gcapi[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

gcapi.dll
Size

2.0MB
MD5

426e178c7dc0a77c95c7c180906a9ddd
SHA1

dc13e025795c454fe33f7f628f55d55934ea3c41
SHA256

98524f7c5780b41a832a7cb03ba2c69396de186e31702641d1bd66ac2871cdde
SHA512

89d3d2638abaeda33c7e057f704f0e307420d1ee2cb776168cb31a560b48a363419ba65d5577eab357c44b1097bd65592fb61b5d87f49f57d4e69ba8dd69eeab
SSDEEP

24576:QwsUvFM1WloKI0TDu30wjg4K6MwFjXnppp9aagTl/PmUIgi7yPwebD3gPH2EF:LvFMoZTa3RpxBFTnvaplH5fPhDZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
gcapi.dll

Files

gcapi.dll
.dll windows:6 windows x64 arch:x64

aef9b587c7a0a722e0f83b36b3c0247b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\dobri\Desktop\proiecte\Loader underical — копия (2)\examples\example_win32_directx9\Release\example_win32_directx9.pdb

Imports

urlmon

URLDownloadToFileW

d3d9

Direct3DCreate9

kernel32

ReadFile
PeekNamedPipe
WaitForMultipleObjects
CreateFileA
GetFileSizeEx
OutputDebugStringW
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetLocaleInfoEx
GetCurrentDirectoryW
CreateFileMappingW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
SetFileInformationByHandle
AreFileApisANSI
GetFileInformationByHandleEx
GetFileType
GetSystemDirectoryA
SleepEx
LeaveCriticalSection
MapViewOfFile
EnterCriticalSection
LocalFree
FormatMessageA
SetLastError
GetStdHandle
VirtualProtect
GetModuleHandleW
GetModuleFileNameW
GetModuleFileNameA
UnmapViewOfFile
DeleteCriticalSection
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
VirtualQueryEx
GetTickCount
CreateProcessW
SystemTimeToFileTime
ReadProcessMemory
ExitProcess
CreateThread
GetSystemInfo
CloseHandle
Process32FirstW
DisableThreadLibraryCalls
Process32NextW
Sleep
CreateToolhelp32Snapshot
OpenProcess
CreateFileW
WaitForSingleObject
SetFileTime
TerminateProcess
GetCurrentProcess
WriteProcessMemory
QueryPerformanceCounter
FreeLibrary
VerSetConditionMask
GetProcAddress
QueryPerformanceFrequency
LoadLibraryA
GetModuleHandleA
GlobalUnlock
WideCharToMultiByte
GlobalLock
GlobalFree
GlobalAlloc
MultiByteToWideChar
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetEnvironmentVariableA
WaitForSingleObjectEx
MoveFileExA
QueryFullProcessImageNameW
VerifyVersionInfoA
CreateDirectoryW

user32

ClientToScreen
GetCapture
ScreenToClient
GetForegroundWindow
LoadCursorW
SetCapture
SetCursor
GetClientRect
GetKeyState
UpdateWindow
IsWindowUnicode
ReleaseCapture
SetCursorPos
TrackMouseEvent
PostQuitMessage
SetWindowLongW
LoadIconW
TranslateMessage
SetLayeredWindowAttributes
MoveWindow
SetWindowDisplayAffinity
PeekMessageW
SetWindowLongA
DispatchMessageW
ShowWindow
GetActiveWindow
SetClipboardData
GetCursorPos
OpenClipboard
RegisterClassExW
UnregisterClassW
GetSystemMetrics
CreateWindowExW
DestroyWindow
GetWindowRect
DefWindowProcW
GetWindowLongW
MessageBoxA
CloseClipboard
EmptyClipboard
GetClipboardData
FindWindowA

advapi32

AddAccessAllowedAce
QueryServiceStatusEx
OpenServiceW
OpenProcessToken
ControlService
OpenSCManagerW
CloseServiceHandle
QueryServiceStatus
AdjustTokenPrivileges
LookupPrivilegeValueW
GetLengthSid
GetTokenInformation
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
ConvertSidToStringSidA
CopySid
SetSecurityInfo
IsValidSid
InitializeAcl
OpenServiceA

shell32

SHGetFolderPathA
SHGetKnownFolderPath
ShellExecuteA

ole32

CoCreateInstance
CoUninitialize
CoTaskMemFree
CoInitializeEx

oleaut32

VariantInit
SysFreeString
SysAllocString
VariantClear

imm32

ImmSetCompositionWindow
ImmSetCandidateWindow
ImmReleaseContext
ImmGetContext

msvcp140

??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Winerror_map@std@@YAHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?_Syserror_map@std@@YAPEBDH@Z
_Thrd_sleep
_Query_perf_counter
_Xtime_get_ticks
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?fail@ios_base@std@@QEBA_NXZ
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
?uncaught_exception@std@@YA_NXZ
?good@ios_base@std@@QEBA_NXZ
?flags@ios_base@std@@QEBAHXZ
?setf@ios_base@std@@QEAAHHH@Z
?width@ios_base@std@@QEBA_JXZ
?width@ios_base@std@@QEAA_J_J@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Xbad_function_call@std@@YAXXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Xlength_error@std@@YAXPEBD@Z
_Query_perf_frequency
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ

dwmapi

DwmExtendFrameIntoClientArea

d3dx9_43

D3DXCreateTextureFromFileInMemoryEx

normaliz

IdnToAscii

wldap32

ord60
ord45
ord50
ord41
ord22
ord26
ord27
ord143
ord217
ord301
ord200
ord30
ord79
ord46
ord35
ord32
ord211
ord33

crypt32

CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CertGetCertificateChain
PFXImportCertStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CryptDecodeObjectEx
CertFreeCertificateChain
CertOpenStore

ws2_32

ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
WSAGetLastError
send
recv
setsockopt
closesocket
WSAIoctl
WSAStartup
WSACleanup
accept
htonl
listen
ioctlsocket
__WSAFDIsSet
select
WSASetLastError
getaddrinfo
freeaddrinfo
recvfrom
sendto
gethostname
ntohl
socket

shlwapi

PathFindFileNameW

rpcrt4

UuidCreate
RpcStringFreeA
UuidToStringA

psapi

GetModuleInformation

userenv

UnloadUserProfile

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_type_info_destroy_list
__C_specific_handler
__current_exception
strrchr
strchr
memset
memmove
memcpy
memcmp
memchr
_CxxThrowException
__std_exception_copy
__std_exception_destroy
strstr
__std_terminate
__current_exception_context

api-ms-win-crt-stdio-l1-1-0

_wfopen
_close
fread
feof
fwrite
_open
fputs
fopen
__stdio_common_vsscanf
__stdio_common_vfprintf
_write
_read
fseek
fclose
fflush
__acrt_iob_func
ftell
fputc
_popen
_pclose
fgets
_lseeki64
_get_stream_buffer_pointers
_fseeki64
fsetpos
ungetc
setvbuf
fgetpos
__stdio_common_vsprintf
fgetc

api-ms-win-crt-utility-l1-1-0

rand
qsort

api-ms-win-crt-string-l1-1-0

tolower
_wcsicmp
towlower
strcmp
_strdup
strncpy
strncmp
strpbrk
isupper
strspn
strcspn

api-ms-win-crt-heap-l1-1-0

free
_callnewh
calloc
malloc
realloc

api-ms-win-crt-runtime-l1-1-0

_getpid
exit
_invalid_parameter_noinfo_noreturn
strerror
terminate
__sys_nerr
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
_initterm
_initterm_e
_invalid_parameter_noinfo
_errno
_resetstkoflw
_beginthreadex
_wassert
system

api-ms-win-crt-convert-l1-1-0

strtoull
strtoul
strtoll
strtol
strtod
atoi

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_fstat64
_stat64
_access
_unlink
_lock_file

api-ms-win-crt-environment-l1-1-0

_dupenv_s
getenv

api-ms-win-crt-time-l1-1-0

_localtime64
_time64
strftime
_gmtime64

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
localeconv

api-ms-win-crt-math-l1-1-0

ceilf
_dclass
cos
acosf
cosf
powf
fmodf
sinf
sqrtf
sin

Sections

.text
Size: 861KB - Virtual size: 860KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 190KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 985KB - Virtual size: 992KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aef9b587c7a0a722e0f83b36b3c0247b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

urlmon

d3d9

kernel32

user32

advapi32

shell32

ole32

oleaut32

imm32

msvcp140

dwmapi

d3dx9_43

normaliz

wldap32

crypt32

ws2_32

shlwapi

rpcrt4

psapi

userenv

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

Sections

.text Size: 861KB - Virtual size: 860KB

.rdata Size: 190KB - Virtual size: 190KB

.data Size: 985KB - Virtual size: 992KB

.pdata Size: 34KB - Virtual size: 33KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 861KB - Virtual size: 860KB

.rdata
Size: 190KB - Virtual size: 190KB

.data
Size: 985KB - Virtual size: 992KB

.pdata
Size: 34KB - Virtual size: 33KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 2KB - Virtual size: 1KB