Rundll32.exe

The file name Rundll32.exe has cropped up numerous times in relation to security concerns and threats. Before we go any further, however, we should make one thing very clear.

Rundll32.exe is a legitimate Windows file. It has been a component of the Windows operating system for years and has been included as part of every legitimate Windows install for a long time.

Rundll32.exe, the legitimate instance of the file, is used by Windows to load DLL files that contain shared application logic and functions.

However, Rundll32 is also one of the most commonly spoofed and hijacked files, just because it is an integral component of the Windows OS. There are a number of malicious applications, including at least one known instance of a cryptominer malware,

that are deployed on victim systems using that exact same name.

The threats that may be distributed under the name Rundll32.exe are more than one and can be very different in their mode of operation. This makes the file particularly sensitive and difficult to determine if it's legitimate or not without the use of anti-malware software.

By Zaib
June 15, 2022
June 15, 2022