Roblox.exe

Roblox Bootstrapper

ROBLOX Corporation

It runs as a scheduled task under the Windows Task Scheduler. This is the uninstaller utility registered in the Windows Control Panel for the program ROBLOX Player for Lar by ROBLOX Corporation. The file has been seen being downloaded from 113.171.224.245 and multiple other hosts.
Publisher:
ROBLOX Corporation  (signed and verified)

Product:
Roblox Bootstrapper

Description:
Roblox

Version:
1, 6, 3, 71257

MD5:
eee67f8d72acfcf9a7c684ac367bbb9a

SHA-1:
aea0d518b58113faa943795200cb8efc77d62d5f

SHA-256:
4aac653d8f1e6caed021ad20aa601fa3d08dd9130f4f6af68ee44392eee2aebc

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/15/2024 2:19:02 PM UTC  (today)

File size:
1 MB (1,056,760 bytes)

Product version:
1, 6, 3, 0

Copyright:
(C) 2012 ROBLOX Corporation. All rights reserved.

Original file name:
Roblox.exe

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\rbx-19b15c85.tmp

Digital Signature
Authority:
Symantec Corporation

Valid from:
9/11/2015 7:00:00 AM

Valid to:
10/11/2016 6:59:59 AM

Subject:
CN=ROBLOX Corporation, O=ROBLOX Corporation, L=San Mateo, S=California, C=US

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
1B8159FAF8228B39ABC00E31BBAD4309

File PE Metadata
Compilation timestamp:
3/22/2016 4:31:11 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:qET7U9YyVxF6cTXOlHuXNYZ20TjckH+jMDDrw:qeYRVxF6cTXOlOXNr0TQ4+jMvrw

Entry address:
0x4967C

Entry point:
E8, 59, B2, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 56, 8B, 75, 08, 85, F6, 7C, 09, E8, D8, B2, 00, 00, 3B, 30, 7C, 07, E8, CF, B2, 00, 00, 8B, 30, E8, CE, B2, 00, 00, 8B, 04, B0, 5E, 5D, C3, 8B, FF, 55, 8B, EC, 53, 56, E8, A8, 6F, 00, 00, 8B, F0, 33, DB, 3B, F3, 75, 07, B8, 10, C0, 46, 00, EB, 4D, 57, BF, 86, 00, 00, 00, 39, 5E, 24, 75, 18, 6A, 01, 57, E8, 3E, 48, 00, 00, 59, 59, 89, 46, 24, 3B, C3, 75, 07, B8, 10, C0, 46, 00, EB, 29, FF, 75, 08, 8B, 76, 24, E8, 8F, FF, FF, FF, 50, 57, 56, E8, C1...
 
[+]

Entropy:
5.7993

Code size:
422.5 KB (432,640 bytes)

1209 Program Uninstaller
Program name:
ROBLOX Player for Lar

Display publisher:
ROBLOX Corporation

Uninstall string:
"C:\users\{user}\appdata\local\roblox\versions\version-4bc75dd7e05f4feb\robloxplayerlauncher.exe" -uninstall

Program name:
ROBLOX Player for V90000139

Display publisher:
ROBLOX Corporation

Uninstall string:
"C:\users\{user}\appdata\local\roblox\versions\version-4bc75dd7e05f4feb\robloxplayerlauncher.exe" -uninstall

Program name:
ROBLOX Player for christine

Display publisher:
ROBLOX Corporation

Uninstall string:
"C:\users\{user}\appdata\local\roblox\versions\version-4bc75dd7e05f4feb\robloxplayerlauncher.exe" -uninstall

Program name:
ROBLOX Player for Michael

Display publisher:
ROBLOX Corporation

Uninstall string:
"C:\users\{user}\appdata\local\roblox\versions\version-4bc75dd7e05f4feb\robloxplayerlauncher.exe" -uninstall

Program name:
ROBLOX Player for inspiron5300

Display publisher:
ROBLOX Corporation

Uninstall string:
"C:\users\{user}\appdata\local\roblox\versions\version-4bc75dd7e05f4feb\robloxplayerlauncher.exe" -uninstall

Program name:
ROBLOX Player for Yaw

Display publisher:
ROBLOX Corporation

Uninstall string:
"C:\users\{user}\appdata\local\roblox\versions\version-4bc75dd7e05f4feb\robloxplayerlauncher.exe" -uninstall


Scheduled Task
Task name:
{1915BEB7-1C87-4A88-8261-1303B4166733}

Trigger:
Registration (Runs on registration)


The file Roblox.exe has been seen being distributed by the following 7 URLs.

http://113.171.224.245/.../version-4bc75dd7e05f4feb-RobloxPlayerLauncher.exe

http://113.171.224.169/.../version-4bc75dd7e05f4feb-RobloxPlayerLauncher.exe

Scan Roblox.exe - Powered by Reason Core Security