmc |
xor ecx, ebx |
stc |
ror ecx, 03h |
jmp 00007FEE985CA06Fh |
rol ecx, 1 |
cmp bl, FFFFFFBBh |
test si, di |
sub ecx, 349A48CAh |
stc |
bswap ecx |
neg ecx |
lea ecx, dword ptr [ecx+190F3435h] |
cmp ch, 0000007Bh |
xor ecx, 4CFD1381h |
bswap ecx |
add ecx, 4AAF53EAh |
ror ecx, 1 |
xor ebx, ecx |
test esp, edi |
add edi, ecx |
jmp 00007FEE9861D88Dh |
bswap edx |
jmp 00007FEE98CD6795h |
inc edx |
stc |
xor ebx, edx |
add edi, edx |
push edi |
ret |
lea edi, dword ptr [edi-00000001h] |
movzx ecx, byte ptr [edi] |
jmp 00007FEE986349D2h |
dec esp |
mov ecx, dword ptr [esi] |
inc sp |
mov esp, dword ptr [esi+08h] |
dec eax |
add esi, 0000000Ah |
xor di, 14D0h |
dec eax |
rcl edi, cl |
dec eax |
bt edi, ebp |
inc bp |
mov dword ptr [ecx], esp |
dec eax |
add edi, edx |
dec ecx |
arpl di, di |
dec eax |
movsx edi, bx |
dec ecx |
sub eax, 00000004h |
inc ecx |
mov edi, dword ptr [eax] |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x329e474 | 0x8d | .vmp1 |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x3d32fb8 | 0x2a8 | .vmp1 |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x3e8c000 | 0x49f32 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x2951e00 | 0x21d8 | .rdata |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x3d97000 | 0xf4d94 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x3d85f80 | 0x70 | .vmp1 |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x3638efc | 0x140 | .vmp1 |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x3d85910 | 0x40 | .vmp1 |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x36a5000 | 0xd4c | .vmp1 |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x1bb4106 | 0x1bb4200 | unknown | unknown | unknown | unknown | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.zero | 0x1bb6000 | 0x3642 | 0x3800 | False | 0.00258091517857 | data | 0.0 | |
.rdata | 0x1bba000 | 0xdffbd0 | 0x0 | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x29ba000 | 0x446520 | 0x0 | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rodata | 0x2e01000 | 0xba0 | 0x0 | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.vmpx | 0x2e02000 | 0xe78 | 0x1000 | False | 0.147216796875 | data | 1.67470523123 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
rbxi | 0x2e03000 | 0x8 | 0x0 | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
_RDATA | 0x2e04000 | 0x1ce0 | 0x0 | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.vmp0 | 0x2e06000 | 0x3366b4 | 0x0 | unknown | unknown | unknown | unknown | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.vmp1 | 0x313d000 | 0xc59fa0 | 0xc5a000 | unknown | unknown | unknown | unknown | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.reloc | 0x3d97000 | 0xf4d94 | 0xf4e00 | False | 0.724587440978 | data | 6.81779634953 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rsrc | 0x3e8c000 | 0x49f32 | 0x4a000 | False | 0.366682722762 | data | 5.43077456397 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0x3e8c448 | 0x10828 | dBase III DBT, version number 0, next free block index 40 | English | United States |
RT_ICON | 0x3e9cc70 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x3e9d0d8 | 0x78da | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States |
RT_ICON | 0x3ea49b4 | 0x10a8 | dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 0, next used block 0 | English | United States |
RT_ICON | 0x3ea5a5c | 0x4120 | data | English | United States |
RT_ICON | 0x3ea9b7c | 0x10828 | dBase III DBT, version number 0, next free block index 40 | English | United States |
RT_ICON | 0x3eba3a4 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x3eba80c | 0x6b8 | data | English | United States |
RT_ICON | 0x3ebaec4 | 0x988 | data | English | United States |
RT_ICON | 0x3ebb84c | 0x78da | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States |
RT_ICON | 0x3ec3128 | 0x10a8 | dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 0, next used block 0 | English | United States |
RT_ICON | 0x3ec41d0 | 0x1a68 | data | English | United States |
RT_ICON | 0x3ec5c38 | 0x25a8 | dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 0, next used block 0 | English | United States |
RT_ICON | 0x3ec81e0 | 0x4120 | data | English | United States |
RT_ICON | 0x3ecc300 | 0x148 | data | English | United States |
RT_ICON | 0x3ecc448 | 0x931c | data | English | United States |
RT_GROUP_ICON | 0x3ed5764 | 0xe6 | data | English | United States |
RT_VERSION | 0x3ed584c | 0x350 | data | English | United States |
RT_HTML | 0x3ed5b9c | 0xb2 | HTML document, ASCII text, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x3ed5c50 | 0x2e2 | ASCII text, with very long lines, with no line terminators | English | United States |
DLL | Import |
---|---|
IMM32.dll | ImmGetContext, ImmSetOpenStatus, ImmAssociateContext, ImmGetDefaultIMEWnd, ImmSetCompositionWindow, ImmGetCompositionStringA, ImmGetOpenStatus, ImmGetConversionStatus, ImmReleaseContext, ImmGetCompositionStringW |
SensApi.dll | IsNetworkAlive |
urlmon.dll | UrlMkSetSessionOption, ObtainUserAgentString |
MSACM32.dll | acmStreamSize, acmStreamConvert, acmStreamUnprepareHeader, acmStreamPrepareHeader, acmFormatSuggest, acmStreamOpen |
WINHTTP.dll | WinHttpSetCredentials, WinHttpSetTimeouts, WinHttpWriteData, WinHttpSetStatusCallback, WinHttpGetProxyForUrl, WinHttpQueryAuthSchemes, WinHttpCloseHandle, WinHttpSetOption, WinHttpConnect, WinHttpSendRequest, WinHttpReceiveResponse, WinHttpOpen, WinHttpAddRequestHeaders, WinHttpOpenRequest, WinHttpReadData, WinHttpQueryHeaders, WinHttpQueryDataAvailable |
WS2_32.dll | shutdown, listen, WSASetLastError, WSAStartup, getsockname, send, select, ntohs, recv, htons, WSACleanup, setsockopt, socket, WSAGetLastError, sendto, freeaddrinfo, connect, getaddrinfo, inet_addr, bind, ntohl, htonl, inet_pton, WSAIoctl, ioctlsocket, __WSAFDIsSet, recvfrom, gethostname, getsockopt, WSARecv, WSAAddressToStringW, getpeername, WSASocketW, WSAStringToAddressW, WSASend, WSAEnumNetworkEvents, WSAWaitForMultipleEvents, WSAResetEvent, WSAEventSelect, WSASetEvent, closesocket, WSACreateEvent, getnameinfo, WSACloseEvent, accept |
CRYPT32.dll | CertCreateCertificateContext, CryptProtectData, CertOpenStore, CertEnumCertificatesInStore, CertDuplicateCertificateContext, CryptUnprotectData, CertGetNameStringW, CertGetCertificateContextProperty, CryptStringToBinaryA, CryptDecodeObjectEx, CryptMsgClose, CertCloseStore, CertFindCertificateInStore, CryptMsgGetParam, CryptQueryObject, CertGetNameStringA, CertGetCertificateChain, CertFreeCertificateChain, CertFreeCertificateContext, CryptDecodeObject |
msdmo.dll | MoInitMediaType, MoFreeMediaType |
WINMM.dll | waveInClose, waveInPrepareHeader, waveOutGetNumDevs, timeEndPeriod, waveInGetNumDevs, waveOutGetDevCapsW, waveInReset, waveInUnprepareHeader, waveOutUnprepareHeader, waveOutClose, waveInGetDevCapsW, waveOutReset, waveInOpen, waveOutOpen, waveOutPrepareHeader, waveInStart, waveInAddBuffer, waveOutGetPosition, timeSetEvent, timeGetDevCaps, timeBeginPeriod, timeGetTime, timeKillEvent, waveOutWrite |
Secur32.dll | DeleteSecurityContext, InitializeSecurityContextA, FreeCredentialsHandle, AcquireCredentialsHandleA, CompleteAuthToken |
KERNEL32.dll | InterlockedFlushSList, GetVersionExW, LoadLibraryExW, ReadDirectoryChangesW, CancelIo, FindFirstFileExW, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetOEMCP, IsValidCodePage, EnumSystemLocalesW, GetUserDefaultLCID, IsValidLocale, GetTimeFormatW, GetDateFormatW, GetConsoleOutputCP, GetTimeZoneInformation, SetEnvironmentVariableW, ExitThread, SetStdHandle, SystemTimeToTzSpecificLocalTime, PeekNamedPipe, GetDriveTypeW, SetConsoleCtrlHandler, GetCommandLineW, GetCommandLineA, FreeLibraryAndExitThread, GetThreadTimes, UnregisterWait, RegisterWaitForSingleObject, GetNumaHighestNodeNumber, DeleteTimerQueueTimer, GetTickCount, GetSystemTimeAsFileTime, WaitForSingleObjectEx, WideCharToMultiByte, MultiByteToWideChar, HeapSize, HeapReAlloc, HeapFree, HeapAlloc, GetProcessHeap, HeapDestroy, CloseHandle, GetLastError, GetProcAddress, GetModuleFileNameW, GetModuleFileNameA, WaitForSingleObject, FormatMessageA, MulDiv, GetSystemPowerStatus, CreateEventA, UnmapViewOfFile, GetTempPathW, GetSystemTime, SystemTimeToFileTime, FindFirstFileW, DeleteFileW, FindNextFileW, SetEvent, CreateFileMappingA, MapViewOfFile, GetUserGeoID, GetGeoInfoA, GetModuleHandleA, GetProfileStringA, SetCurrentDirectoryW, OutputDebugStringA, VirtualProtect, CreateMutexA, ResetEvent, WaitForMultipleObjects, ReleaseMutex, OpenEventA, LoadResource, LockResource, GlobalAlloc, GlobalLock, GlobalUnlock, EnterCriticalSection, LeaveCriticalSection, RaiseException, SetLastError, GlobalHandle, GlobalFree, FindResourceA, DeleteCriticalSection, InitializeCriticalSectionEx, lstrcmpA, GetCurrentThreadId, Sleep, LocalAlloc, LocalFree, FileTimeToSystemTime, lstrcpynW, GetTickCount64, OutputDebugStringW, FreeLibrary, lstrcmpiA, IsDBCSLeadByte, SizeofResource, LoadLibraryExA, IsDebuggerPresent, ExitProcess, FindResourceExA, FindResourceW, VirtualQuery, K32GetModuleInformation, GetCurrentProcess, GetModuleHandleExA, DecodePointer, QueryPerformanceCounter, QueryPerformanceFrequency, InitializeCriticalSection, VirtualAlloc, VirtualFree, CreateFileA, GetCurrentProcessId, WriteFile, OpenThread, SuspendThread, GetThreadContext, ResumeThread, TerminateProcess, LoadLibraryA, WriteProcessMemory, SetUnhandledExceptionFilter, SetErrorMode, CreateProcessA, GetWindowsDirectoryW, K32EnumProcessModules, K32GetModuleFileNameExW, GetThreadPriority, SetThreadPriority, ReleaseSemaphore, DuplicateHandle, CreateSemaphoreA, QueryDepthSList, CreateThread, lstrlenW, GetACP, GetCurrentThread, GetVersionExA, GetLocalTime, CreateFileW, DeleteFileA, FindResourceExW, FindFirstFileA, FindNextFileA, CompareFileTime, GetShortPathNameW, VerSetConditionMask, VerifyVersionInfoW, IsWow64Process, CreateToolhelp32Snapshot, Module32FirstW, Module32NextW, GetTempPathA, FindFirstChangeNotificationA, SetThreadContext, WaitForMultipleObjectsEx, GetLocaleInfoW, GetModuleHandleW, LCMapStringW, WriteProfileStringW, K32GetProcessMemoryInfo, GlobalMemoryStatusEx, GetProcessTimes, LoadLibraryW, SwitchToThread, GetFileSizeEx, CreateFileMappingW, Process32First, Process32Next, SetWaitableTimer, TlsSetValue, GetLogicalProcessorInformation, TlsAlloc, CreateWaitableTimerA, TlsGetValue, TlsFree, CreateDirectoryW, GetFullPathNameW, DeviceIoControl, RemoveDirectoryW, SetFileTime, SetEndOfFile, FindClose, GetFileAttributesW, GetFileInformationByHandle, GetFileAttributesExW, GetDiskFreeSpaceExW, GetCurrentDirectoryW, SetFilePointerEx, MoveFileExW, CopyFileW, GetFileTime, SetFilePointer, AreFileApisANSI, SetThreadAffinityMask, ReadFile, TryEnterCriticalSection, FlushFileBuffers, GetSystemDirectoryA, Thread32First, Thread32Next, CompareStringW, GetThreadLocale, ExpandEnvironmentStringsW, SearchPathW, OpenEventW, GetEnvironmentVariableA, HeapCreate, FreeConsole, GetProcessAffinityMask, GetStdHandle, InitializeCriticalSectionAndSpinCount, FormatMessageW, AttachConsole, WriteConsoleW, CreateSemaphoreW, GetTimeFormatEx, GetDateFormatEx, CreateWaitableTimerW, GetQueuedCompletionStatus, CreateMutexW, PostQueuedCompletionStatus, CreateEventW, TerminateThread, QueueUserAPC, SleepEx, CreateIoCompletionPort, InitializeConditionVariable, WakeConditionVariable, SleepConditionVariableCS, WakeAllConditionVariable, GetNativeSystemInfo, VerifyVersionInfoA, FlushInstructionCache, DebugBreak, InitializeSRWLock, ReleaseSRWLockExclusive, AcquireSRWLockExclusive, ReleaseSRWLockShared, AcquireSRWLockShared, GetModuleHandleExW, GetEnvironmentVariableW, ChangeTimerQueueTimer, SetConsoleMode, ReadConsoleA, ReadConsoleW, SwitchToFiber, DeleteFiber, CreateFiber, GetFileType, ConvertFiberToThread, ConvertThreadToFiber, CreateTimerQueueTimer, SignalObjectAndWait, CreateTimerQueue, GetStartupInfoW, RtlUnwind, UnhandledExceptionFilter, GetCPInfo, QueueUserWorkItem, GetStringTypeW, GetExitCodeThread, IsProcessorFeaturePresent, GetSystemInfo, GetConsoleMode, InterlockedPushEntrySList, InterlockedPopEntrySList, InitializeSListHead, EncodePointer, UnregisterWaitEx |
USER32.dll | GetWindowThreadProcessId, SetRectEmpty, DispatchMessageA, FindWindowA, GetWindowInfo, EnumWindows, EmptyClipboard, SetClipboardData, MapVirtualKeyW, SendMessageW, PostMessageW, GetClassInfoExW, LoadCursorW, EnumDisplayDevicesA, GetAsyncKeyState, UnregisterDeviceNotification, RegisterDeviceNotificationW, UnregisterClassW, KillTimer, MsgWaitForMultipleObjectsEx, SetTimer, GetProcessWindowStation, GetUserObjectInformationW, SetForegroundWindow, SetWindowPlacement, ChangeDisplaySettingsExA, EnumDisplaySettingsExA, GetWindowPlacement, EndDialog, MapDialogRect, SetWindowContextHelpId, LoadIconA, MapWindowPoints, LoadImageA, MessageBoxExA, DispatchMessageW, TranslateMessage, UpdateWindow, ShowWindow, RegisterTouchWindow, CreateWindowExW, LoadStringW, GetMessageW, PeekMessageW, RegisterClassExW, LoadIconW, PostQuitMessage, GetDoubleClickTime, MapVirtualKeyA, MapVirtualKeyExA, GetRawInputData, TrackMouseEvent, GetCursorPos, SetCursor, GetForegroundWindow, CloseTouchInputHandle, GetTouchInputInfo, WindowFromPoint, SetRect, ClipCursor, GetWindowRect, CloseClipboard, GetClipboardData, OpenClipboard, ActivateKeyboardLayout, UnloadKeyboardLayout, RegisterRawInputDevices, LoadKeyboardLayoutA, GetMonitorInfoA, GetKeyboardLayoutList, GetKeyboardLayoutNameW, EnableWindow, RegisterWindowMessageA, GetWindowTextLengthA, GetWindowTextA, SetWindowTextA, BeginPaint, EndPaint, IsChild, GetFocus, SetFocus, GetDlgItem, SendMessageA, GetClassNameA, GetSysColor, RedrawWindow, GetClassInfoExA, CreateWindowExA, CreateAcceleratorTableA, ClientToScreen, GetParent, ScreenToClient, MoveWindow, SetCapture, ReleaseCapture, FillRect, GetClientRect, InvalidateRgn, CallWindowProcA, InvalidateRect, GetDC, ReleaseDC, GetDesktopWindow, DestroyAcceleratorTable, GetWindowLongA, SetWindowLongA, DefWindowProcA, LoadCursorA, RegisterClassExA, CreateDialogIndirectParamA, UnregisterClassA, DestroyWindow, SetWindowPos, IsDialogMessageA, IsWindow, ShowWindowAsync, GetWindow, DefWindowProcW, MessageBoxW, GetSystemMetrics, SetWindowTextW, PostMessageA, MessageBoxA, MonitorFromWindow, EnumDisplayMonitors, CharNextA, PostThreadMessageA, PtInRect, PeekMessageA, GetKeyboardLayout |
GDI32.dll | CreateSolidBrush, CreateCompatibleDC, CreateCompatibleBitmap, SelectObject, DeleteObject, BitBlt, DeleteDC, GetStockObject, GetObjectA, GetDeviceCaps, GetDIBits, ChoosePixelFormat, SetPixelFormat, SwapBuffers |
SHELL32.dll | SHQueryUserNotificationState, ShellExecuteW, SHGetFolderPathW, SHGetSpecialFolderPathW, SHGetFolderPathAndSubDirW, ShellExecuteA |
ole32.dll | CoTaskMemAlloc, StringFromGUID2, OleLockRunning, CoGetClassObject, CLSIDFromProgID, CLSIDFromString, OleInitialize, OleUninitialize, CoInitialize, CoCreateInstance, CoUninitialize, CoInitializeEx, CoCreateGuid, PropVariantClear, CreateStreamOnHGlobal, CoInitializeSecurity, CoSetProxyBlanket, CoTaskMemFree, CoTaskMemRealloc, CoFreeUnusedLibraries |
OLEAUT32.dll | SysAllocStringLen, SysStringLen, SysFreeString, SysAllocString, OleCreateFontIndirect, LoadRegTypeLib, LoadTypeLib, VariantClear, VariantInit, SysAllocStringByteLen, SysStringByteLen, VarUI4FromStr |
ADVAPI32.dll | RegEnumKeyExA, RegCloseKey, RegOpenKeyExA, RegQueryValueExA, RegGetValueW, RegDeleteKeyA, RegQueryInfoKeyW, EqualSid, RegSetValueExA, RegCreateKeyExA, FreeSid, RegOpenKeyExW, RegDeleteValueA, OpenProcessToken, GetTokenInformation, RegQueryValueExW, CryptGenRandom, CryptEnumProvidersW, CryptSignHashW, CryptDecrypt, CryptExportKey, CryptGetUserKey, CryptGetProvParam, CryptSetHashParam, ReportEventW, RegisterEventSourceW, DeregisterEventSource, SystemFunction036, CryptDestroyKey, CryptVerifySignatureA, CryptAcquireContextA, CryptAcquireContextW, CryptCreateHash, CryptHashData, CryptDestroyHash, CryptImportKey, CryptGetHashParam, CryptReleaseContext, RegQueryInfoKeyA, AllocateAndInitializeSid |
SHLWAPI.dll | PathAppendA, PathFindFileNameW, PathFindFileNameA, PathAddBackslashA |
dbghelp.dll | MiniDumpWriteDump |
VERSION.dll | VerQueryValueA, GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW |
HID.DLL | HidD_GetHidGuid |
SETUPAPI.dll | SetupDiEnumDeviceInterfaces, SetupDiGetDeviceInterfaceDetailA, SetupDiGetClassDevsA |
WINTRUST.dll | WinVerifyTrust |
WININET.dll | InternetGetCookieExA, InternetSetCookieExA |
IPHLPAPI.DLL | GetAdaptersAddresses |
POWRPROF.dll | CallNtPowerInformation |
OPENGL32.dll | glDepthMask, glDepthFunc, glBlendFunc, glColorMask, glPolygonOffset, glCullFace, glDisable, wglGetCurrentContext, glStencilFunc, glStencilOp, glPolygonMode, glClearColor, glClearDepth, glClearStencil, glClear, glDrawElements, glDrawArrays, glGenTextures, glTexImage2D, glTexParameteri, glPixelStorei, glTexSubImage2D, glDeleteTextures, glGetTexImage, glReadPixels, glTexParameterfv, glTexParameterf, glCopyTexSubImage2D, glReadBuffer, glBindTexture, glScissor, wglDeleteContext, wglMakeCurrent, wglCreateContext, wglGetCurrentDC, glGetError, glGetString, wglGetProcAddress, glStencilMask, glEnable, glViewport, glGetIntegerv |
COMCTL32.dll | ImageList_AddMasked, ImageList_Create |
WTSAPI32.dll | WTSSendMessageW |
KERNEL32.dll | VirtualQuery, GetSystemTimeAsFileTime, GetModuleHandleA, CreateEventA, GetModuleFileNameW, LoadLibraryA, TerminateProcess, GetCurrentProcess, CreateToolhelp32Snapshot, Thread32First, GetCurrentProcessId, GetCurrentThreadId, OpenThread, Thread32Next, CloseHandle, SuspendThread, ResumeThread, WriteProcessMemory, GetSystemInfo, VirtualAlloc, VirtualProtect, VirtualFree, GetProcessAffinityMask, SetProcessAffinityMask, GetCurrentThread, SetThreadAffinityMask, Sleep, FreeLibrary, GetTickCount, SystemTimeToFileTime, FileTimeToSystemTime, GlobalFree, LocalAlloc, LocalFree, GetProcAddress, ExitProcess, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSection, DeleteCriticalSection, GetModuleHandleW, LoadResource, MultiByteToWideChar, FindResourceExW, FindResourceExA, WideCharToMultiByte, GetThreadLocale, GetUserDefaultLCID, GetSystemDefaultLCID, EnumResourceNamesA, EnumResourceNamesW, EnumResourceLanguagesA, EnumResourceLanguagesW, EnumResourceTypesA, EnumResourceTypesW, CreateFileW, LoadLibraryW, GetLastError, FlushFileBuffers, CreateFileA, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, GetCommandLineA, RaiseException, RtlUnwind, HeapFree, GetCPInfo, InterlockedIncrement, InterlockedDecrement, GetACP, GetOEMCP, IsValidCodePage, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, HeapAlloc, LCMapStringA, LCMapStringW, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, GetModuleFileNameA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, HeapCreate, HeapDestroy, QueryPerformanceCounter, HeapReAlloc, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, HeapSize, WriteFile, SetFilePointer, GetConsoleCP, GetConsoleMode, InitializeCriticalSectionAndSpinCount, SetStdHandle |
USER32.dll | GetProcessWindowStation, GetUserObjectInformationW, CharUpperBuffW, MessageBoxW |
KERNEL32.dll | LocalAlloc, LocalFree, GetModuleFileNameW, GetProcessAffinityMask, SetProcessAffinityMask, SetThreadAffinityMask, Sleep, ExitProcess, FreeLibrary, LoadLibraryA, GetModuleHandleA, GetProcAddress |
USER32.dll | GetProcessWindowStation, GetUserObjectInformationW |
Name | Ordinal | Address |
---|---|---|
AmdPowerXpressRequestHighPerformance | 1 | 0x2dc6684 |
NvOptimusEnablement | 2 | 0x2dc658c |
Description | Data |
---|---|
LegalCopyright | Copyright 2020 Roblox Corporation. All rights reserved. |
InternalName | RobloxApp.exe |
FileVersion | 0, 490, 0, 4900359 |
CompanyName | Roblox Corporation |
ProductName | Roblox |
ProductVersion | 0, 490, 0, 4900359 |
FileDescription | Roblox Game Client |
OriginalFilename | RobloxApp.exe |
Translation | 0x0409 0x04b0 |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Network Behavior |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Aug 13, 2021 03:38:16.948261976 CEST | 60152 | 53 | 192.168.2.3 | 8.8.8.8 |
Aug 13, 2021 03:38:16.976721048 CEST | 53 | 60152 | 8.8.8.8 | 192.168.2.3 |
Aug 13, 2021 03:38:17.766441107 CEST | 57544 | 53 | 192.168.2.3 | 8.8.8.8 |
Aug 13, 2021 03:38:17.795283079 CEST | 53 | 57544 | 8.8.8.8 | 192.168.2.3 |
Aug 13, 2021 03:38:18.951518059 CEST | 55984 | 53 | 192.168.2.3 | 8.8.8.8 |
Aug 13, 2021 03:38:18.988492012 CEST | 53 | 55984 | 8.8.8.8 | 192.168.2.3 |
Aug 13, 2021 03:38:19.540689945 CEST | 64185 | 53 | 192.168.2.3 | 8.8.8.8 |
Aug 13, 2021 03:38:19.570673943 CEST | 53 | 64185 | 8.8.8.8 | 192.168.2.3 |
Aug 13, 2021 03:38:20.195031881 CEST | 65110 | 53 | 192.168.2.3 | 8.8.8.8 |
Aug 13, 2021 03:38:20.228369951 CEST | 53 | 65110 | 8.8.8.8 | 192.168.2.3 |
Aug 13, 2021 03:38:20.962414980 CEST | 58361 | 53 | 192.168.2.3 | 8.8.8.8 |
Aug 13, 2021 03:38:21.000380039 CEST | 53 | 58361 | 8.8.8.8 | 192.168.2.3 |
Aug 13, 2021 03:38:22.304604053 CEST | 63492 | 53 | 192.168.2.3 | 8.8.8.8 |
Aug 13, 2021 03:38:22.330359936 CEST | 53 | 63492 | 8.8.8.8 | 192.168.2.3 |
Aug 13, 2021 03:38:23.002171040 CEST | 60831 | 53 | 192.168.2.3 | 8.8.8.8 |
Aug 13, 2021 03:38:23.035599947 CEST | 53 | 60831 | 8.8.8.8 | 192.168.2.3 |
Aug 13, 2021 03:38:23.956660986 CEST | 60100 | 53 | 192.168.2.3 | 8.8.8.8 |
Aug 13, 2021 03:38:23.990262985 CEST | 53 | 60100 | 8.8.8.8 | 192.168.2.3 |
Aug 13, 2021 03:38:28.521548033 CEST | 53195 | 53 | 192.168.2.3 | 8.8.8.8 |
Aug 13, 2021 03:38:28.555160999 CEST | 53 | 53195 | 8.8.8.8 | 192.168.2.3 |
Aug 13, 2021 03:38:32.535053015 CEST | 50141 | 53 | 192.168.2.3 | 8.8.8.8 |
Aug 13, 2021 03:38:32.567327023 CEST | 53 | 50141 | 8.8.8.8 | 192.168.2.3 |
Aug 13, 2021 03:38:33.412964106 CEST | 53023 | 53 | 192.168.2.3 | 8.8.8.8 |
Aug 13, 2021 03:38:33.448533058 CEST | 53 | 53023 | 8.8.8.8 | 192.168.2.3 |
Aug 13, 2021 03:38:34.244590044 CEST | 49563 | 53 | 192.168.2.3 | 8.8.8.8 |
Aug 13, 2021 03:38:34.277512074 CEST | 53 | 49563 | 8.8.8.8 | 192.168.2.3 |
Aug 13, 2021 03:38:35.195682049 CEST | 51352 | 53 | 192.168.2.3 | 8.8.8.8 |
Aug 13, 2021 03:38:35.223104954 CEST | 53 | 51352 | 8.8.8.8 | 192.168.2.3 |
Aug 13, 2021 03:38:36.038499117 CEST | 59349 | 53 | 192.168.2.3 | 8.8.8.8 |
Aug 13, 2021 03:38:36.068218946 CEST | 53 | 59349 | 8.8.8.8 | 192.168.2.3 |
Aug 13, 2021 03:38:36.867141008 CEST | 57084 | 53 | 192.168.2.3 | 8.8.8.8 |
Aug 13, 2021 03:38:36.895184040 CEST | 53 | 57084 | 8.8.8.8 | 192.168.2.3 |
Aug 13, 2021 03:38:37.671770096 CEST | 58823 | 53 | 192.168.2.3 | 8.8.8.8 |
Aug 13, 2021 03:38:37.709443092 CEST | 53 | 58823 | 8.8.8.8 | 192.168.2.3 |
Aug 13, 2021 03:38:38.571886063 CEST | 57568 | 53 | 192.168.2.3 | 8.8.8.8 |
Aug 13, 2021 03:38:38.605670929 CEST | 53 | 57568 | 8.8.8.8 | 192.168.2.3 |
Aug 13, 2021 03:38:40.639056921 CEST | 50540 | 53 | 192.168.2.3 | 8.8.8.8 |
Aug 13, 2021 03:38:40.671864986 CEST | 53 | 50540 | 8.8.8.8 | 192.168.2.3 |
Aug 13, 2021 03:38:43.542229891 CEST | 54366 | 53 | 192.168.2.3 | 8.8.8.8 |
Aug 13, 2021 03:38:43.585479975 CEST | 53 | 54366 | 8.8.8.8 | 192.168.2.3 |
Aug 13, 2021 03:38:50.156037092 CEST | 53034 | 53 | 192.168.2.3 | 8.8.8.8 |
Aug 13, 2021 03:38:50.194518089 CEST | 53 | 53034 | 8.8.8.8 | 192.168.2.3 |
Aug 13, 2021 03:38:52.122297049 CEST | 57762 | 53 | 192.168.2.3 | 8.8.8.8 |
Aug 13, 2021 03:38:52.171874046 CEST | 53 | 57762 | 8.8.8.8 | 192.168.2.3 |
Aug 13, 2021 03:38:56.013650894 CEST | 55435 | 53 | 192.168.2.3 | 8.8.8.8 |
Aug 13, 2021 03:38:56.063819885 CEST | 53 | 55435 | 8.8.8.8 | 192.168.2.3 |
Aug 13, 2021 03:39:08.488281965 CEST | 50713 | 53 | 192.168.2.3 | 8.8.8.8 |
Aug 13, 2021 03:39:08.534035921 CEST | 53 | 50713 | 8.8.8.8 | 192.168.2.3 |
Aug 13, 2021 03:39:11.575344086 CEST | 56132 | 53 | 192.168.2.3 | 8.8.8.8 |
Aug 13, 2021 03:39:11.619784117 CEST | 53 | 56132 | 8.8.8.8 | 192.168.2.3 |
Aug 13, 2021 03:39:26.277395964 CEST | 58987 | 53 | 192.168.2.3 | 8.8.8.8 |
Aug 13, 2021 03:39:26.323875904 CEST | 53 | 58987 | 8.8.8.8 | 192.168.2.3 |
Aug 13, 2021 03:39:28.960136890 CEST | 56579 | 53 | 192.168.2.3 | 8.8.8.8 |
Aug 13, 2021 03:39:28.996423006 CEST | 53 | 56579 | 8.8.8.8 | 192.168.2.3 |
Aug 13, 2021 03:40:00.843928099 CEST | 60633 | 53 | 192.168.2.3 | 8.8.8.8 |
Aug 13, 2021 03:40:00.876744032 CEST | 53 | 60633 | 8.8.8.8 | 192.168.2.3 |
Aug 13, 2021 03:40:02.573661089 CEST | 61292 | 53 | 192.168.2.3 | 8.8.8.8 |
Aug 13, 2021 03:40:02.606228113 CEST | 53 | 61292 | 8.8.8.8 | 192.168.2.3 |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
Start time: | 03:38:32 |
Start date: | 13/08/2021 |
Path: | C:\Users\user\Desktop\RobloxPlayerBeta.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xf40000 |
File size: | 43335640 bytes |
MD5 hash: | 710D9B62FB4A44ADA297C90890D655EB |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
File Activities
Section Activities
Registry Activities
Mutex Activities
Process Activities
Thread Activities
Memory Activities
System Activities
Timing Activities
Windows UI Activities
LPC Port Activities
Start time: | 03:38:47 |
Start date: | 13/08/2021 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xb20000 |
File size: | 434592 bytes |
MD5 hash: | 9E2B8ACAD48ECCA55C0230D63623661B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
File Activities
Section Activities
Registry Activities
Mutex Activities
Process Activities
Thread Activities
Memory Activities
System Activities
Timing Activities
Windows UI Activities
Process Token Activities
Object Security Activities
LPC Port Activities
Disassembly |
---|
Code Analysis |
---|