dhcpcsvc6[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

dhcpcsvc6.dll
Size

42KB
MD5

3920e0b3772478d55388993cb580a527
SHA1

e266f19b6b93e23d620b97d18f0b1d19d3ba6e2c
SHA256

4e61fdf087aaa96a38a7a999ebc5598becacbf7343d1a1b64ff2dd1cf64a3767
SHA512

b14d360e38b6ffeea32582a7f71f642ebd5dcf58529a40e3eca3ba6b23f7f681a718d040c18fd905938810dd9067f94026ce0f9cf0642f296d715a3da4eb4b86
SSDEEP

768:I800J0sB0Vmy52WqSwvtILGCtCgpcbnGu10k23z:HoMS6IHPpEnP1Oj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dhcpcsvc6.dll

Files

dhcpcsvc6.dll
.dll windows:6 windows x86 arch:x86

829ad6b3bca0e293dd2cf2ff42721d5b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dhcpcsvc6.pdb

Imports

msvcrt

memcpy
memset
_XcptFilter
malloc
free
wcschr
wcsrchr
_initterm
_amsg_exit
_except_handler4_common
time

ntdll

EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwRegisterTraceGuidsW
EtwUnregisterTraceGuids
RtlGUIDFromString
RtlInitUnicodeString
EtwTraceMessage
RtlFreeUnicodeString
RtlStringFromGUID
RtlNtStatusToDosError
EtwGetTraceEnableFlags

rpcrt4

RpcStringBindingComposeW
NdrClientCall2
RpcBindingFree
RpcBindingSetAuthInfoW
RpcBindingSetOption
RpcStringFreeW
RpcBindingFromStringBindingW

ws2_32

ntohl
ntohs
htonl

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-interlocked-l1-1-0

InterlockedCompareExchange
InterlockedExchange

api-ms-win-core-libraryloader-l1-1-0

GetProcAddress
FreeLibrary
LoadLibraryExA
DisableThreadLibraryCalls

api-ms-win-core-localregistry-l1-1-0

RegOpenKeyExW
RegSetValueExW
RegCloseKey
RegQueryValueExW
RegDeleteValueW

api-ms-win-core-misc-l1-1-0

LocalFree
LocalAlloc
Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
TerminateProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
InitializeCriticalSection

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

Dhcpv6AcquireParameters
Dhcpv6CancelOperation
Dhcpv6EnableTracing
Dhcpv6FreeLeaseInfo
Dhcpv6GetTraceArray
Dhcpv6GetUserClasses
Dhcpv6IsEnabled
Dhcpv6QueryLeaseInfo
Dhcpv6ReleaseParameters
Dhcpv6ReleasePrefix
Dhcpv6ReleasePrefixEx
Dhcpv6RenewPrefix
Dhcpv6RenewPrefixEx
Dhcpv6RequestParams
Dhcpv6RequestPrefix
Dhcpv6RequestPrefixEx
Dhcpv6SetUserClass

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

829ad6b3bca0e293dd2cf2ff42721d5b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

rpcrt4

ws2_32

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-libraryloader-l1-1-0

api-ms-win-core-localregistry-l1-1-0

api-ms-win-core-misc-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 19KB

.data Size: 1KB - Virtual size: 1KB

.rsrc Size: 19KB - Virtual size: 18KB

.reloc Size: 1024B - Virtual size: 968B

.text
Size: 20KB - Virtual size: 19KB

.data
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 19KB - Virtual size: 18KB

.reloc
Size: 1024B - Virtual size: 968B