File Name | RobloxPlayerInstaller.exe |
File Type |
PE32 executable (GUI) Intel 80386, for MS Windows
|
Scanner Version | 1.0.181.174 |
Database Version | 2024-07-07 22:00:26 UTC |
Malware family: Gen
Hash Type | Value | Action |
---|---|---|
MD5 |
84e67989f7ccd11c2b7db38f3d3443b8
|
|
SHA1 |
c3e821de715aa7508b3273de16c9156014d81922
|
|
SHA256 |
5eac06573fb9289a5ad1dfa8b88d2d7b79f1bd89e61c53247f8cae50143e7a2c
|
|
SHA512 |
d0ea7235f591f31edeb7183c91fb0bb1347a9386c170c43b21e2c5fd93b7040e73e1a1a9f3ef6f83d097b1af0f9e2a9938dd59ae47588940491da25248eb7d99
|
|
ImpHash |
84dfdbf12a79f153655e14db9a4225d7
|
Icon |
Hash: b423ca67aaea047fe3295fc7c4dc1efd
Fuzzy: e77261c35382a2126a491c6a691a1197 dHash: 3cf0a4cccedac0c0 |
Image Base | 0x00400000 |
Entry Point | 0x006e2ef0 |
Compilation Time | 2097-07-11 21:38:22 |
Checksum | 0x00564241 (Actual: 0x00564241) |
OS Version | 6.0 |
PEiD Signatures |
PE32 executable (GUI) Intel 80386, for MS Windows
|
PDB Path | C:\buildAgent\work\ci_deploy_ninja_boot-x86_git\build.ninja\common\vs2019\x86\release\Installer\Windows\RobloxPlayerInstaller.pdb |
Digital Signature | OK |
Imports | 16 libraries |
Exports | 0 functions |
Resources | 60 Resources |
Sections | 5 Sections |
CompanyName | Roblox Corporation |
FileDescription | Roblox |
FileVersion | 1, 6, 0, 6280391 |
LegalCopyright | Copyright © 2020 Roblox Corporation. All rights reserved. |
OriginalFilename | Roblox.exe |
ProductName | Roblox Bootstrapper |
ProductVersion | 1, 6, 0, 6280391 |
Translation | 0x0409 0x04b0 |
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Characteristics | MD5 |
---|---|---|---|---|---|---|
.text |
0x00001000 |
3,365,686 bytes | 3,365,888 bytes | 6.73 (Compressed) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
480F01A383F10160A83239FC877992C5 |
.rdata |
0x00337000 |
938,634 bytes | 939,008 bytes | 6.16 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
C161E67CEEC688AC5C0AEFD4FD673B3E |
.data |
0x0041d000 |
8,319,072 bytes | 795,648 bytes | 0.76 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
44C7E3FBB86AFC92247767FBD12C21DA |
.rsrc |
0x00c0d000 |
376,992 bytes | 377,344 bytes | 7.05 (Compressed) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
1477EFEF2CA662829FD14EF0FDCCD445 |
.reloc |
0x00c6a000 |
151,540 bytes | 151,552 bytes | 6.65 (Compressed) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
D90A23EEFC966E34C1C4638EB8D0EF34 |
3 section(s) with elevated entropy (≥6.5) - possible compression
Resource Type | Count | Total Size | Percentage |
---|---|---|---|
PNG | 8 | 33,956 bytes | |
RT_ICON | 10 | 81,737 bytes | |
RT_DIALOG | 1 | 254 bytes | |
RT_STRING | 36 | 23,064 bytes | |
RT_ACCELERATOR | 1 | 8 bytes | |
RT_RCDATA | 1 | 233,235 bytes | |
RT_GROUP_ICON | 1 | 146 bytes | |
RT_VERSION | 1 | 776 bytes | |
RT_MANIFEST | 1 | 1,258 bytes |
This file is not digitally signed.
⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources
OK
Gridinsoft has the capability to identify and eliminate Malware.Win32.Gen.tr without requiring further user intervention.
Download Anti-MalwareFollow these steps to completely remove the threat from your system