Gridinsoft Logo

Steam_api64.dll Malware Patcher Analysis

Updated 1 year ago
Checked by Malware Check
steam_api64.dll

Technical Analysis

File Name steam_api64.dll
File Type
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Scanner Version 1.0.151.174
Database Version 2023-12-17 15:01:35 UTC

Malware.Win64.Patcher.cc

Malware family: Patcher

Patcher software modifies existing programs to bypass licensing restrictions or enable unauthorized use. These tools are associated with software piracy and may introduce security vulnerabilities or additional malware to systems.
N/A
Detection Rate
3,551,744
File Size (bytes)
2023-12-17
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
7d01294877c9d684fac95685e9851286
SHA1
c06abbaabd336f8da12b328692f9a7f95a7e4fc7
SHA256
ae7e00ad4b2cc81ff13e3e36376d33924f8a8089cf0a10ffbedaf103b35ea722
SHA512
b3cf2abc7cb8c4bbb9260a63cbfc4701d295eddd27feab4c7e4c7ee1b313d44cbe2dff1fd3f360b27abc4439b0ca7ae228473b9b3dfc140d0e448791986aa09c
ImpHash
b002b0238d9d8895d9baf8b880c22e87

PE Analysis

Basic Information

Image Base 0x180000000
Entry Point 0x180ed4041
Compilation Time 2022-03-02 08:42:40
Checksum 0x0036be0a (Actual: 0x0036be0a)
OS Version 5.2
PEiD Signatures PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Digital Signature The PE file does not contain a certificate table.
Imports 10 libraries
KERNEL32, USER32, ADVAPI32, SHELL32, ole32, WS2_32, WINHTTP, SHLWAPI, PSAPI, bcrypt
Exports 1497 functions
Resources 2 Resources
Sections 8 Sections

Version Information

Comments Valve SpecialBuild
CompanyName Valve Corporation
FileDescription Steam Client API
FileVersion 06.91.21.57
InternalName Steam Client API (buildbot_steam-relclient-win64-builder_steam_rel_client_win64@steam-relclient-win64-builder)
LegalCopyright Copyright (C) 2007
OriginalFilename steam_api.dll
ProductName Steam Client API
ProductVersion 01.00.00.01
Source Control ID 6912157
Translation 0x0804 0x04b0

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 444,538 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ D41D8CD98F00B204E9800998ECF8427E
.rdata 0x0006e000 263,247 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ D41D8CD98F00B204E9800998ECF8427E
.data 0x000af000 11,375,972 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE D41D8CD98F00B204E9800998ECF8427E
.pdata 0x00b89000 30,492 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ D41D8CD98F00B204E9800998ECF8427E
.UPX0 0x00b91000 1,471,173 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ D41D8CD98F00B204E9800998ECF8427E
.UPX1 0x00cf9000 3,548,108 bytes 3,548,160 bytes 7.78 (Packed/Encrypted) IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ B2907C314C6D0FE59D75A48DB458A0E3
.reloc 0x0105c000 144 bytes 512 bytes 1.46 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 22E0A6BFD2AFF06FA13A37D74A87D13F
.rsrc 0x0105d000 1,578 bytes 2,048 bytes 3.38 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ EFB13F66BF0CDC6E6CE5E5FBCCEB10F0
Entropy Analysis Alert

1 section(s) with high entropy (≥7.5) detected - possible packing/encryption

Resource Analysis

Total Resources: 2 (1,418 bytes)
Resource Type Count Total Size Percentage
RT_VERSION 1 1,072 bytes
75.6%
RT_MANIFEST 1 346 bytes
24.4%

Certificate Chain Analysis

No Digital Signatures

This file is not digitally signed.

Security Implications:
  • Cannot verify the publisher's identity
  • Increased security risk when running this file
  • May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

The PE file does not contain a certificate table.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Malware.Win64.Patcher.cc Removal

Gridinsoft has the capability to identify and eliminate Malware.Win64.Patcher.cc without requiring further user intervention.

Download Anti-Malware

Removal Instructions

Follow these steps to completely remove the threat from your system

  1. Start by downloading Gridinsoft Anti-Malware to your computer.
  2. Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
  3. Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
  4. Click on the "Standard Scan" button to begin scanning your computer for threats.
  5. After the scanning process is finished, click on "Clean Now" to remove any detected threats.
  6. If prompted, restart your system to complete the removal process and ensure all threats are eliminated.
Important: Before You Start
Disconnect from the internet to prevent the malware from spreading or downloading additional threats. Run the scan in Safe Mode for better detection and removal of persistent threats.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware