dhcpcsvc[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

dhcpcsvc.dll
Size

87KB
MD5

c1d381c2ba4084a8f526864e9afa1b7b
SHA1

a7bafbcaf668ebe6d2f5a8a9067e54c764885c89
SHA256

1da9a9fb8a066778194da89e72ac85876adcc43bc0b871110370e7fd9e1ad673
SHA512

13d05fd93d87cda7688178eb099ce225ec4f1bd6e41b2be46e9f99f559a566e3ac13ac3175246e0173b90692c97c9446d7ee26617ce4cb648438726a2820e792
SSDEEP

1536:amyRpm8IzJUULz//fEU9h/EGBayJ0rygmtaokhY8kmBWi/+:amyRtIzJNf//8U9h/EiikkYdm0i/+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dhcpcsvc.dll

Files

dhcpcsvc.dll
.dll windows:6 windows x64 arch:x64

48c8c02bde032989fb11fc1997e2f064

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

dhcpcsvc.pdb

Imports

api-ms-win-core-crt-l1-1-0

memcmp
wcsrchr
wcschr
__C_specific_handler
memset
memcpy
memcpy_s
wcsncmp
_vsnwprintf_s
_vsnprintf_s

api-ms-win-core-crt-l2-1-0

_initterm_e
_initterm

ntdll

RtlOemStringToUnicodeString
RtlxOemStringToUnicodeSize
RtlGUIDFromString
NtCreateFile
NtDeviceIoControlFile
RtlAddAce
RtlCreateAcl
RtlSetDaclSecurityDescriptor
RtlDeleteSecurityObject
EtwRegisterTraceGuidsW
RtlNewSecurityObject
RtlSetGroupSecurityDescriptor
RtlSetSaclSecurityDescriptor
NtClose
RtlInitString
RtlLengthSid
RtlCreateSecurityDescriptor
RtlSetOwnerSecurityDescriptor
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
RtlFreeUnicodeString
RtlNtStatusToDosError
RtlStringFromGUID
EtwTraceMessage
EtwUnregisterTraceGuids
RtlCaptureContext
NlsMbOemCodePageTag
NtOpenProcessToken
RtlLookupFunctionEntry
RtlInitUnicodeString
RtlCopySid
RtlVirtualUnwind

rpcrt4

NdrClientCall3
RpcStringFreeW
RpcBindingSetOption
RpcStringBindingComposeW
RpcBindingSetAuthInfoW
RpcBindingFromStringBindingW
RpcBindingFree

ws2_32

ntohl
inet_ntoa
ntohs

nsi

NsiGetAllParametersEx

api-ms-win-core-errorhandling-l1-1-1

SetLastError
SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

api-ms-win-core-file-l1-2-1

CreateFileW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l1-2-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-io-l1-1-1

DeviceIoControl

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyExW
RegGetValueW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW

api-ms-win-core-heap-obsolete-l1-1-0

LocalAlloc
LocalFree

api-ms-win-core-processthreads-l1-1-2

GetCurrentProcessId
TerminateProcess
GetCurrentThreadId
GetCurrentProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-synch-l1-2-0

CreateEventA
CreateEventW
OpenEventW
InitializeCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount

api-ms-win-core-sysinfo-l1-2-1

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-security-base-l1-2-0

InitializeSecurityDescriptor
SetSecurityDescriptorDacl
InitializeAcl
AllocateAndInitializeSid
FreeSid
GetLengthSid
AddAccessAllowedAce

api-ms-win-service-management-l1-1-0

OpenSCManagerW
StartServiceW
CloseServiceHandle
OpenServiceW

api-ms-win-core-delayload-l1-1-1

DelayLoadFailureHook
ResolveDelayLoadedAPI

Exports

Exports

DhcpAcquireParameters
DhcpAcquireParametersByBroadcast
DhcpCApiCleanup
DhcpCApiInitialize
DhcpClient_Generalize
DhcpDeRegisterConnectionStateNotification
DhcpDeRegisterOptions
DhcpDeRegisterParamChange
DhcpDelPersistentRequestParams
DhcpEnableDhcp
DhcpEnableTracing
DhcpEnumClasses
DhcpEnumInterfaces
DhcpFallbackRefreshParams
DhcpFreeEnumeratedInterfaces
DhcpFreeLeaseInfo
DhcpFreeLeaseInfoArray
DhcpFreeMem
DhcpGetClassId
DhcpGetClientId
DhcpGetDhcpServicedConnections
DhcpGetFallbackParams
DhcpGetNotificationStatus
DhcpGetOriginalSubnetMask
DhcpGetTraceArray
DhcpGlobalIsShuttingDown
DhcpGlobalServiceSyncEvent
DhcpGlobalTerminateEvent
DhcpHandlePnPEvent
DhcpIsEnabled
DhcpLeaseIpAddress
DhcpLeaseIpAddressEx
DhcpNotifyConfigChange
DhcpNotifyConfigChangeEx
DhcpNotifyMediaReconnected
DhcpOpenGlobalEvent
DhcpPersistentRequestParams
DhcpQueryLeaseInfo
DhcpQueryLeaseInfoArray
DhcpQueryLeaseInfoEx
DhcpRegisterConnectionStateNotification
DhcpRegisterOptions
DhcpRegisterParamChange
DhcpReleaseIpAddressLease
DhcpReleaseIpAddressLeaseEx
DhcpReleaseParameters
DhcpRemoveDNSRegistrations
DhcpRenewIpAddressLease
DhcpRenewIpAddressLeaseEx
DhcpRequestCachedParams
DhcpRequestOptions
DhcpRequestParams
DhcpSetClassId
DhcpSetClientId
DhcpSetFallbackParams
DhcpSetMSFTVendorSpecificOptions
DhcpStaticRefreshParams
DhcpUndoRequestParams
Dhcpv4CheckServerAvailability
Dhcpv4EnableDhcpEx
McastApiCleanup
McastApiStartup
McastEnumerateScopes
McastGenUID
McastReleaseAddress
McastRenewAddress
McastRequestAddress

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

48c8c02bde032989fb11fc1997e2f064

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-core-crt-l1-1-0

api-ms-win-core-crt-l2-1-0

ntdll

rpcrt4

ws2_32

nsi

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-file-l1-2-1

api-ms-win-core-handle-l1-1-0

api-ms-win-core-heap-l1-2-0

api-ms-win-core-io-l1-1-1

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-profile-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-util-l1-1-0

api-ms-win-security-base-l1-2-0

api-ms-win-service-management-l1-1-0

api-ms-win-core-delayload-l1-1-1

Exports

Exports

Sections

.text Size: 72KB - Virtual size: 71KB

.data Size: 2KB - Virtual size: 2KB

.pdata Size: 3KB - Virtual size: 2KB

.idata Size: 5KB - Virtual size: 5KB

.didat Size: 512B - Virtual size: 24B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 968B

.text
Size: 72KB - Virtual size: 71KB

.data
Size: 2KB - Virtual size: 2KB

.pdata
Size: 3KB - Virtual size: 2KB

.idata
Size: 5KB - Virtual size: 5KB

.didat
Size: 512B - Virtual size: 24B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 968B