Gridinsoft Logo

GameOverlayRenderer64.dll Trojan Patched Analysis

Updated 4 days ago
Checked by Malaware Check
GameOverlayRenderer64.dll

Technical Analysis

File Name GameOverlayRenderer64.dll
File Type
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Scanner Version 1.0.217.174
Database Version 2025-06-01 11:00:24 UTC

Trojan.Win64.Patched.ca

Malware family: Patched

Patched detection indicates legitimate files that have been modified by malicious software. These modifications often target essential system files through malware intervention.
N/A
Detection Rate
1,544,992
File Size (bytes)
2025-06-01
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
1a98c7ad27a3fd1fa08c3ee3465d71ed
SHA1
544506f6c05d52223b0bd5b83d4eb975e8fd3b88
SHA256
2b250df1300a3575f7f2892a30dceb854dd2fcc07aba3e392886b634fb19bc9f
SHA512
c0dc7f698fb654ac5ebcd2f08bee41d2d78f40b357419ced2bf70fe12ef3eb1964df7c32c7228b3fc45af18e4d2b36b72f8b9771fb120aaa112c6f669af13034
ImpHash
a824a6ffd3a8f6580fa2db33ebb3e2b1

PE Analysis

Basic Information

Image Base 0x180000000
Entry Point 0x1800c0f70
Compilation Time 2019-04-29 20:58:29
Checksum 0x00183bb6 (Actual: 0x001842b8)
OS Version 5.2
PEiD Signatures PE32+ executable (DLL) (GUI) x86-64, for MS Windows
PDB Path c:\buildslave\steam_rel_client_win64\build\src\overlay\gameoverlayrenderer\win64\Release\GameOverlayRenderer64.pdb
Digital Signature The expected hash does not match the digest in SpcInfo
Imports 8 libraries
WINMM, IMM32, KERNEL32, USER32, GDI32, ADVAPI32, ole32, PSAPI
Exports 13 functions
Resources 39 Resources
Sections 6 Sections

Version Information

LegalCopyright Copyright (C) 2007
InternalName GameOverlayRenderer (buildbot_steam-relclient-win64-builder_steam_rel_client_win64@steam-relclient-win64-builder)
FileVersion 05.05.99.96
CompanyName Valve Corporation
ProductVersion 01.00.00.01
FileDescription Steam Game Overlay Renderer
Source Control ID 5059996
OriginalFilename GameOverlayRenderer.dll
ProductName Steam Game Overlay Renderer
Translation 0x0409 0x04b0
CompanyName Valve Corporation
FileDescription Steam Game Overlay Renderer
FileVersion 1, 0, 0, 1
InternalName GameOverlayRenderer
LegalCopyright Copyright (C) 2007
OriginalFilename GameOverlayRenderer.dll
ProductName Steam Game Overlay Renderer
ProductVersion 1, 0, 0, 1
Translation 0x0409 0x04b0

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 974,564 bytes 974,848 bytes 6.36 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 19CFEB613710AA18ECC0B31CF4F12837
.rdata 0x000ef000 421,418 bytes 421,888 bytes 4.92 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 14B6F4348EFE35420016B6DF0E7E66A9
.data 0x00156000 201,844 bytes 27,648 bytes 3.94 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE B64D7D12B32329C99CCFF335A649EEE4
.pdata 0x00188000 43,812 bytes 44,032 bytes 6.00 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ A5D0B0AE07F7F1A8AE80A368AAC0C823
.rsrc 0x00193000 58,424 bytes 58,880 bytes 2.13 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 1E633F233FE8B7061DD1911E0F4707AB
.reloc 0x001a2000 9,240 bytes 9,728 bytes 5.36 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 82097D3A53F460E0ED781FA1102585E0

Resource Analysis

Total Resources: 39 (56,337 bytes)
Resource Type Count Total Size Percentage
SCID 1 7 bytes
0%
WEVT_TEMPLATE 1 13,170 bytes
23.4%
RT_CURSOR 17 40,876 bytes
72.6%
RT_MESSAGETABLE 1 48 bytes
0.1%
RT_GROUP_CURSOR 17 340 bytes
0.6%
RT_VERSION 2 1,896 bytes
3.4%

Certificate Chain Analysis

No Digital Signatures

This file is not digitally signed.

Security Implications:
  • Cannot verify the publisher's identity
  • Increased security risk when running this file
  • May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

The expected hash does not match the digest in SpcInfo

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Trojan.Win64.Patched.ca Removal

Gridinsoft has the capability to identify and eliminate Trojan.Win64.Patched.ca without requiring further user intervention.

Download Anti-Malware

Removal Instructions

Follow these steps to completely remove the threat from your system

  1. Start by downloading Gridinsoft Anti-Malware to your computer.
  2. Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
  3. Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
  4. Click on the "Standard Scan" button to begin scanning your computer for threats.
  5. After the scanning process is finished, click on "Clean Now" to remove any detected threats.
  6. If prompted, restart your system to complete the removal process and ensure all threats are eliminated.
Important: Before You Start
Disconnect from the internet to prevent the malware from spreading or downloading additional threats. Run the scan in Safe Mode for better detection and removal of persistent threats.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware