» rundll32.exe
Overview
Analysis
File Details
Downloads (13)

rundll32.exe

Sistema Operacional Microsoft Windows

Microsoft Corporation

Rundll allows various libraries (DLL files) to be loaded as a process by allowing the operating system to invoke a function exported from a DLL. This is a setup program which is used to install the application. It is installed as part of Windows 8. The file has been seen being downloaded from dl-mail.ymail.com and multiple other hosts.

File name:

rundll32.exe

Publisher:

Microsoft Corporation

Product:

Sistema Operacional Microsoft® Windows®

Description:

Processo de host do Windows (Rundll32)

Part of the Windows 8 Operating System

Version:

6.2.9200.16384 (win8_rtm.120725-1247)

MD5:

224f6b374852153c8c24bed141ae3a20

SHA-1:

e267a1a7dae5702e18ebdd0d451578a50df5abca

SHA-256:

9f73b0e980df0aea1ca13a3418db2434ab8e3c56e97f150a5fd62489583a9d20

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)
Whitelisted (by digital signature)

Analysis date:

11/24/2024 7:39:54 PM UTC (today)

File size:

47.5 KB (48,640 bytes)

Product version:

6.2.9200.16384

Original file name:

RUNDLL32.EXE.MUI

File type:

Executable application (Win32 EXE)

Language:

Brazilian Portuguese

Common path:

C:\windows\syswow64\rundll32.exe

File PE Metadata

Compilation timestamp:

7/25/2012 10:33:02 PM

OS version:

6.2

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.10

CTPH (ssdeep):

768:SZ7eEq5sERki1NbG3pSyd7RKbSEln5IyYpamDjobj8S:uI5hRki1ej7RKln5IUmDjoX

Entry address:

0x16C6

Entry point:

E8, 7E, FF, FF, FF, 6A, 58, 68, E8, 17, 40, 00, E8, 15, 03, 00, 00, 33, DB, 89, 5D, E4, 89, 5D, FC, 8D, 45, 98, 50, FF, 15, 88, 60, 40, 00, C7, 45, FC, FE, FF, FF, FF, C7, 45, FC, 01, 00, 00, 00, 64, A1, 18, 00, 00, 00, 8B, 78, 04, 8B, F3, 53, 57, 68, C8, 50, 40, 00, FF, 15, 8C, 60, 40, 00, 85, C0, 0F, 85, 33, 01, 00, 00, 33, FF, 47, 39, 3D, A8, 50, 40, 00, 0F, 84, 42, 01, 00, 00, 39, 1D, A8, 50, 40, 00, 0F, 85, A4, FB, FF, FF, 89, 3D, A8, 50, 40, 00, 68, E0, 17, 40, 00, 68, D4, 17, 40, 00, E8, 56, FF, FF... 
[+]

Code size:

13.5 KB (13,824 bytes)

The file rundll32.exe has been seen being distributed by the following 13 URLs.

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-RlqM4Wp595daBi7_I3AQCnCsAs-GMax_GVI_G1MBGkgJSTWan0Ff7kEvakj1-dgK-OZtZrw2rULBXQ-scIJXZQ/messages/@.id==AELuw0MAF1t_WGuGIwHsMAhOaUI/content/parts/@.id==2/raw?appid=YahooMailNeo&ymreqid=2dce5e2d-4124-d0c0-01d8-130074010000&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBaMhJUaq9ajYALXxcRyf3r9pd-6xfgEr-VcsC_vdT3lfJp5IjMkrQyexzYboiQKVew6y0cZDZK87O4GU8LnZAz6&error=https://mg.mail.yahoo.com/.../iframemsg?id=d8270942-3f64-91cc-5c1f-cde3e0d390fc

https://mg.mail.yahoo.com/.../download?m=YaDownload&mid=2_0_0_3_11277_AL1K2kIAAAKhVYKUrQbSGMxKSvs&fid=Draft&pid=2&clean=0&appid=YahooMailNeo

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-1isg-TPDFbOkZKFzRyRi6V9DbMfGMfDaquoMqpC1Xr1GiQPQApnNXbxnvaNN1d6H-OZtZrw2rULBXQ-scIJXZQ/messages/@.id==AOtJyAoAAEYvVtb2QgBV8LxJKmU/content/parts/@.id==2/raw?appid=YahooMailNeo&ymreqid=b0bdbec2-0b70-5f40-015d-d00062010000&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBaeBNVM4em6tIm3gf2sd_TQBsXHoN7pYa9LXivVXxsyIA&error=https://xa-mg42.mail.yahoo.com/.../iframemsg?id=d0ec1cbc-08a6-60dc-91b7-cfacda6395a7

https://mega.nz/temporary/.../OVBGVAzR

https://mg.mail.yahoo.com/.../download?m=YaDownload&mid=2_0_0_3_6241_AJd2imIAAA8DVC4l3wa2wHM4rxI&fid=Draft&pid=2&clean=0&appid=YahooMailNeo

https://f1mail.rediff.com/bn/.../rundll32.exe

https://www.nexus.uanl.mx/App/Curso/.../wfDownload.aspx?Unidad=F:-Contenedor_411-&RecursoNombre=rundll32&ArchivoAnterior=278551_06-09-2015_02-05-07_7.exe

https://onedrive.live.com/download.aspx?cid=0B6C5E29B615CA5A&resid=B6C5E29B615CA5A!2188&canary=7yaqBmU8Q3H72u446FPxDsSyLlzHQXov1nl5ipriWRM=5&ithint=.exe

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==MjEzMzg0Mzk1NiAxMjQ3ODcgMTI0NyBkcnRvbnllYmVyZUB5YWhvby5jb20/messages/@.id==AMu-imIAACgZVkshAAZJYKUOtYc/content/parts/.../raw?appid=YahooMailNeo&token=78ORuD2vCtKTeeXtR3BPBQv6Jhm9QmXlccwWcTFpYnUODlI2edri2KfI7nhYarSx_tmbZU_QP6bd5QzJLzvu9w&ymreqid=dbd7f640-8d28-11e5-c000-3a1ae19309b7

http://poczta.o2.pl/?cmd=getpart&link=gBSmgWkl43JUb17qSAtPzbaOTORO2OtLTPwNDNRhWaZjSMeP3OxPTPZeDOsc2OtPTPZejNZM2OtLzcacjNRbDOJ8jNZjTMJ8DbadiMs8CMskwAikHAtbmbYIDbwOmLUeQZk

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-VtVvzcc_Gq5POfOQp3FbtE_DYSG-M2bQDbUktPJSrhF0tWU1wV2-BAX-viX5Tp0MpXSQPIt7834jXjyRXCwNNg/messages/@.id==AFOvCmoAACVoVvFL0wIumHIAG5o/content/parts/@.id==2/raw?appid=YahooMailNeo&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBYiIijv6Gqh7NOeHf9pt0NaBWrNGyUZZlINANNX07C1Jg&error=https://mg.mail.yahoo.com/.../iframemsg?id=2d9787f5-7685-c72e-4de2-d61897440a1f&ymreqid=91390310-4b04-fda9-01b6-b9004c010000

http://www.nexus.uanl.mx/App/Curso/.../wfDownload.aspx?Unidad=H:-Contenedores-Contenedor_389-&RecursoNombre=rundll32&ArchivoAnterior=275512_19-08-2015_05-37-50_2.exe

https://doc-0k-18-docs.googleusercontent.com/docs/securesc/uun0gshgjm6pfc9vs2heitnfrp1i6sv3/25488iquo7dtkjsvsu0l55sg8pshmr9j/1449482400000/.../10231255790301034756/0B1OTkaQrAhIMQUtjOHE3ei1uX1E?e=download

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.