gcapi[.]dll | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

gcapi.dll
Size

385KB
MD5

1ce7d5a1566c8c449d0f6772a8c27900
SHA1

60854185f6338e1bfc7497fd41aa44c5c00d8f85
SHA256

73170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf
SHA512

7e3411be8614170ae91db1626c452997dc6db663d79130872a124af982ee1d457cefba00abd7f5269adce3052403be31238aecc3934c7379d224cb792d519753
SSDEEP

6144:Tv/ioKdMF+LZD/ZRj1vwWrrUFMNoz4pFGxjEB1NYAOrabN2GZvFcD7:Td+LZrNwWrrwMNoz4vG1OYZabtK7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
gcapi.dll

Files

gcapi.dll
.dll windows x86

18a9672c82a5e7523b8185670465b54e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

winmm

timeGetTime

kernel32

GetCommandLineW
LocalFree
IsDebuggerPresent
GetCurrentProcess
WaitForSingleObject
GetCurrentThreadId
Sleep
RaiseException
CreateDirectoryW
ReadFile
GetTempPathW
GetFileAttributesW
GetCurrentDirectoryW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetModuleHandleExW
GetProcAddress
GetModuleHandleW
GetVersionExW
GetNativeSystemInfo
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
QueryPerformanceFrequency
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
GetSystemTimeAsFileTime
QueryPerformanceCounter
SetEndOfFile
SetFilePointerEx
FlushFileBuffers
GetTickCount
FindClose
TlsSetValue
TlsAlloc
TlsGetValue
TlsFree
RtlCaptureStackBackTrace
SetUnhandledExceptionFilter
ExpandEnvironmentStringsW
VirtualQuery
GetSystemInfo
HeapAlloc
HeapReAlloc
HeapFree
OpenProcess
FindResourceW
SetHandleInformation
HeapSize
ReadConsoleW
UnlockFileEx
LockFileEx
GetWindowsDirectoryW
GetSystemDirectoryW
GetUserDefaultUILanguage
GetEnvironmentVariableW
CreateProcessW
ResumeThread
AssignProcessToJobObject
FormatMessageA
GetCurrentProcessId
CloseHandle
DeleteFileW
GetLastError
CreateFileW
GetModuleFileNameW
OutputDebugStringA
WriteFile
SetLastError
GetLocalTime
lstrlenW
LoadResource
LockResource
VirtualProtect
FreeLibrary
LoadLibraryExA
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
InitializeCriticalSectionAndSpinCount
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
GetStartupInfoW
RtlUnwind
InterlockedFlushSList
LoadLibraryExW
GetConsoleCP
GetConsoleMode
ExitProcess
GetFullPathNameW
SetStdHandle
GetFileType
GetProcessHeap
GetModuleFileNameA
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStdHandle
GetTimeZoneInformation
GetACP
WriteConsoleW
GetDriveTypeW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
OutputDebugStringW
SizeofResource

ole32

CoInitializeSecurity
CoCreateInstance
CoSetProxyBlanket
CoUninitialize
CoInitializeEx
CoTaskMemFree

user32

CharUpperW
SetWindowPos
GetShellWindow
EnumWindows
GetClassNameW
GetWindowThreadProcessId

advapi32

CreateProcessAsUserW
ConvertSidToStringSidW
RevertToSelf
ImpersonateLoggedOnUser
GetTokenInformation
FreeSid
SystemFunction036
DuplicateTokenEx
CheckTokenMembership
AllocateAndInitializeSid
OpenProcessToken
RegCloseKey
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

oleaut32

SysAllocString
SysFreeString
VariantClear

rpcrt4

UuidCreate

Exports

Exports

CanOfferReactivation
CanOfferRelaunch
GetHandleVerifier
GoogleChromeCompatibilityCheck
GoogleChromeDaysSinceLastRun
LaunchGoogleChrome
LaunchGoogleChromeInBackground
LaunchGoogleChromeWithDimensions
ReactivateChrome
SetRelaunchOffered

Sections

.text
Size: 288KB - Virtual size: 288KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

18a9672c82a5e7523b8185670465b54e

Headers

DLL Characteristics

File Characteristics

Imports

version

winmm

kernel32

ole32

user32

advapi32

userenv

oleaut32

rpcrt4

Exports

Exports

Sections

.text Size: 288KB - Virtual size: 288KB

.rdata Size: 75KB - Virtual size: 75KB

.data Size: 4KB - Virtual size: 13KB

.gfids Size: 1024B - Virtual size: 808B

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 13KB - Virtual size: 12KB

.text
Size: 288KB - Virtual size: 288KB

.rdata
Size: 75KB - Virtual size: 75KB

.data
Size: 4KB - Virtual size: 13KB

.gfids
Size: 1024B - Virtual size: 808B

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 13KB - Virtual size: 12KB