dhcpcsvc[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

dhcpcsvc.dll
Size

72KB
MD5

eb4ad4ed7e7862affb6c68f250c66794
SHA1

d6d2246e4f736c385131a0e0fd68234c35e8c3cb
SHA256

9497d7ba94dfb3327ec40f4cc45f6e015e1d4d332d2a97547a8f5498ee73caf6
SHA512

5fb6be89a343be7a66e462b3a27b27926cd421abeee75e2804b3bf7fe2c54592a0fd27fb05e7542e3527876a0c1f67daabee7fbbfee6eb8579ffd1c56df4d152
SSDEEP

1536:gHsOz0PWT82dEjtkk+JShIbOYAz8S8Hme+eCZjaj+JkkeDJ0k4D:msOXT82AeXb4z8R1+fm8yDJ0k4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dhcpcsvc.dll

Files

dhcpcsvc.dll
.dll windows:10 windows x86 arch:x86

63fc82444be0de4f05c0049583ecf84d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dhcpcsvc.pdb

Imports

api-ms-win-core-crt-l1-1-0

memcpy_s
memcpy
wcsrchr
wcschr
_except_handler4_common
wcsncmp
memset
memcmp
_vsnwprintf_s
_vsnprintf_s

api-ms-win-core-crt-l2-1-0

_initterm_e
_initterm

ntdll

NtDeviceIoControlFile
RtlGetDeviceFamilyInfoEnum
RtlIsStateSeparationEnabled
RtlSetSaclSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlAddAce
RtlLengthSid
RtlNewSecurityObject
RtlCopySid
RtlCreateAcl
RtlSetGroupSecurityDescriptor
RtlCreateSecurityDescriptor
RtlDeleteSecurityObject
EtwGetTraceLoggerHandle
RtlFreeUnicodeString
RtlNtStatusToDosError
RtlStringFromGUID
EtwTraceMessage
NtCreateFile
RtlGUIDFromString
RtlxOemStringToUnicodeSize
RtlOemStringToUnicodeString
RtlInitUnicodeString
EtwGetTraceEnableLevel
EtwGetTraceEnableFlags
EtwRegisterTraceGuidsW
EtwUnregisterTraceGuids
RtlInitString

rpcrt4

RpcBindingSetOption
NdrClientCall2
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcStringFreeW
RpcBindingFree
RpcBindingSetAuthInfoW

api-ms-win-downlevel-kernel32-l1-1-0

InitializeCriticalSectionAndSpinCount
HeapFree
TerminateProcess
GetCurrentProcess
InitializeCriticalSection
UnhandledExceptionFilter
DecodePointer
EncodePointer
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
SetLastError
DeleteCriticalSection
SetUnhandledExceptionFilter
HeapAlloc
CreateEventW
DisableThreadLibraryCalls
GetProcessHeap
OpenEventW
CloseHandle
CreateEventA
GetCurrentProcessId
GetLastError
GetCommandLineW

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegSetValueExW
RegGetValueW
RegDeleteKeyExW
RegEnumKeyExW
RegQueryValueExW
RegDeleteValueW

api-ms-win-core-heap-obsolete-l1-1-0

LocalAlloc
LocalFree

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-security-base-l1-1-0

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
AllocateAndInitializeSid
FreeSid
GetLengthSid

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DhcpAcquireParameters
DhcpAcquireParametersByBroadcast
DhcpCApiCleanup
DhcpCApiInitialize
DhcpClient_Generalize
DhcpDeRegisterConnectionStateNotification
DhcpDeRegisterOptions
DhcpDeRegisterParamChange
DhcpDelPersistentRequestParams
DhcpEnableDhcp
DhcpEnableDhcpAdvanced
DhcpEnableTracing
DhcpEnumClasses
DhcpEnumInterfaces
DhcpFallbackRefreshParams
DhcpFreeEnumeratedInterfaces
DhcpFreeLeaseInfo
DhcpFreeLeaseInfoArray
DhcpFreeMem
DhcpGetClassId
DhcpGetClientId
DhcpGetDhcpServicedConnections
DhcpGetFallbackParams
DhcpGetNotificationStatus
DhcpGetOriginalSubnetMask
DhcpGetTraceArray
DhcpGlobalIsShuttingDown
DhcpGlobalServiceSyncEvent
DhcpGlobalTerminateEvent
DhcpHandlePnPEvent
DhcpIsEnabled
DhcpIsMeteredDetected
DhcpLeaseIpAddress
DhcpLeaseIpAddressEx
DhcpNotifyConfigChange
DhcpNotifyConfigChangeEx
DhcpNotifyMediaReconnected
DhcpOpenGlobalEvent
DhcpPersistentRequestParams
DhcpQueryLeaseInfo
DhcpQueryLeaseInfoArray
DhcpQueryLeaseInfoEx
DhcpRegisterConnectionStateNotification
DhcpRegisterOptions
DhcpRegisterParamChange
DhcpReleaseIpAddressLease
DhcpReleaseIpAddressLeaseEx
DhcpReleaseParameters
DhcpRemoveDNSRegistrations
DhcpRenewIpAddressLease
DhcpRenewIpAddressLeaseEx
DhcpRequestCachedParams
DhcpRequestOptions
DhcpRequestParams
DhcpSetClassId
DhcpSetClientId
DhcpSetFallbackParams
DhcpSetMSFTVendorSpecificOptions
DhcpStaticRefreshParams
DhcpUndoRequestParams
Dhcpv4CheckServerAvailability
Dhcpv4EnableDhcpEx
McastApiCleanup
McastApiStartup
McastEnumerateScopes
McastGenUID
McastReleaseAddress
McastRenewAddress
McastRequestAddress

Sections

.text
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

63fc82444be0de4f05c0049583ecf84d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-core-crt-l1-1-0

api-ms-win-core-crt-l2-1-0

ntdll

rpcrt4

api-ms-win-downlevel-kernel32-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-apiquery-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 60KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 4KB - Virtual size: 3KB

.didat Size: 512B - Virtual size: 64B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 60KB - Virtual size: 60KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 4KB - Virtual size: 3KB

.didat
Size: 512B - Virtual size: 64B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB