davclnt.dll

  • File Path: C:\Windows\SysWOW64\davclnt.dll
  • Description: Web DAV Client DLL

Hashes

Type Hash
MD5 58A9B8729FA724BEE2C6EE5EEE710739
SHA1 F491CD0E53F5C32B54B4CFA5DF34651DAB0B6D75
SHA256 A1D7D9E6A8EF7932D2EF13FEE5BD5AB486B2BC5C7ABFEBC1AAB1CDDF744DC7BD
SHA384 139E280AEF2CFA77FA8CEA4C1C3A7415EC0DE32E8EA870774A2681838D151F6C129AD752D6CA320DB7840568B234E187
SHA512 0A4B333175D717AA30ADD366405A041C7B8B9A6F6B7A2AF59B0997C56A41A2E9C703D844434C42BCD560E876F63D0FD1EA4572C63252D374D526B39F8FF9525F
SSDEEP 1536:PRUJnGdY1sHLfMo+IXr2rY0KYoGdnhYO4EClI:PRUVoXHLVLYoGphY7Eh
IMP F83674D5D9D4737C9B314868EE68BA34
PESHA1 97B1602039C4D3515164C76A2104C9F7B0F3A791
PE256 D49C6E09CCED251D178EC52DC7B4924EFFF9F7B1D7CFCB645BF737C3CF809BE3

DLL Exports:

Function Name Ordinal Type
NPEnumResource 16 Exported Function
NPFormatNetworkName 17 Exported Function
NPGetCaps 18 Exported Function
NPAddConnection3 12 Exported Function
NPCancelConnection 14 Exported Function
NPCloseEnum 15 Exported Function
NPGetUniversalName 22 Exported Function
NPGetUser 23 Exported Function
NPOpenEnum 24 Exported Function
NPGetConnection 19 Exported Function
NPGetResourceInformation 20 Exported Function
NPGetResourceParent 21 Exported Function
DavGetTheLockOwnerOfTheFile 4 Exported Function
DavInvalidateCache 5 Exported Function
DavRegisterAuthCallback 6 Exported Function
DavCancelConnectionsToServer 1 Exported Function
DavFreeUsedDiskSpace 2 Exported Function
DavGetDiskSpaceUsage 3 Exported Function
DllGetClassObject 10 Exported Function
DllMain 11 Exported Function
NPAddConnection 13 Exported Function
DavSetCookieW 7 Exported Function
DavUnregisterAuthCallback 8 Exported Function
DllCanUnloadNow 9 Exported Function

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: davclnt.dll
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 0/69
  • VirusTotal Link: https://www.virustotal.com/gui/file/a1d7d9e6a8ef7932d2ef13fee5bd5ab486b2bc5c7abfebc1aab1cddf744dc7bd/detection/

Possible Misuse

The following table contains possible examples of davclnt.dll being misused. While davclnt.dll is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma proc_creation_win_susp_webdav_client_execution.yml description: A General detection for svchost.exe spawning rundll32.exe with command arguments like C:\windows\system32\davclnt.dll,DavSetCookie. This could be an indicator of exfiltration or use of WebDav to launch code (hosted on WebDav Server). DRL 1.0
sigma proc_creation_win_susp_webdav_client_execution.yml CommandLine\|contains: 'C:\windows\system32\davclnt.dll,DavSetCookie' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.