davclnt[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

davclnt.dll
Size

77KB
MD5

81012eec38bf1d3ff24fbc6431b756c8
SHA1

c22e7fed81079910b415a294b0239015a29967f1
SHA256

dc9c0cf8ff5f6b835d4d194d21af9b5664d772ce1e2089d83cc233a051562a96
SHA512

0e4d06b2df13d013f0e309053c8f425e191c90f7699f50c9fb1d9a41f3f04c1698668df1cadf9d03ad5d0b705111a7d7580f2c965e25bad3577ff12f71fcbcfa
SSDEEP

1536:DerUJnGdY1sHLfMo+IXr2rY0KYVGwnhBW4EClI:DerUVoXHLVLYVGIhBjEh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
davclnt.dll

Files

davclnt.dll
.dll windows:10 windows x86 arch:x86

f83674d5d9d4737c9b314868ee68ba34

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

davclnt.pdb

Imports

msvcrt

iswctype
wcschr
malloc
swscanf_s
_except_handler4_common
memcpy
free
_amsg_exit
_XcptFilter
_vsnwprintf
wcsrchr
wcsstr
_wcsicmp
tolower
_initterm
wcstok
_wcsnicmp
memset

ntdll

RtlReleaseResource
RtlAcquireResourceShared
EtwEventRegister
EtwEventWrite
EtwEventUnregister
RtlNtStatusToDosError
EtwTraceMessage
RtlAcquireResourceExclusive
EtwUnregisterTraceGuids
RtlInitializeResource
EtwGetTraceEnableFlags
RtlDeleteResource
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwRegisterTraceGuidsW
RtlNtStatusToDosErrorNoTeb

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetProcAddress
DisableThreadLibraryCalls
GetModuleFileNameW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegGetValueW

api-ms-win-core-processthreads-l1-1-0

ExitProcess
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
InitializeCriticalSection

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetTickCount64

api-ms-win-security-base-l1-1-0

EqualSid

davhlpr

DavCheckAndConvertHttpUrlToUncName
DavGetHTTPFromUNCPath
DavParseUncServerName
DavUrlEncodeNtPath

kernel32

ResolveDelayLoadedAPI
DelayLoadFailureHook
GlobalFree
QueryDosDeviceW
LocalFree
LocalAlloc
IdnToAscii

Exports

Exports

DavCancelConnectionsToServer
DavFreeUsedDiskSpace
DavGetDiskSpaceUsage
DavGetTheLockOwnerOfTheFile
DavInvalidateCache
DavRegisterAuthCallback
DavSetCookieW
DavUnregisterAuthCallback
DllCanUnloadNow
DllGetClassObject
DllMain
NPAddConnection
NPAddConnection3
NPCancelConnection
NPCloseEnum
NPEnumResource
NPFormatNetworkName
NPGetCaps
NPGetConnection
NPGetResourceInformation
NPGetResourceParent
NPGetUniversalName
NPGetUser
NPOpenEnum

Sections

.text
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f83674d5d9d4737c9b314868ee68ba34

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-registry-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-security-base-l1-1-0

davhlpr

kernel32

Exports

Exports

Sections

.text Size: 65KB - Virtual size: 64KB

.data Size: 512B - Virtual size: 6KB

.idata Size: 3KB - Virtual size: 2KB

.didat Size: 512B - Virtual size: 292B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 65KB - Virtual size: 64KB

.data
Size: 512B - Virtual size: 6KB

.idata
Size: 3KB - Virtual size: 2KB

.didat
Size: 512B - Virtual size: 292B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 4KB