» rundll32.exe
Overview
Analysis
File Details
Downloads (146)

rundll32.exe

Windows host process (Rundll32)

Microsoft Corporation

Rundll allows various libraries (DLL files) to be loaded as a process by allowing the operating system to invoke a function exported from a DLL. It is included with the Windows 7 OS. The file has been seen being downloaded from dl-mail.ymail.com and multiple other hosts.

File name:

rundll32.exe

Publisher:

Microsoft Corporation

Product:

Microsoft® Windows® Operating System

Description:

Windows host process (Rundll32)

Part of the Windows 7 Operating System

Version:

6.1.7600.16385 (win7_rtm.090713-1255)

MD5:

51138beea3e2c21ec44d0932c71762a8

SHA-1:

8939cf35447b22dd2c6e6f443446acc1bf986d58

SHA-256:

5ad3c37e6f2b9db3ee8b5aeedc474645de90c66e3d95f8620c48102f1eba4124

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)
Whitelisted (by digital signature)

Analysis date:

11/23/2024 6:07:34 AM UTC (today)

File size:

43.5 KB (44,544 bytes)

Product version:

6.1.7600.16385

Original file name:

RUNDLL32.EXE.MUI

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\windows\syswow64\rundll32.exe

File PE Metadata

Compilation timestamp:

7/13/2009 4:41:43 PM

OS version:

6.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

768:mD+ellQvZSazSRqbSEln5IyYpamDjobj8SpM:E+QWvZhSRqln5IUmDjoXV

Entry address:

0x178C

Entry point:

E8, 02, FE, FF, FF, 6A, 5C, 68, A0, 18, 00, 01, E8, 6F, 06, 00, 00, 33, DB, 89, 5D, E4, 89, 5D, FC, 8D, 45, 94, 50, FF, 15, 7C, 10, 00, 01, C7, 45, FC, FE, FF, FF, FF, C7, 45, FC, 01, 00, 00, 00, 64, A1, 18, 00, 00, 00, 8B, 70, 04, 89, 5D, E0, BF, 68, 50, 00, 01, 53, 56, 57, FF, 15, 70, 10, 00, 01, 3B, C3, 0F, 85, 24, 01, 00, 00, 33, F6, 46, A1, 64, 50, 00, 01, 3B, C6, 0F, 84, 33, 01, 00, 00, A1, 64, 50, 00, 01, 85, C0, 0F, 85, 24, 0B, 00, 00, 89, 35, 64, 50, 00, 01, 68, 9C, 18, 00, 01, 68, 90, 18, 00, 01... 
[+]

Entropy:

6.0567

Code size:

14.5 KB (14,848 bytes)

The file rundll32.exe has been seen being distributed by the following 50 URLs.

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-N-iLnfEoLry7N7MB9qQXdjRcBMY5EEfTtjI6bEPcXrShIohQReEaPhNNKv005y8H/messages/@.id==ALIM3QoAACNSWKdK6wajOBybKrA/content/parts/@.id==2/raw?appid=YahooMailNeo&ymreqid=e23b0c7b-72a0-f6a8-019c-c70006010000&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBZcWee2ocBUnKhZyWj_pNLyR05u_NAp0VxiTQC3Hw81xLXlUq9GH-ZdrRTIteUJK3wGYHG5zZROOYeWZBW-NzAx&error=https://mg.mail.yahoo.com/.../iframemsg?id=319b21f2-a8ce-d7e3-0c05-df7d71b3b633

https://mg.mail.yahoo.com/ya/.../2Tgl14NAVmzc&fid=Draft&pid=2&clean=0&appid=YahooMailNeo

https://cp.sync.com/temporary/.../btFILE-60:51b40e6713bfde06e0475788c1127460=============================

https://onedrive.live.com/.../Rhe3cDAdaX WC4Ox SkQPo=2&ithint=.exe

http://download1212.mediafire.com/7oyqqa65ikkg/.../rundll32.exe

https://mg.mail.yahoo.com/ya/.../8&fid=Draft&pid=2&clean=0&appid=YahooMailNeo

https://mg.mail.yahoo.com/.../download?m=YaDownload&mid=2_0_0_3_2904_ADuvCmoAAKIPVhNsKAPIwJjPPIo&fid=Draft&pid=2&clean=0&appid=YahooMailNeo

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-pl6Y-hqbs50_hs0IJvygbCA_ikMAxEXt4AFVIbFHFb5PsMUA87trKI9lvVXBIde4/messages/@.id==ADSvCmoAAB60WCmRhgxcEAUvTZE/content/parts/@.id==2/raw?appid=YahooMailNeo&ymreqid=3c41ffb9-5fe2-da66-019e-d001b8010000&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBbBG8ImVq4UMm3c7Fv1u5IKcC3_P5r6f8TGmG4sWZfzRx_o7-Aim5V8paFii3fpe0j45m1mvDatQsFdD6xwgldl&error=https://mg.mail.yahoo.com/.../iframemsg?id=409bf973-1349-bf64-1105-602bf9cf7203

https://drive.google.com/a/.../uc?id=0B76e0BDJp1sERTRhTENoZmlwb1E&export=download

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-EeZaw8sRRXlq-_LgmcYPcLQfsy6Wpvb8ys13Ax4kaN5vRQ1K6Lf3QwYYmLxWQk7i/messages/@.id==AIuti2IAAYLJWE9U5AjCMDF-K-o/content/parts/@.id==2/raw?appid=YahooMailNeo&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBZVsDMVveeFOwx4G7r-mX1V7Rzr8V7KjUp5rCg6hlF0ouys1hvjXLtc8ZMmZzQqx0WldJA8i3vzfiNePJFcLA02&error=https://mg.mail.yahoo.com/.../iframemsg?id=68101177-8bb4-35b9-c91b-68454561f33c&ymreqid=41b58c76-90dc-cccd-01cc-5b001a010000

https://mail.google.com/mail/u/.../?ui=2&ik=96580cf4b8&view=att&th=142bded5d8b80dec&attid=0.3&disp=safe&realattid=f_hosne8tz2&zw

https://doc-04-64-docs.googleusercontent.com/docs/securesc/a0cfedi1fdidmf06s5rml7vto0u92ei5/i6ch9p03d0et3ebqjtteveee3te0hcsn/1486828800000/.../15174564432024194814/0BxaUAD0-6VTnRmtQWU1lNlAyeGM?e=download

https://onedrive.live.com/download.aspx?cid=72D0C236CD60C070&resid=72D0C236CD60C070!296&canary=d4P5xVoD4xWaMaHo9JzT N z1XxFN8nIcenJu4b5EE4=7&ithint=.exe

https://mega.nz/temporary/.../Zk1EGKpK

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-wFR2W4vIaZuQFkkLFbxO5TKfZZWGgsmSQxnuP28XVoe1UV6M3SS4-n62jvAIMJ7R/messages/@.id==ALd2imIADD8-WCqWiwLOwEXqiko/content/parts/@.id==2/raw?appid=YahooMailNeo&ymreqid=2318ca88-d965-8718-010b-b4002d010000&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBbsHt0n_3uWD_G_vFdpZNUTCxyo8hPCyBaRoKlOrNJT17yNQ9xK7YStTm2KqXR3IfsGYHG5zZROOYeWZBW-NzAx&error=https://mg.mail.yahoo.com/.../iframemsg?id=700f58ed-1f7d-b5d1-b9a3-2c94621ea276

http://202.29.211.28/eoffice3/.../37840011759.exe

http://download1212.mediafire.com/uqwx63x8n9dg/.../rundll32.exe

http://download1904.mediafire.com/126dcjg3oung/.../rundll32.exe

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-LE-BIzA27u00KG0whxOBsk03G_jAz1L91Ff2m3BM3JlN8se6yePZEDISoVhHDPMeGl2LEeEb8L4Fd0GBJs5fOA/messages/@.id==AFu_imIAAAMMVwCWqgu4ADKEOmg/content/parts/@.id==3/raw?appid=YahooMailNeo&ymreqid=192fdaa3-48ba-95da-01c6-900023010000&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBZk4knWl_LBVOxtIRtBAeO9Lrc1cwMkC04RNcuTeoD40A&error=https://us-mg5.mail.yahoo.com/.../iframemsg?id=8f6b708f-8f1a-eedc-0b68-5fd4a083b397

https://mg.mail.yahoo.com/.../download?m=YaDownload&mid=2_0_0_1_250678_AOFK2kIAAJNCVi8VeQqmkAAii0Q&fid=Inbox&pid=2&clean=0&appid=YahooMailNeo&ymreqid=d6f85947-83be-0dec-0180-f30060010000

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-SP6qM5a_CE8L898H5LFslMAhdOYZbhrHl0CJdSMLASzq-qRT7-UVAkSdb8WNUYPpyqtsdt-jko-uK0ko8KHOrw/messages/@.id==AMy-imIAA1ewV5QgIgk3YJETUI4/content/parts/@.id==2/raw?appid=YahooMailNeo&ymreqid=285d4c92-63c1-fab1-0106-190031010000&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBZi1wkYXx-TWisCaDNiqfAY5ZbE_cF9gB9A2TSm5APqCg&error=https://us-mg5.mail.yahoo.com/.../iframemsg?id=bb5e189e-01f9-db84-9e7c-50b23a96ccc2

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-yMUmHPTaO_7qrxkeXTMsmBB4bJBlzpJlLubqqqYJ7euFsFRuMd7G1tvLRENOdbPuv9ISPQQr86Bpht4Xk1tqLA/messages/@.id==AMbmjkQAAkGpV7kWyw2kMASFFYw/content/parts/@.id==2/raw?appid=YahooMailNeo&ymreqid=866da3ee-44b7-2b10-0103-650033010000&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBYkq1Gu9iSK9yj9VxuCK3UrjhysIADT8zFYGCz-fXahCjrLRxkNkrzs7gZTwudkDPo&error=https://us-mg6.mail.yahoo.com/.../iframemsg?id=44f05312-8af8-fde7-5565-889df803e030

https://onedrive.live.com/download.aspx?cid=6F071B3466A6EB4E&resid=6F071B3466A6EB4E!107&canary=A26TvFn5dlTrKdDMeVxKBrT 7Eo18tuSIMA8 Y9JC7I=9

https://mg.mail.yahoo.com/ya/download?m=YaDownload&mid=2_0_0_1_4518715_ACHsw0MAAA/.../g4&fid=Inbox&pid=3&clean=0&appid=YahooMailNeo

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-bxYlTqeUmpVhIyeiH0dFZELI2uw9mY1BCNMDSWc9R8CsAM0HuiosO_ML3707vCAg1B4IMMjRV1Y1VJhk5y1llQ/messages/@.id==AMhLyAoAAC5PV_T7uwuwMIoU_bU/content/parts/@.id==2/raw?appid=YahooMailNeo&ymreqid=1232bdcd-1785-29e4-014d-9c0098010000&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBaETfyu6-I1jSCktwJYS32HbDovEpQ80NSeFfjRi9FDNTx1l0atb_68xBxY5_giKrl-5K_Z3Jgows4ASgeuYpZY&error=https://fr-mg42.mail.yahoo.com/.../iframemsg?id=df306753-dfcc-8e75-ef69-dc2320d044d1

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-OemMEQkQjc3MBgDOF23-r6idUP7NV_9BhdvKQg30cgSnmoDJduAyEj4IMGg7DQ7lQv4c4iUXZ0n8-D-n3jtmIQ/messages/@.id==AI6_imIAAZ-6V0cWyAK7OJfB3VU/content/parts/@.id==2/raw?appid=YahooMailNeo&ymreqid=2cae2a89-c851-24e3-01dd-150036010000&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBb0NJjERw09m7JGCXplF2IimmiLLyB1AmFWH9Wso-tRyw&error=https://br-mg5.mail.yahoo.com/.../iframemsg?id=87182638-2ff4-6f32-bc84-8b37ce77f3e6

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-SCoVPEpOZEZom_AVATIbVjSw85_R2W62xv69CoWsNol-3uFXeTvzEWYVmE9GSNj5zPRXZkKy58xUrDbqkPgDWg/messages/@.id==AAqC8QoAADvLV-NdCQ6iGIOF3Gk/content/parts/@.id==2/raw?appid=YahooMailNeo&ymreqid=fa3bd6ae-7caf-8ef7-01bc-4b0014010000&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBZIjYx_tU8Byp72KHpRIJVOYoh-BbmbZwLMKYDjfgfXuHh3HaeuEs-Jvg574ngc2o8ERiQ0gk5DTVqgS6j4R6e8&error=https://mg.mail.yahoo.com/.../iframemsg?id=eae8ea89-7eb2-b521-555f-51a194a81e90

https://mg.mail.yahoo.com/.../download?m=YaDownload&mid=2_0_0_3_135908_AMVhUtQAA2MqVlXmIwJdeNNg2Qk&fid=Draft&pid=2&clean=0&appid=YahooMailNeo

https://mail.google.com/mail/ca/u/.../?ui=2&ik=6b92960b29&view=att&th=13ff4d9aefdcc7c2&attid=0.1&disp=safe&realattid=f_hjasnpgg0&zw

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-I2onBgejEG5Z-toa2CsKwFdO8D1mHhxjpjied75Hh-DfZUIYeuqXu8aZAZ8BCneh8I10yG9RzE87bHtvbUzF5w/messages/@.id==AMJhUtQAAo12V8P1YQNu6HKLsFk/content/parts/@.id==2/raw?appid=YahooMailNeo&ymreqid=dcd26dcf-99aa-c20d-01b2-b3001f010000&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBYaMtnL51dlPBm11xkSJ6IJi8FtLafHZK5fhgMyIn2DMKtgezLTFbuWDfCaMFLPdGs&error=https://fr-mg42.mail.yahoo.com/.../iframemsg?id=c0cc5904-4ab4-c911-919d-1b4ef9785950

Latest 30 of 146 download URLs

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.