home

rundll32.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from doc-0c-8c-docs.googleusercontent.com and multiple other hosts.
MD5:
573e8fca6330d1d1313c6a14c6a27d36

SHA-1:
898908cce29936a5bc947f7ea4259047a56be072

SHA-256:
f5d5eb39f883f80b75fcb1f1d59926d79c7c4c87481511a3a6056b1dbbca9484

Scanner detections:
2 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
12/27/2024 4:40:14 PM UTC  (today)

Scan engine
Detection
Engine version

Microsoft Security Essentials
HackTool:Win32/Patcher
1.1.12505.0

Zillya! Antivirus
Adware.Eorezo.Win32.20498
2.0.0.2720

File size:
6.3 MB (6,637,870 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\windows\syswow64\rundll32.exe

File PE Metadata
OS bitness:
Win64

CTPH (ssdeep):
98304:iipfqK6quFyVvsXc03y7l0eXVwmwiiJiN0TSMk8twgahL6JyCzCtOhrwEZiw:iimqVvsMxl0eXVwmjGTJEFZEyQKyViw

Entry point:
52, 61, 72, 21, 1A, 07, 00, CF, 90, 73, 00, 00, 0D, 00, 00, 00, 00, 00, 00, 00, 36, DE, 7A, 00, 80, 23, 00, 93, 00, 00, 00, BA, 00, 00, 00, 02, 58, 6C, EF, EE, 18, AD, 77, 47, 1D, 33, 03, 00, 01, 00, 00, 00, 43, 4D, 54, 08, 11, 15, 4C, BD, 94, 0D, 75, B5, 07, 6A, 7C, 06, 95, 8A, 8D, 48, A8, A2, D0, D0, B4, 2C, 05, 41, F8, 95, E8, F8, 03, E3, 64, FF, D8, 13, B3, C0, 84, 0D, 92, 55, 3E, 23, 81, CD, D3, 9B, CD, DD, FA, 4C, B3, 28, C3, 0C, C3, 33, E3, 31, 07, 4D, F3, 8C, F4, 37, 4E, B3, CC, DB, 3B, 0D, 63, 94...
 
[+]

Entropy:
7.9994  (probably packed)

The file rundll32.exe has been seen being distributed by the following 2 URLs.

https://doc-0c-8c-docs.googleusercontent.com/docs/securesc/h85fprq6o92mnjin0thcs1ab032kj92t/s01vjs4al01abmd3iv1rigdpt5q2l37n/1473127200000/03053904304837029930/.../0B1ULR5v29fDGV2F0WTVabTRzdlk?e=download&nonce=etpbfj50aj81g&user=03665147975868162948&hash=svd0n8rktufmbhomngba6a9bf51ubruu

https://doc-00-2o-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/q0qblj1q05618u8jcfvaek7iga8finle/1464357600000/03053904304837029930/.../0B1ULR5v29fDGV2F0WTVabTRzdlk?e=download

Scan rundll32.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.