davhlpr[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

davhlpr.dll
Size

21KB
MD5

730c13aaad3433e8dff6fffd2c950487
SHA1

715c92af86cb5d88d49264f7c28f0b0bfb101a92
SHA256

2dedfc4094c0f1f24e53d7c845f8036f6f882eede46e4eb6ad14b0b022136682
SHA512

b58ad9fbf94467f97008c6613981f8955e80e4690f214b517a1ead89aa3eaa32f2ba3ef4da3abba00213578176ffab8fbd4023793928429febc45ac5127edc75
SSDEEP

384:Sux2VG/oF3Jwg9q+zZxt061dUwUxJdozw/XKpnENl7NWYqugSqRWw0W:R2VGQFDM+zjt0twUxLH/nBqb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
davhlpr.dll

Files

davhlpr.dll
.dll windows:10 windows x86 arch:x86

5542dd0ea1c8717dfbee67c3789d5474

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

davhlpr.pdb

Imports

msvcrt

memcpy
memset
_except_handler4_common
_initterm
malloc
free
_amsg_exit
_XcptFilter
wcscspn
towupper
_vsnwprintf
_wcsnicmp
wcschr

ntdll

NtCreateFile
EtwEventWrite
EtwEventUnregister
RtlNtStatusToDosError
EtwEventRegister
NtClose
RtlInitUnicodeString
NtFsControlFile

kernel32

DelayLoadFailureHook
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
DisableThreadLibraryCalls
LocalFree
GetLastError
Sleep
LocalAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
ResolveDelayLoadedAPI
GetTickCount

Exports

Exports

DavAddConnection
DavCheckAndConvertHttpUrlToUncName
DavDeleteConnection
DavFlushFile
DavGetExtendedError
DavGetHTTPFromUNCPath
DavGetUNCFromHTTPPath
DavParseUncServerName
DavRemoveDummyShareFromFileName
DavRemoveDummyShareFromFileNameEx
DavUrlDecodeToNtPath
DavUrlDecodeUtf8
DavUrlEncodeNtPath

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 988B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 644B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5542dd0ea1c8717dfbee67c3789d5474

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

kernel32

Exports

Exports

Sections

.text Size: 15KB - Virtual size: 15KB

.data Size: 512B - Virtual size: 988B

.idata Size: 1KB - Virtual size: 1KB

.didat Size: 512B - Virtual size: 44B

.rsrc Size: 1024B - Virtual size: 1008B

.reloc Size: 1024B - Virtual size: 644B

.text
Size: 15KB - Virtual size: 15KB

.data
Size: 512B - Virtual size: 988B

.idata
Size: 1KB - Virtual size: 1KB

.didat
Size: 512B - Virtual size: 44B

.rsrc
Size: 1024B - Virtual size: 1008B

.reloc
Size: 1024B - Virtual size: 644B