dhcpcore6[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

dhcpcore6.dll
Size

253KB
MD5

db39fb2fa1d2b47ebc900b97b39dbd87
SHA1

5eba69b1dda48f38d9ee41d937a8f5b76b0e9ae5
SHA256

ec9a85ba0f9b45a72d068a7c71af2de585c5c5daee53aa50c774480babdc73f9
SHA512

757f1870bc266986ec5caf6fb2f5ac149eedc5510926508bfc3c85566bceb4029ca065462655c95a164af9b732737282e50db81e6392d7a3230d9773100c88d8
SSDEEP

3072:IMb3Nwlb45gCqf7AGo7/xSqd+6yQ9zTcFjsvM/A0g6uMk5uTCAfIDWj4Ph9sz7Ot:rRmJf8BS6yQ9z8YvM40flb+A94Q85Mk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dhcpcore6.dll

Files

dhcpcore6.dll
.dll windows:10 windows x86 arch:x86

beefe76ac4e535bf13f8b1b4f14425d2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dhcpcore6.pdb

Imports

api-ms-win-core-crt-l1-1-0

_except_handler4_common
_ftol2
_ftol2_sse
_local_unwind4
memcmp
memcpy
memset
wcsrchr
wcschr
_vsnprintf_s
_wcsicmp
_vsnwprintf_s

api-ms-win-core-crt-l2-1-0

time
_initterm_e
_initterm

ntdll

EtwEventActivityIdControl
RtlGetDeviceFamilyInfoEnum
RtlIpv6AddressToStringW
RtlSetSaclSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlAddAce
RtlLengthSid
RtlNewSecurityObject
RtlCopySid
RtlCreateAcl
RtlSetGroupSecurityDescriptor
RtlCreateSecurityDescriptor
RtlDeleteSecurityObject
RtlNtStatusToDosError
EtwEventWriteTransfer
RtlIsStateSeparationEnabled
EtwEventRegister
EtwEventWrite
RtlInitUnicodeString
RtlxUnicodeStringToOemSize
RtlUnicodeStringToOemString
RtlInitString
RtlOemStringToUnicodeString
EtwEventUnregister
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwTraceMessage
EtwTraceMessageVa
RtlGUIDFromString
DbgPrint
RtlRandomEx
RtlStringFromGUID
RtlFreeUnicodeString
WinSqmAddToStream

rpcrt4

UuidCreate
RpcServerRegisterIf3
RpcServerInqBindings
RpcEpRegisterW
RpcBindingVectorFree
RpcEpUnregister
RpcServerUnregisterIfEx
RpcBindingToStringBindingW
RpcStringBindingParseW
RpcStringFreeW
NdrServerCall2
I_RpcExceptionFilter
RpcImpersonateClient
RpcRevertToSelf
RpcServerUseProtseqEpW

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-file-l1-1-0

CreateFileA
CreateFileW
SetFileInformationByHandle

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleW
DisableThreadLibraryCalls

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegDeleteKeyExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegEnumValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegCreateKeyExW
RegQueryValueExW
RegGetValueW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-heap-obsolete-l1-1-0

LocalFree
LocalAlloc

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
CreateThread

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
InitializeSRWLock
CreateWaitableTimerExW
CreateEventW
EnterCriticalSection
WaitForSingleObject
SetEvent
WaitForMultipleObjectsEx
ResetEvent
InitializeCriticalSection
DeleteCriticalSection
SetWaitableTimer
CancelWaitableTimer
CreateSemaphoreExW
ReleaseSRWLockShared
AcquireSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSemaphore

api-ms-win-core-synch-l1-2-0

InitializeConditionVariable
WakeConditionVariable
SleepConditionVariableCS
Sleep

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetTickCount64
GetComputerNameExW
GetLocalTime
GetSystemTime
GetSystemTimeAsFileTime

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-security-base-l1-1-0

FreeSid
AllocateAndInitializeSid
AccessCheck

api-ms-win-eventing-provider-l1-1-0

EventSetInformation

api-ms-win-core-rtlsupport-l1-2-0

RtlCompareMemory

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

Dhcpv6Main

Sections

.text
Size: 204KB - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.wpp_sf
Size: 512B - Virtual size: 378B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 308B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

beefe76ac4e535bf13f8b1b4f14425d2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-core-crt-l1-1-0

api-ms-win-core-crt-l2-1-0

ntdll

rpcrt4

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-registry-l1-1-1

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-rtlsupport-l1-2-0

api-ms-win-core-apiquery-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 204KB - Virtual size: 204KB

.wpp_sf Size: 512B - Virtual size: 378B

.data Size: 512B - Virtual size: 3KB

.idata Size: 6KB - Virtual size: 5KB

.didat Size: 512B - Virtual size: 308B

.rsrc Size: 29KB - Virtual size: 28KB

.reloc Size: 11KB - Virtual size: 11KB

.text
Size: 204KB - Virtual size: 204KB

.wpp_sf
Size: 512B - Virtual size: 378B

.data
Size: 512B - Virtual size: 3KB

.idata
Size: 6KB - Virtual size: 5KB

.didat
Size: 512B - Virtual size: 308B

.rsrc
Size: 29KB - Virtual size: 28KB

.reloc
Size: 11KB - Virtual size: 11KB