davclnt.dll

  • File Path: C:\Windows\system32\davclnt.dll
  • Description: Web DAV Client DLL

Hashes

Type Hash
MD5 0EA3050E7CC710526E330C413C165DA0
SHA1 38F4AF0CDE05D2A3DED9A79748C93B0EE5682D4F
SHA256 54D1F31AAA5683F8E4BCF2CCEA4BE09E772EF5E812DA3DDCAFC91365CB1DFE8D
SHA384 037AE6099885AAD3708FEBB4F54E22702F243A585DE702E3925CF9CB6519DC57D026D91FCBB707318A7076EC4EF0F4A1
SHA512 060A9780D751F9D7A2AAF992F00B7453224CA89A1748934E4EE797377E7816754BEC7C56A0D24D65A59CEBEA1D9A9EEBF43E6AF06E473711F0BFF80EAD55B888
SSDEEP 1536:pz5LlO/zxV37m7KmCkyDyCdWPmG/+EPDlcBJ6LdYar/nh7IO:p9LKD3SCkIy0WPmG/ZPZQS3rPh7I
IMP 658F6A79468A317865A20E521DB5186A
PESHA1 EF785C49BE386ADC90E3A0F0A5C48AA5BAEB02B0
PE256 B216B132277E4879D84829ABE1B90E68E18CBBF1F02524E74E10DB593F22334C

DLL Exports:

Function Name Ordinal Type
NPEnumResource 16 Exported Function
NPFormatNetworkName 17 Exported Function
NPGetCaps 18 Exported Function
NPAddConnection3 13 Exported Function
NPCancelConnection 14 Exported Function
NPCloseEnum 15 Exported Function
NPGetUniversalName 22 Exported Function
NPGetUser 23 Exported Function
NPOpenEnum 24 Exported Function
NPGetConnection 19 Exported Function
NPGetResourceInformation 20 Exported Function
NPGetResourceParent 21 Exported Function
DavGetTheLockOwnerOfTheFile 4 Exported Function
DavInvalidateCache 5 Exported Function
DavRegisterAuthCallback 6 Exported Function
DavCancelConnectionsToServer 1 Exported Function
DavFreeUsedDiskSpace 2 Exported Function
DavGetDiskSpaceUsage 3 Exported Function
DllGetClassObject 10 Exported Function
DllMain 11 Exported Function
NPAddConnection 12 Exported Function
DavSetCookieW 7 Exported Function
DavUnregisterAuthCallback 8 Exported Function
DllCanUnloadNow 9 Exported Function

Signature

  • Status: Signature verified.
  • Serial: 330000026551AE1BBD005CBFBD000000000265
  • Thumbprint: E168609353F30FF2373157B4EB8CD519D07A2BFF
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: davclnt.dll
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/67
  • VirusTotal Link: https://www.virustotal.com/gui/file/54d1f31aaa5683f8e4bcf2ccea4be09e772ef5e812da3ddcafc91365cb1dfe8d/detection/

Possible Misuse

The following table contains possible examples of davclnt.dll being misused. While davclnt.dll is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma proc_creation_win_susp_webdav_client_execution.yml description: A General detection for svchost.exe spawning rundll32.exe with command arguments like C:\windows\system32\davclnt.dll,DavSetCookie. This could be an indicator of exfiltration or use of WebDav to launch code (hosted on WebDav Server). DRL 1.0
sigma proc_creation_win_susp_webdav_client_execution.yml CommandLine\|contains: 'C:\windows\system32\davclnt.dll,DavSetCookie' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.