| Architecture |
IMAGE_FILE_MACHINE_I386
|
|---|---|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date | 2024-Apr-11 02:22:37 |
| Detected languages |
English - United States
|
| CompanyName | Luanti community |
| FileDescription | Luanti self-extracting launcher |
| FileVersion | 5.16.1 |
| InternalName | luanti |
| LegalCopyright | (c) 2010-2026 Perttu Ahola (celeron55) and contributors |
| ProductName | Luanti |
| Info | Interesting strings found in the binary: |
Contains domain names:
|
| Suspicious | The PE is an NSIS installer | Unusual section name found: .ndata |
| Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
| Suspicious | The file contains overlay data. |
11895498 bytes of data starting at offset 0x1aa00.
The overlay data has an entropy of 7.99998 and is possibly compressed or encrypted. Overlay data amounts for 99.0915% of the executable. |
| Suspicious | VirusTotal score: 2/71 (Scanned on 2026-06-27 15:37:55) |
DeepInstinct:
MALICIOUS
Trapmine: malicious.high.ml.score |
| e_magic | MZ |
|---|---|
| e_cblp | 0x90 |
| e_cp | 0x3 |
| e_crlc | 0 |
| e_cparhdr | 0x4 |
| e_minalloc | 0 |
| e_maxalloc | 0xffff |
| e_ss | 0 |
| e_sp | 0xb8 |
| e_csum | 0 |
| e_ip | 0 |
| e_cs | 0 |
| e_ovno | 0 |
| e_oemid | 0 |
| e_oeminfo | 0 |
| e_lfanew | 0x80 |
| Signature | PE |
|---|---|
| Machine |
IMAGE_FILE_MACHINE_I386
|
| NumberofSections | 7 |
| TimeDateStamp | 2024-Apr-11 02:22:37 |
| PointerToSymbolTable | 0 |
| NumberOfSymbols | 0 |
| SizeOfOptionalHeader | 0xe0 |
| Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
| Magic | PE32 |
|---|---|
| LinkerVersion | 2.0 |
| SizeOfCode | 0x9400 |
| SizeOfInitializedData | 0xf200 |
| SizeOfUninitializedData | 0x1f800 |
| AddressOfEntryPoint | 0x00004580 (Section: .text) |
| BaseOfCode | 0x1000 |
| BaseOfData | 0xb000 |
| ImageBase | 0x400000 |
| SectionAlignment | 0x1000 |
| FileAlignment | 0x200 |
| OperatingSystemVersion | 4.0 |
| ImageVersion | 6.0 |
| SubsystemVersion | 4.0 |
| Win32VersionValue | 0 |
| SizeOfImage | 0x50000 |
| SizeOfHeaders | 0x400 |
| Checksum | 0 |
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
| SizeofStackReserve | 0x200000 |
| SizeofStackCommit | 0x1000 |
| SizeofHeapReserve | 0x100000 |
| SizeofHeapCommit | 0x1000 |
| LoaderFlags | 0 |
| NumberOfRvaAndSizes | 16 |
| ADVAPI32.dll |
AdjustTokenPrivileges
LookupPrivilegeValueW OpenProcessToken RegCloseKey RegCreateKeyExW RegDeleteKeyW RegDeleteValueW RegEnumKeyW RegEnumValueW RegOpenKeyExW RegQueryValueExW RegSetValueExW |
|---|---|
| COMCTL32.dll |
ImageList_AddMasked
ImageList_Create ImageList_Destroy InitCommonControls |
| GDI32.dll |
CreateBrushIndirect
CreateFontIndirectW DeleteObject GetDeviceCaps SelectObject SetBkColor SetBkMode SetTextColor |
| KERNEL32.dll |
CloseHandle
CompareFileTime CopyFileW CreateDirectoryW CreateFileW CreateProcessW CreateThread DeleteFileW ExitProcess ExpandEnvironmentStringsW FindClose FindFirstFileW FindNextFileW FreeLibrary GetCommandLineW GetCurrentProcess GetDiskFreeSpaceW GetExitCodeProcess GetFileAttributesW GetFileSize GetFullPathNameW GetLastError GetModuleFileNameW GetModuleHandleA GetModuleHandleW GetPrivateProfileStringW GetProcAddress GetShortPathNameW GetSystemDirectoryW GetTempFileNameW GetTempPathW GetTickCount GetVersionExW GetWindowsDirectoryW GlobalAlloc GlobalFree GlobalLock GlobalUnlock LoadLibraryExW MoveFileExW MoveFileW MulDiv MultiByteToWideChar ReadFile RemoveDirectoryW SearchPathW SetCurrentDirectoryW SetEnvironmentVariableW SetErrorMode SetFileAttributesW SetFilePointer SetFileTime Sleep WaitForSingleObject WideCharToMultiByte WriteFile WritePrivateProfileStringW lstrcatW lstrcmpW lstrcmpiA lstrcmpiW lstrcpyA lstrcpynW lstrlenA lstrlenW |
| ole32.dll |
CoCreateInstance
CoTaskMemFree IIDFromString OleInitialize OleUninitialize |
| SHELL32.dll |
SHBrowseForFolderW
SHFileOperationW SHGetFileInfoW SHGetPathFromIDListW ShellExecuteExW |
| USER32.dll |
AppendMenuW
BeginPaint CallWindowProcW CharNextA CharNextW CharPrevW CheckDlgButton CloseClipboard CreateDialogParamW CreatePopupMenu CreateWindowExW DefWindowProcW DestroyWindow DialogBoxParamW DispatchMessageW DrawTextW EmptyClipboard EnableMenuItem EnableWindow EndDialog EndPaint ExitWindowsEx FillRect FindWindowExW GetClassInfoW GetClientRect GetDC GetDlgItem GetDlgItemTextW GetMessagePos GetSysColor GetSystemMenu GetSystemMetrics GetWindowLongW GetWindowRect InvalidateRect IsWindow IsWindowEnabled IsWindowVisible LoadCursorW LoadImageW MessageBoxIndirectW OpenClipboard PeekMessageW PostQuitMessage RegisterClassW ReleaseDC ScreenToClient SendMessageTimeoutW SendMessageW SetClassLongW SetClipboardData SetCursor SetDlgItemTextW SetForegroundWindow SetTimer SetWindowLongW SetWindowPos SetWindowTextW ShowWindow SystemParametersInfoW TrackPopupMenu wsprintfA wsprintfW |
| Signature | 0xfeef04bd |
|---|---|
| StructVersion | 0 |
| FileVersion | 0.0.0.0 |
| ProductVersion | 0.0.0.0 |
| FileFlags | (EMPTY) |
| FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
| FileType |
VFT_APP
|
| Language | English - United States |
| CompanyName | Luanti community |
| FileDescription | Luanti self-extracting launcher |
| FileVersion (#2) | 5.16.1 |
| InternalName | luanti |
| LegalCopyright | (c) 2010-2026 Perttu Ahola (celeron55) and contributors |
| ProductName | Luanti |
| Resource LangID | English - United States |
|---|
No comments yet.