Gridinsoft Logo
File Icon

RobloxPlayerBeta.exe Trojan AsyncRAT Analysis

Updated 2 months ago
Checked by Malaware Check
RobloxPlayerBeta.exe

Technical Analysis

File Name RobloxPlayerBeta.exe
File Type
PE32+ executable (GUI) x86-64, for MS Windows
Scanner Version 1.0.210.174
Database Version 2025-03-16 03:00:58 UTC

Trojan.Win64.AsyncRAT.tr

Malware family: AsyncRAT

N/A
Detection Rate
99,090,320
File Size (bytes)
2025-03-16
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
d49e28811ffc4220a9d598d9cbf27623
SHA1
520e919ed6b472bf1ba2a2a31e58a5f5428764b7
SHA256
309dfe4802b630e6a8f272364889fcf1ec6a29b9cc71db496eb634396d3c69ca
SHA512
94bbf30a5c8c37ad54b697413f89248ddff97eb62a4719cf9dca7dfec78e11d3b5cadfd4d33864ca40051e83a9bb47dbf8087da5a22fa720e74ae26e50434e19
ImpHash
5f2225c9957477e25a941670ca0d629e

PE Analysis

Basic Information

Icon
Hash: b423ca67aaea047fe3295fc7c4dc1efd
Fuzzy: e77261c35382a2126a491c6a691a1197
dHash: 3cf0a4cccedac0c0
Image Base 0x140000000
Entry Point 0x146985004
Compilation Time 2087-02-11 11:44:10
Checksum 0x05e80e62 (Actual: 0x05e80e62)
OS Version 6.0
PEiD Signatures PE32+ executable (GUI) x86-64, for MS Windows
PDB Path C:\buildAgent\work\ci_ninja_client-x64_git\build.ninja\client\vs2019\x64\release\WindowsClient\RobloxPlayerBeta.pdb
Digital Signature OK
Imports 1 libraries
RobloxPlayerBeta
Exports 5 functions
Resources 48 Resources
Sections 11 Sections

Version Information

CompanyName Roblox Corporation
FileDescription Roblox Game Client
FileVersion 0, 654, 1, 6540477
InternalName RobloxApp.exe
LegalCopyright Copyright © 2020 Roblox Corporation. All rights reserved.
OriginalFilename RobloxApp.exe
ProductName Roblox
ProductVersion 0, 654, 1, 6540477
Translation 0x0409 0x04b0

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 64,588,996 bytes 64,589,312 bytes 8.00 (Packed/Encrypted) IMAGE_SCN_CNT_CODE CEAAEDBFFCC22B3A77A16BCD4856E593
.rodata 0x03d9a000 2,288 bytes 2,560 bytes 4.00 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 45BFC2259F6A4A0535C6A034CE0CF852
.rdata 0x03d9b000 21,500,990 bytes 21,501,440 bytes 6.54 (Compressed) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ A5A1F57355D3ECED0C9F1DBA61A733F2
.data 0x0521d000 16,148,088 bytes 4,606,464 bytes 4.58 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 7D73CB760D571E215D16470C0FCFB3A4
.pdata 0x06184000 2,234,172 bytes 2,234,368 bytes 7.99 (Packed/Encrypted) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4416213A6F00B6D9BEEB764DF455F79A
CPADinfo 0x063a6000 56 bytes 512 bytes 0.12 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 60D3EA61D541C9BE2E845D2787FB9574
_RDATA 0x063a7000 42,248 bytes 42,496 bytes 6.00 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 58133D1A97D50B140E9A6174A764E8F6
.vmp0 0x063b2000 5,194,892 bytes 5,195,264 bytes 7.39 (Compressed) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 0FC3FF8697536AEE972C96E6DD15EB20
.rsrc 0x068a7000 155,690 bytes 156,160 bytes 6.00 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4E1AF64F173D9A05327AFEB73A4B536A
.reloc 0x068ce000 748,088 bytes 748,544 bytes 5.47 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 53B603E0DA400D7DE0B44A1828F7C182
.acedia 0x06985000 662 bytes 1,024 bytes 0.81 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 84A573E0E70C263FC87AA08440D518BB
Entropy Analysis Alert

2 section(s) with high entropy (≥7.5) detected - possible packing/encryption

2 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

Total Resources: 48 (153,287 bytes)
Resource Type Count Total Size Percentage
RT_CURSOR 1 308 bytes
0.2%
RT_BITMAP 8 51,024 bytes
33.3%
RT_ICON 10 81,737 bytes
53.3%
RT_DIALOG 4 480 bytes
0.3%
RT_STRING 18 17,464 bytes
11.4%
RT_GROUP_CURSOR 1 20 bytes
0%
RT_GROUP_ICON 1 146 bytes
0.1%
RT_VERSION 1 852 bytes
0.6%
RT_HTML 1 178 bytes
0.1%
RT_MANIFEST 1 738 bytes
0.5%
None 2 340 bytes
0.2%

Certificate Chain Analysis

No Digital Signatures

This file is not digitally signed.

Security Implications:
  • Cannot verify the publisher's identity
  • Increased security risk when running this file
  • May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

OK

Trojan.Win64.AsyncRAT.tr Removal

Gridinsoft has the capability to identify and eliminate Trojan.Win64.AsyncRAT.tr without requiring further user intervention.

Download Anti-Malware

Removal Instructions

Follow these steps to completely remove the threat from your system

  1. Start by downloading Gridinsoft Anti-Malware to your computer.
  2. Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
  3. Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
  4. Click on the "Standard Scan" button to begin scanning your computer for threats.
  5. After the scanning process is finished, click on "Clean Now" to remove any detected threats.
  6. If prompted, restart your system to complete the removal process and ensure all threats are eliminated.
Important: Before You Start
Disconnect from the internet to prevent the malware from spreading or downloading additional threats. Run the scan in Safe Mode for better detection and removal of persistent threats.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware