dhcpcmonitor[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

dhcpcmonitor.dll
Size

14KB
MD5

510cc0172a99c70601e68c88bbbbcb4e
SHA1

80bbb986c1929f3e51a541f1ceabf39854ba04a0
SHA256

aecff814f8e286af62b753cb2dc572dd25f1f26e62ae76061df21bfb45f0cc13
SHA512

bf8be5902e333d842713aeefed9e4addeefe5bb3b48e7436fe27fd6c93e2669dcf7c82c1aa7b7dd6cdbf606193f9751c056d745ea6932af0a8730ebfc5277ebf
SSDEEP

384:G8slMwmJaye8ipCo3YYZZDabm9w7IbXZWjBW:9HhsCo9y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dhcpcmonitor.dll

Files

dhcpcmonitor.dll
.dll windows:6 windows x64 arch:x64

624b3944c91863c3dc254dc83341d5d6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

dhcpcmonitor.pdb

Imports

msvcrt

malloc
_amsg_exit
_XcptFilter
fclose
_wfopen
_initterm
__C_specific_handler
fprintf
fflush
free
memset

dhcpcsvc

DhcpEnableTracing
DhcpGetTraceArray

dhcpcsvc6

Dhcpv6EnableTracing
Dhcpv6GetTraceArray

kernel32

TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
Sleep
GetLastError
HeapAlloc
GetProcessHeap
HeapFree
FreeLibrary
GetWindowsDirectoryW
DisableThreadLibraryCalls
LoadLibraryExW

netsh.exe

MatchToken
RegisterContext
RegisterHelper
MatchCmdLine
DisplayMessageM
PrintError
PrintMessageFromModule

dhcpqec

DhcpQecEnableTracing

Exports

Exports

InitHelperDll

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

624b3944c91863c3dc254dc83341d5d6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

dhcpcsvc

dhcpcsvc6

kernel32

netsh.exe

dhcpqec

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 512B - Virtual size: 384B

.idata Size: 2KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 68B

.text
Size: 8KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 512B - Virtual size: 384B

.idata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 68B