rundll32[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

rundll32.exe
Size

60KB
MD5

4f3058a09d9a3c5ca953a10aa419b439
SHA1

2184344c5ca395366e0b1a1528829bfb25c8af57
SHA256

0b60128008ec332097494b7f4552c52537f789a4591a7667b31cd83b10f6f9fd
SHA512

34232cff30fbf9c7326ee1062bafa9a339094ff32b3dbf760b7b3125329334a8f9acdb0b9f5fbac1f1f10be6eff1aefde09a052856d5519973a5d7d500a0f2db
SSDEEP

1536:A9y04CTdiHQKrFHm+cRVln5IUmDjoX6+:ApsHprFGPRVln5I

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
rundll32.exe

Files

rundll32.exe
.exe windows:10 windows x86 arch:x86

30b6d4aa5b2b125b0abca749b5d12b3a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

rundll32.pdb

Imports

msvcrt

__set_app_type
__wgetmainargs
__dllonexit
exit
?terminate@@YAXXZ
_amsg_exit
_controlfp
_except_handler4_common
_exit
_cexit
__p__fmode
__p__commode
_vsnwprintf
_unlock
_lock
__setusermatherr
_initterm
_wcmdln
_onexit
_XcptFilter
free
_purecall
_wtoi
memcpy_s
__CxxFrameHandler3
_callnewh
malloc
memset

api-ms-win-core-com-l1-1-0

CoReleaseServerProcess
CoInitializeEx
CoResumeClassObjects
CoInitializeSecurity
CoCreateInstance
CoRegisterClassObject
CoWaitForMultipleHandles
CoUninitialize
CoRevokeClassObject
CLSIDFromString
CoAddRefServerProcess

api-ms-win-core-file-l1-1-0

SetFilePointer
ReadFile
GetFileAttributesW
CreateFileW

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetProcAddress
GetModuleFileNameA
LoadLibraryExW
FreeLibrary
LoadStringW
GetModuleHandleExW

api-ms-win-core-wow64-l1-1-1

GetSystemWow64Directory2W
IsWow64Process2

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
ReleaseMutex
CreateEventW
ReleaseSRWLockShared
CreateSemaphoreExW
ReleaseSRWLockExclusive
AcquireSRWLockShared
SetEvent
CreateMutexExW
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
ReleaseSemaphore

api-ms-win-core-heap-l1-1-0

HeapSetInformation
GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetErrorMode
SetLastError
GetLastError

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
SearchPathW

api-ms-win-core-processthreads-l1-1-0

CreateProcessW
GetCurrentThreadId
GetStartupInfoW
TerminateProcess
GetCurrentProcessId
ExitProcess
GetCurrentProcess

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemDirectoryW
GetTickCount

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError

api-ms-win-core-processthreads-l1-1-1

SetProcessMitigationPolicy

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-console-l1-2-0

AttachConsole
FreeConsole

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-path-l1-1-0

PathCchAppend

api-ms-win-core-console-l1-1-0

WriteConsoleW

api-ms-win-core-string-l1-1-0

CompareStringW
WideCharToMultiByte

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-kernel32-private-l1-1-0

Wow64EnableWow64FsRedirection

api-ms-win-core-sidebyside-l1-1-0

DeactivateActCtx
ReleaseActCtx
CreateActCtxW
ActivateActCtx
QueryActCtxW

api-ms-win-downlevel-shlwapi-l1-1-0

PathIsRelativeW

api-ms-win-downlevel-shlwapi-l2-1-0

SHSetThreadRef

imagehlp

ImageDirectoryEntryToData

ntdll

NtSetInformationToken
NtOpenProcessToken
RtlNtStatusToDosError
NtQueryInformationToken
RtlSetSearchPathMode
NtSetInformationProcess
RtlWow64IsWowGuestMachineSupported
RtlImageNtHeader
NtQuerySystemInformation
NtClose

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

30b6d4aa5b2b125b0abca749b5d12b3a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-com-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-wow64-l1-1-1

api-ms-win-core-synch-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-localization-l1-2-0

api-ms-win-core-console-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-path-l1-1-0

api-ms-win-core-console-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-kernel32-private-l1-1-0

api-ms-win-core-sidebyside-l1-1-0

api-ms-win-downlevel-shlwapi-l1-1-0

api-ms-win-downlevel-shlwapi-l2-1-0

imagehlp

ntdll

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

api-ms-win-core-apiquery-l1-1-0

Sections

.text Size: 24KB - Virtual size: 24KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 5KB - Virtual size: 5KB

.didat Size: 512B - Virtual size: 136B

.rsrc Size: 26KB - Virtual size: 25KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 24KB - Virtual size: 24KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 5KB - Virtual size: 5KB

.didat
Size: 512B - Virtual size: 136B

.rsrc
Size: 26KB - Virtual size: 25KB

.reloc
Size: 2KB - Virtual size: 1KB