lavacraft.exe

LavaCraft

LavaCraft

This is a setup program which is used to install the application. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘LHELPER’. The file has been seen being downloaded from lavacraft.ru.
Publisher:
LavaServer  (signed by LavaCraft)

Product:
LavaCraft

Version:
15.0.0.0

MD5:
9516328810c3f9dbc4ba0c1413ac3607

SHA-1:
599f48bda349511f4f1d35f0a8db4c722c98f7bc

SHA-256:
365ea0091c93d4756e1701d226497adc4c35880b74a64b2a93b3d9a5869da3a9

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/26/2024 4:29:22 AM UTC  (today)

File size:
1.6 MB (1,673,536 bytes)

Product version:
15.0.0.0

Copyright:
Copyright © LavaCraft.ru 2016

Original file name:
NewLauncher.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\.lavaserver\lavacraft.exe

Digital Signature
Signed by:

Authority:
Game LavaCraft

Valid from:
5/27/2016 3:09:05 PM

Valid to:
5/27/2017 3:09:05 PM

Subject:
E=support@LavaCraft.ru, CN=Launcher Game LavaCraft.ru, OU=LavaCraft.ru, O=LavaCraft, L=Kaliningrad, S=Russia, C=RU

Issuer:
E=admin@LavaCraft.ru, CN=Global Game LavaCraft CO, OU="LavaCraft INC ", O=Game LavaCraft, L=moscow, S=Russia, C=RU

Serial number:
06

File PE Metadata
Compilation timestamp:
1/19/2017 1:59:27 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

Entry address:
0x195D4A

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
1.6 MB (1,654,272 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
LHELPER

Command:
C:\users\{user}\appdata\roaming\.lavaserver\lavacraft.exe \s


The file lavacraft.exe has been seen being distributed by the following URL.

https://lavacraft.ru/.../LavaCraft.exe

Scan lavacraft.exe - Powered by Reason Core Security