dhcpcsvc[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

dhcpcsvc.dll
Size

72KB
MD5

e4439863b2c25543248ed237f2815c20
SHA1

bea5f233126d041d914505bc5ca92defab04f0ba
SHA256

8a5b1eb69453e56efe918aa22791507f88ff1947d53a6bb480eac4acfeb0eba7
SHA512

d304235273c3e7700f860b2ea1a6573ca133c713704baa4fd5ac4be46b9cbdce8188cdac43a8bad2d452a2d1047fbf14ecb7d593b821726fd29b49978ef9cb21
SSDEEP

1536:xJOz0PWT82dEjtkk+JShIbOYAz8S8Hme+eCZjaj+JkkeDJsk1N:xJOXT82AeXb4z8R1+fm8yDJsk1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dhcpcsvc.dll

Files

dhcpcsvc.dll
.dll windows:10 windows x86 arch:x86

63fc82444be0de4f05c0049583ecf84d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dhcpcsvc.pdb

Imports

api-ms-win-core-crt-l1-1-0

memcpy_s
memcpy
wcsrchr
wcschr
_except_handler4_common
wcsncmp
memset
memcmp
_vsnwprintf_s
_vsnprintf_s

api-ms-win-core-crt-l2-1-0

_initterm_e
_initterm

ntdll

NtDeviceIoControlFile
RtlGetDeviceFamilyInfoEnum
RtlIsStateSeparationEnabled
RtlSetSaclSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlAddAce
RtlLengthSid
RtlNewSecurityObject
RtlCopySid
RtlCreateAcl
RtlSetGroupSecurityDescriptor
RtlCreateSecurityDescriptor
RtlDeleteSecurityObject
EtwGetTraceLoggerHandle
RtlFreeUnicodeString
RtlNtStatusToDosError
RtlStringFromGUID
EtwTraceMessage
NtCreateFile
RtlGUIDFromString
RtlxOemStringToUnicodeSize
RtlOemStringToUnicodeString
RtlInitUnicodeString
EtwGetTraceEnableLevel
EtwGetTraceEnableFlags
EtwRegisterTraceGuidsW
EtwUnregisterTraceGuids
RtlInitString

rpcrt4

RpcBindingSetOption
NdrClientCall2
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcStringFreeW
RpcBindingFree
RpcBindingSetAuthInfoW

api-ms-win-downlevel-kernel32-l1-1-0

InitializeCriticalSectionAndSpinCount
HeapFree
TerminateProcess
GetCurrentProcess
InitializeCriticalSection
UnhandledExceptionFilter
DecodePointer
EncodePointer
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
SetLastError
DeleteCriticalSection
SetUnhandledExceptionFilter
HeapAlloc
CreateEventW
DisableThreadLibraryCalls
GetProcessHeap
OpenEventW
CloseHandle
CreateEventA
GetCurrentProcessId
GetLastError
GetCommandLineW

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegSetValueExW
RegGetValueW
RegDeleteKeyExW
RegEnumKeyExW
RegQueryValueExW
RegDeleteValueW

api-ms-win-core-heap-obsolete-l1-1-0

LocalAlloc
LocalFree

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-security-base-l1-1-0

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
AllocateAndInitializeSid
FreeSid
GetLengthSid

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DhcpAcquireParameters
DhcpAcquireParametersByBroadcast
DhcpCApiCleanup
DhcpCApiInitialize
DhcpClient_Generalize
DhcpDeRegisterConnectionStateNotification
DhcpDeRegisterOptions
DhcpDeRegisterParamChange
DhcpDelPersistentRequestParams
DhcpEnableDhcp
DhcpEnableDhcpAdvanced
DhcpEnableTracing
DhcpEnumClasses
DhcpEnumInterfaces
DhcpFallbackRefreshParams
DhcpFreeEnumeratedInterfaces
DhcpFreeLeaseInfo
DhcpFreeLeaseInfoArray
DhcpFreeMem
DhcpGetClassId
DhcpGetClientId
DhcpGetDhcpServicedConnections
DhcpGetFallbackParams
DhcpGetNotificationStatus
DhcpGetOriginalSubnetMask
DhcpGetTraceArray
DhcpGlobalIsShuttingDown
DhcpGlobalServiceSyncEvent
DhcpGlobalTerminateEvent
DhcpHandlePnPEvent
DhcpIsEnabled
DhcpIsMeteredDetected
DhcpLeaseIpAddress
DhcpLeaseIpAddressEx
DhcpNotifyConfigChange
DhcpNotifyConfigChangeEx
DhcpNotifyMediaReconnected
DhcpOpenGlobalEvent
DhcpPersistentRequestParams
DhcpQueryLeaseInfo
DhcpQueryLeaseInfoArray
DhcpQueryLeaseInfoEx
DhcpRegisterConnectionStateNotification
DhcpRegisterOptions
DhcpRegisterParamChange
DhcpReleaseIpAddressLease
DhcpReleaseIpAddressLeaseEx
DhcpReleaseParameters
DhcpRemoveDNSRegistrations
DhcpRenewIpAddressLease
DhcpRenewIpAddressLeaseEx
DhcpRequestCachedParams
DhcpRequestOptions
DhcpRequestParams
DhcpSetClassId
DhcpSetClientId
DhcpSetFallbackParams
DhcpSetMSFTVendorSpecificOptions
DhcpStaticRefreshParams
DhcpUndoRequestParams
Dhcpv4CheckServerAvailability
Dhcpv4EnableDhcpEx
McastApiCleanup
McastApiStartup
McastEnumerateScopes
McastGenUID
McastReleaseAddress
McastRenewAddress
McastRequestAddress

Sections

.text
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

63fc82444be0de4f05c0049583ecf84d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-core-crt-l1-1-0

api-ms-win-core-crt-l2-1-0

ntdll

rpcrt4

api-ms-win-downlevel-kernel32-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-apiquery-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 60KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 4KB - Virtual size: 3KB

.didat Size: 512B - Virtual size: 64B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 60KB - Virtual size: 60KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 4KB - Virtual size: 3KB

.didat
Size: 512B - Virtual size: 64B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB