IPHLPAPI.DLL

  • File Path: C:\Windows\system32\IPHLPAPI.DLL
  • Description: IP Helper API

Hashes

Type Hash
MD5 1B77F078AC75AC614B44C22F550D3369
SHA1 E7A786B534D380387E17431C6229B09AD1E09FBA
SHA256 4AC5253AC203DC97F4DD0836E675871BC857D91C6944ADA2868E701F3D94925B
SHA384 5B1645318C969C207935A4BC87BF071683A0AFDB4EDB5C739E6A604111D9196609F299A5653C8303296F65EFF0E9BD51
SHA512 E2E12850CAFF5768A54665CE531D90E1EBBE37CFD791EE1B0DD6D4C148A7457165A5165A12ABF5D4CBE10EB3EEC511F953724420B287BB7E3A94C6A3B26FDE8D
SSDEEP 3072:GtWquqCxnIRVyLDg2rpwlsERrqjNe9+N38FboAkVrP1neFvpHvvklynY2NrQdy5u:NtqI+0LD9xERrINGi82AkVZneHHAAKyc
IMP 1A84705CDCFB65BD11ABDA0FE9C13393
PESHA1 174C29681B232A48DB3682A8B3082A1FDBEEF8F4
PE256 5667BC529C370510E2404DFBD9157D8FC1E4B70E8396C8261BD77CC656978A55

DLL Exports:

Function Name Ordinal Type
InternalGetIPPhysicalInterfaceForDestination 183 Exported Function
InternalGetMulticastIpAddressEntry 195 Exported Function
InternalGetIpNetTable 193 Exported Function
InternalGetIpNetTable2 194 Exported Function
InternalGetMulticastIpAddressTable 196 Exported Function
InternalGetTcp6TableWithOwnerModule 199 Exported Function
InternalGetTcp6TableWithOwnerPid 200 Exported Function
InternalGetRtcSlotInformation 197 Exported Function
InternalGetTcp6Table2 198 Exported Function
InternalGetIfTable2 186 Exported Function
InternalGetIpAddrTable 187 Exported Function
InternalGetIfEntry2 184 Exported Function
InternalGetIfTable 185 Exported Function
InternalGetIpForwardEntry2 188 Exported Function
InternalGetIpInterfaceTable 191 Exported Function
InternalGetIpNetEntry2 192 Exported Function
InternalGetIpForwardTable 189 Exported Function
InternalGetIpInterfaceEntry 190 Exported Function
InternalGetTcpTable 201 Exported Function
InternalGetUnicastIpAddressEntry 213 Exported Function
InternalGetUnicastIpAddressTable 214 Exported Function
InternalGetUdpTableWithOwnerModule 211 Exported Function
InternalGetUdpTableWithOwnerPid 212 Exported Function
InternalIcmpCreateFileEx 215 Exported Function
InternalSetIpForwardEntry2 218 Exported Function
InternalSetIpInterfaceEntry 219 Exported Function
InternalSetIfEntry 216 Exported Function
InternalSetIpForwardEntry 217 Exported Function
InternalGetTcpTableWithOwnerModule 204 Exported Function
InternalGetTcpTableWithOwnerPid 205 Exported Function
InternalGetTcpTable2 202 Exported Function
InternalGetTcpTableEx 203 Exported Function
InternalGetTunnelPhysicalAdapter 206 Exported Function
InternalGetUdpTable 209 Exported Function
InternalGetUdpTableEx 210 Exported Function
InternalGetUdp6TableWithOwnerModule 207 Exported Function
InternalGetUdp6TableWithOwnerPid 208 Exported Function
if_indextoname 295 Exported Function
if_nametoindex 296 Exported Function
IcmpSendEcho2 157 Exported Function
IcmpSendEcho2Ex 158 Exported Function
InitializeCompartmentEntry 159 Exported Function
InitializeUnicastIpAddressEntry 162 Exported Function
InternalCleanupPersistentStore 163 Exported Function
InitializeIpForwardEntry 160 Exported Function
InitializeIpInterfaceEntry 161 Exported Function
Icmp6CreateFile 150 Exported Function
Icmp6ParseReplies 151 Exported Function
GetUniDirectionalAdapterInfo 146 Exported Function
GetWPAOACSupportLevel 149 Exported Function
Icmp6SendEcho2 152 Exported Function
IcmpParseReplies 155 Exported Function
IcmpSendEcho 156 Exported Function
IcmpCloseHandle 153 Exported Function
IcmpCreateFile 154 Exported Function
InternalCreateAnycastIpAddressEntry 164 Exported Function
InternalDeleteUnicastIpAddressEntry 176 Exported Function
InternalFindInterfaceByAddress 177 Exported Function
InternalDeleteIpNetEntry 174 Exported Function
InternalDeleteIpNetEntry2 175 Exported Function
InternalGetAnycastIpAddressEntry 178 Exported Function
InternalGetBoundTcpEndpointTable 181 Exported Function
InternalGetForwardIpTable2 182 Exported Function
InternalGetAnycastIpAddressTable 179 Exported Function
InternalGetBoundTcp6EndpointTable 180 Exported Function
InternalCreateIpNetEntry 167 Exported Function
InternalCreateIpNetEntry2 168 Exported Function
InternalCreateIpForwardEntry 165 Exported Function
InternalCreateIpForwardEntry2 166 Exported Function
InternalCreateOrRefIpForwardEntry2 169 Exported Function
InternalDeleteIpForwardEntry 172 Exported Function
InternalDeleteIpForwardEntry2 173 Exported Function
InternalCreateUnicastIpAddressEntry 170 Exported Function
InternalDeleteAnycastIpAddressEntry 171 Exported Function
RestoreMediaSense 267 Exported Function
SendARP 268 Exported Function
ResolveIpNetEntry2 265 Exported Function
ResolveNeighbor 266 Exported Function
SetAdapterIpAddress 269 Exported Function
SetDnsSettings 272 Exported Function
SetIfEntry 273 Exported Function
SetCurrentThreadCompartmentId 270 Exported Function
SetCurrentThreadCompartmentScope 271 Exported Function
PfRemoveFilterHandles 259 Exported Function
PfRemoveFiltersFromInterface 260 Exported Function
PfMakeLog 257 Exported Function
PfRebindFilters 258 Exported Function
PfRemoveGlobalFilterFromInterface 261 Exported Function
PfUnBindInterface 264 Exported Function
register_icmp 297 Exported Function
PfSetLogBuffer 262 Exported Function
PfTestPacket 263 Exported Function
SetInterfaceDnsSettings 274 Exported Function
SetPerTcp6ConnectionStats 286 Exported Function
SetPerTcpConnectionEStats 287 Exported Function
SetNetworkInformation 284 Exported Function
SetPerTcp6ConnectionEStats 285 Exported Function
SetPerTcpConnectionStats 288 Exported Function
SetUnicastIpAddressEntry 291 Exported Function
UnenableRouter 292 Exported Function
SetSessionCompartmentId 289 Exported Function
SetTcpEntry 290 Exported Function
SetIpInterfaceEntry 277 Exported Function
SetIpNetEntry 278 Exported Function
SetIpForwardEntry 275 Exported Function
SetIpForwardEntry2 276 Exported Function
SetIpNetEntry2 279 Exported Function
SetIpTTL 282 Exported Function
SetJobCompartmentId 283 Exported Function
SetIpStatistics 280 Exported Function
SetIpStatisticsEx 281 Exported Function
NhGetInterfaceDescriptionFromGuid 233 Exported Function
NhGetInterfaceNameFromDeviceGuid 234 Exported Function
LookupPersistentUdpPortReservation 229 Exported Function
NhGetGuidFromInterfaceName 232 Exported Function
NhGetInterfaceNameFromGuid 235 Exported Function
NotifyCompartmentChange 238 Exported Function
NotifyIfTimestampConfigChange 239 Exported Function
NhpAllocateAndGetInterfaceInfoFromStack 236 Exported Function
NotifyAddrChange 237 Exported Function
InternalSetIpStats 222 Exported Function
InternalSetTcpEntry 223 Exported Function
InternalSetIpNetEntry 220 Exported Function
InternalSetIpNetEntry2 221 Exported Function
InternalSetTeredoPort 224 Exported Function
IpRenewAddress 227 Exported Function
LookupPersistentTcpPortReservation 228 Exported Function
InternalSetUnicastIpAddressEntry 225 Exported Function
IpReleaseAddress 226 Exported Function
NotifyIpInterfaceChange 240 Exported Function
PfAddGlobalFilterToInterface 250 Exported Function
PfBindInterfaceToIndex 252 Exported Function
ParseNetworkString 248 Exported Function
PfAddFiltersToInterface 249 Exported Function
PfBindInterfaceToIPAddress 251 Exported Function
PfDeleteLog 255 Exported Function
PfGetInterfaceStatistics 256 Exported Function
PfCreateInterface 253 Exported Function
PfDeleteInterface 254 Exported Function
NotifyRouteChange2 243 Exported Function
NotifyStableUnicastIpAddressTable 244 Exported Function
NotifyNetworkConnectivityHintChange 241 Exported Function
NotifyRouteChange 242 Exported Function
NotifyTeredoPortChange 245 Exported Function
NTTimeToNTPTime 231 Exported Function
OpenCompartment 247 Exported Function
NotifyUnicastIpAddressChange 246 Exported Function
NTPTimeToNTFileTime 230 Exported Function
GetUnicastIpAddressTable 148 Exported Function
DeleteIPAddress 49 Exported Function
DeleteIpForwardEntry 50 Exported Function
DeleteAnycastIpAddressEntry 47 Exported Function
DeleteCompartment 48 Exported Function
DeleteIpForwardEntry2 51 Exported Function
DeletePersistentTcpPortReservation 54 Exported Function
DeletePersistentUdpPortReservation 55 Exported Function
DeleteIpNetEntry 52 Exported Function
DeleteIpNetEntry2 53 Exported Function
CreateIpNetEntry 40 Exported Function
CreateIpNetEntry2 41 Exported Function
CreateIpForwardEntry 38 Exported Function
CreateIpForwardEntry2 39 Exported Function
CreatePersistentTcpPortReservation 42 Exported Function
CreateSortedAddressPairs 45 Exported Function
CreateUnicastIpAddressEntry 46 Exported Function
CreatePersistentUdpPortReservation 43 Exported Function
CreateProxyArpEntry 44 Exported Function
DeleteProxyArpEntry 56 Exported Function
GetAdapterIndex 66 Exported Function
GetAdapterOrderMap 67 Exported Function
FreeInterfaceDnsSettings 64 Exported Function
FreeMibTable 65 Exported Function
GetAdaptersAddresses 68 Exported Function
GetAnycastIpAddressTable 71 Exported Function
GetBestInterface 72 Exported Function
GetAdaptersInfo 69 Exported Function
GetAnycastIpAddressEntry 70 Exported Function
do_echo_rep 293 Exported Function
do_echo_req 294 Exported Function
DeleteUnicastIpAddressEntry 57 Exported Function
DisableMediaSense 58 Exported Function
EnableRouter 59 Exported Function
FlushIpPathTable 62 Exported Function
FreeDnsSettings 63 Exported Function
FlushIpNetTable 60 Exported Function
FlushIpNetTable2 61 Exported Function
ConvertGuidToStringA 12 Exported Function
ConvertGuidToStringW 13 Exported Function
ConvertCompartmentGuidToId 10 Exported Function
ConvertCompartmentIdToGuid 11 Exported Function
ConvertInterfaceAliasToLuid 14 Exported Function
ConvertInterfaceLuidToAlias 17 Exported Function
ConvertInterfaceLuidToGuid 18 Exported Function
ConvertInterfaceGuidToLuid 15 Exported Function
ConvertInterfaceIndexToLuid 16 Exported Function
AllocateAndGetIpAddrTableFromStack 3 Exported Function
CancelIfTimestampConfigChange 5 Exported Function
AddIPAddress 1 Exported Function
AllocateAndGetInterfaceInfoFromStack 2 Exported Function
CancelIPChangeNotify 4 Exported Function
CloseCompartment 8 Exported Function
CloseGetIPPhysicalInterfaceForDestination 9 Exported Function
CancelMibChangeNotify2 6 Exported Function
CaptureInterfaceHardwareCrossTimestamp 7 Exported Function
ConvertInterfaceLuidToIndex 19 Exported Function
ConvertRemoteInterfaceLuidToGuid 31 Exported Function
ConvertRemoteInterfaceLuidToIndex 32 Exported Function
ConvertRemoteInterfaceIndexToLuid 29 Exported Function
ConvertRemoteInterfaceLuidToAlias 30 Exported Function
ConvertStringToGuidA 33 Exported Function
CreateAnycastIpAddressEntry 36 Exported Function
CreateCompartment 37 Exported Function
ConvertStringToGuidW 34 Exported Function
ConvertStringToInterfacePhysicalAddress 35 Exported Function
ConvertInterfaceNameToLuidA 22 Exported Function
ConvertInterfaceNameToLuidW 23 Exported Function
ConvertInterfaceLuidToNameA 20 Exported Function
ConvertInterfaceLuidToNameW 21 Exported Function
ConvertInterfacePhysicalAddressToLuid 24 Exported Function
ConvertRemoteInterfaceAliasToLuid 27 Exported Function
ConvertRemoteInterfaceGuidToLuid 28 Exported Function
ConvertIpv4MaskToLength 25 Exported Function
ConvertLengthToIpv4Mask 26 Exported Function
GetOwnerModuleFromPidAndInfo 121 Exported Function
GetOwnerModuleFromTcp6Entry 122 Exported Function
GetNetworkParams 119 Exported Function
GetNumberOfInterfaces 120 Exported Function
GetOwnerModuleFromTcpEntry 123 Exported Function
GetPerAdapterInfo 126 Exported Function
GetPerTcp6ConnectionEStats 127 Exported Function
GetOwnerModuleFromUdp6Entry 124 Exported Function
GetOwnerModuleFromUdpEntry 125 Exported Function
GetIpStatisticsEx 112 Exported Function
GetJobCompartmentId 113 Exported Function
GetIpPathTable 110 Exported Function
GetIpStatistics 111 Exported Function
GetMulticastIpAddressEntry 114 Exported Function
GetNetworkConnectivityHintForInterface 117 Exported Function
GetNetworkInformation 118 Exported Function
GetMulticastIpAddressTable 115 Exported Function
GetNetworkConnectivityHint 116 Exported Function
GetPerTcp6ConnectionStats 128 Exported Function
GetTeredoPort 140 Exported Function
GetUdp6Table 141 Exported Function
GetTcpTable 138 Exported Function
GetTcpTable2 139 Exported Function
GetUdpStatistics 142 Exported Function
GetUdpTable 145 Exported Function
GetUnicastIpAddressEntry 147 Exported Function
GetUdpStatisticsEx 143 Exported Function
GetUdpStatisticsEx2 144 Exported Function
GetRTTAndHopCount 131 Exported Function
GetSessionCompartmentId 132 Exported Function
GetPerTcpConnectionEStats 129 Exported Function
GetPerTcpConnectionStats 130 Exported Function
GetTcp6Table 133 Exported Function
GetTcpStatisticsEx 136 Exported Function
GetTcpStatisticsEx2 137 Exported Function
GetTcp6Table2 134 Exported Function
GetTcpStatistics 135 Exported Function
GetIcmpStatisticsEx 84 Exported Function
GetIfEntry 85 Exported Function
GetFriendlyIfIndex 82 Exported Function
GetIcmpStatistics 83 Exported Function
GetIfEntry2 86 Exported Function
GetIfTable 89 Exported Function
GetIfTable2 90 Exported Function
GetIfEntry2Ex 87 Exported Function
GetIfStackTable 88 Exported Function
GetBestRoute2 75 Exported Function
GetCurrentThreadCompartmentId 76 Exported Function
GetBestInterfaceEx 73 Exported Function
GetBestRoute 74 Exported Function
GetCurrentThreadCompartmentScope 77 Exported Function
GetExtendedTcpTable 80 Exported Function
GetExtendedUdpTable 81 Exported Function
GetDefaultCompartmentId 78 Exported Function
GetDnsSettings 79 Exported Function
GetIfTable2Ex 91 Exported Function
GetIpInterfaceEntry 103 Exported Function
GetIpInterfaceTable 104 Exported Function
GetIpForwardTable 101 Exported Function
GetIpForwardTable2 102 Exported Function
GetIpNetEntry2 105 Exported Function
GetIpNetworkConnectionBandwidthEstimates 108 Exported Function
GetIpPathEntry 109 Exported Function
GetIpNetTable 106 Exported Function
GetIpNetTable2 107 Exported Function
GetInterfaceDnsSettings 94 Exported Function
GetInterfaceHardwareTimestampCapabilities 95 Exported Function
GetInterfaceCompartmentId 92 Exported Function
GetInterfaceCurrentTimestampCapabilities 93 Exported Function
GetInterfaceInfo 96 Exported Function
GetIpErrorString 99 Exported Function
GetIpForwardEntry2 100 Exported Function
GetInvertedIfStackTable 97 Exported Function
GetIpAddrTable 98 Exported Function

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: iphlpapi.dll.mui
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/67
  • VirusTotal Link: https://www.virustotal.com/gui/file/4ac5253ac203dc97f4dd0836e675871bc857d91c6944ada2868e701f3d94925b/detection/

Possible Misuse

The following table contains possible examples of IPHLPAPI.DLL being misused. While IPHLPAPI.DLL is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
signature-base apt_codoso.yar $s6 = “iphlpapi.dll” ascii CC BY-NC 4.0
signature-base apt_uboat_rat.yar $s7 = “IPHLPAPI.DLL” ascii CC BY-NC 4.0
signature-base thor-hacktools.yar $s0 = “iphlpapi.DLL” fullword ascii CC BY-NC 4.0

MIT License. Copyright (c) 2020-2021 Strontic.