rundll32.exe
Windows host process (Rundll32) by Microsoft
This is a Windows system installed file with Windows File Protection (WFP) enabled.
Overview
rundll32.exe has 21 known versions, the most recent one is 6.3.9600.16384 (winblue_rtm.130821-1623). rundll32.exe is run as a standard windows process with the logged in user's account privileges. By adding a startup entry to the run registry key, the file will be executed when the user logs into Windows. The average file size is about 40.26 KB. The programs ASUS Security Protect Manager, Musicmatch® Jukebox and Crystal Reports ActiveX have been observed as installing specific variations of rundll32.exe. During the process's lifecycle, the typical CPU resource utilization is less than 0.01%, the average private memory consumption is about 11.49 MB with the maximum memory reaching around 12.16 MB. Addionally, typically read and write I/O disk operations is about 34.21 KB per minute for reads and 46.91 KB per minute for writes.
 Details
|
| File name: | rundll32.exe |
| Publisher: | Microsoft Corporation |
| Product name: | Windows host process (Rundll32) |
| Description: | Microsoft® Windows® Operating System |
| Typical file path: | C:\Windows\System32\rundll32.exe |
| Original name: | RUNDLL32.EXE.MUI |
Programs installed in
(Note, the programs listed below are for all versions of Windows host process (Rundll32).)
ASUS Security Protect Manager increases system security through the use of Multifactor AuthenticationPolicy. A system administrator can assign multifactor authentication policies to other users and ad...
“Mail Merge Toolkit is a powerful add-in for Microsoft Office 2002 (XP), 2003, 2007, 2010 and 2013 designed to extend the mail merging capabilities in Microsoft Outlook, Microsoft Word and Microsoft Pu...”
|
MicroVideo Software Corp. |
|
“With Micro Video Capture, you can record video and image from webcam, TV tuner card, digital camera and other capture devices in real time, and all captured video files can be saved as AVI format by u...”
The Jukebox has a skinnable, graphical interface and allows users to manage a catalogue of digital music, as well as CD and stream-based audio. It has a fairly advanced AutoDJ but has been noted as ha...
Behaviors
(Note, the behaviors below are for all versions of rundll32.exe, select a unique version for details.)
Autoplay handlers
Runs under the registry key 'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers'
- Handler name 'WinampMTPHandler'
- Handler name 'PStarterVideoFilesArrival'
- Handler name 'PStarterPicturesArrival'
- Handler name 'PStarterMusicFilesArrival'
- Handler name 'PStarterMixedCDArrival'
- Handler name 'PStarterDVDBurningOnArrival'
- Handler name 'PStarterBlankCDArrival'
- Handler name 'Power2GoPlayCDAudioOnArrival'
- Handler name 'PDirDVArrival'
- Handler name 'P2GDVDBurningOnArrival'
- Handler name 'P2GCDBurningOnArrival'
- Handler name 'muveeVideoOnArrival'
- Handler name 'muveeVideoCameraArrivalCaptureWizard'
- Handler name 'MSShowPicturesOnArrival'
- Handler name 'MSSHAudioDevHandler'
- Handler name 'MSRipCDAudioOnArrival'
- Handler name 'MediaCapture9VideoCamera'
- Handler name 'MSSdRunBackup'
- Handler name 'MSSdConfigBackup'
- Handler name 'MSPromptEachTimeNoContent'
- Handler name 'MSPromptEachTime'
- Handler name 'MSPhotoAcqHWEventHandler'
Approved shell extensions
Located in the registry at 'SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved'
- CLSID: {9D687A4C-1404-41ef-A089-883B6FBECDE6}
Scheduled tasks
- The job 'MyTurboPC.com Registration3' runs daily in the path '\MyTurboPC.com Registration3'
- The job 'EasyShare Registration Task' runs daily in the path '\EasyShare Registration Task'
- The task 'PC Utility Kit Registration3' runs daily in the path '\PC Utility Kit Registration3'
- The task 'PC Unleashed Online Registration3' runs daily in the path '\PC Unleashed Online Registration3'
- The task 'SparkTrust Registration3' runs daily in the path '\SparkTrust Registration3'
- The job 'ParetoLogic Registration' runs daily in the path '\ParetoLogic Registration'
- The task 'SpeedMaxPc Registration3' runs daily in the path '\SpeedMaxPc Registration3'
- The job 'ParetoLogic Registration3' runs daily in the path '\ParetoLogic Registration3'
- The task 'SpeedyPC Registration3' runs daily in the path '\SpeedyPC Registration3'
- Entry path '\{DF592278-9ED5-4925-9117-7AD619F1AAA8}'
- Entry path '\{D6488D52-E069-4A39-816E-D1598D5449A4}'
- Entry path '\{C8536D19-006C-4D7C-B8C4-5A4B5160C5ED}'
- Entry path '\{BBA662F7-038F-467B-8873-EB604B5242A2}'
- Entry path '\{B86A1F70-22DB-44E2-850A-04DB8130A83A}'
- Entry path '\{A9F6F357-C7F2-493B-9CA6-BA8096AAF4DF}'
- Entry path '\{8A560E02-3FEE-4E3F-BD2F-E30E081ACB04}'
- Entry path '\{898C3889-ACDA-439E-91B0-36187A01B19B}'
- Entry path '\{0FF765F0-1DE5-461B-9F9B-936450ABA203}'
- Entry path '\{0420CBAC-4E40-4938-9955-4C7C8595BC42}'
- Entry path '\{00BAB955-E3A4-40EE-A715-E595C89513B0}'
- Entry path '\EasyShare Registration Task'
- Entry path '\MyTurboPC.com Registration3'
Startup files (user) run
Runs under the registry key 'HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
- 'uprkr' → rundll32.exe ",RetrieveKey
User start menu folder
Shortcut pointer placed in '%appdata%\Microsoft\Windows\Start Menu'
- Shortcut to 'rundll32.exe'
- Shortcut to 'lsass.exe'
Startup files (all users) run
Runs under the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
- 'CTMasterOnOffMonitor' → Rundll32.exe CTMWatch.dll StartCTMasterOnOffWatch
All file variations of rundll32.exe
Distribution by Windows OS
| OS version | distribution |
| Windows 7 Ultimate |
41.31% |
|
| Windows 7 Home Premium |
21.66% |
|
| Windows 7 Ultimate N |
8.56% |
|
| Windows Vista Ultimate |
5.54% |
|
| Windows Vista Home Premium |
4.79% |
|
| Windows Vista™ Home Premium |
4.53% |
|
| Windows 7 Professional |
2.77% |
|
| Windows 8 Pro |
1.51% |
|
| Windows Vista Home Basic |
1.26% |
|
| Windows 8 |
1.26% |
|
| Microsoft Windows 7 Professional |
1.26% |
|
| Windows 8.1 |
1.01% |
|
| Windows 8 Pro with Media Center |
0.76% |
|
| Windows 7 Starter |
0.76% |
|
| Windows 8.1 Pro |
0.50% |
|
| Windows 8 Enterprise |
0.50% |
|
| Windows 7 Home Basic |
0.50% |
|
| Microsoft Windows XP |
0.50% |
|
| Windows 8 Single Language |
0.25% |
|
| Windows 7 Home Premium N |
0.25% |
|
| Windows Server 2008 Standard |
0.25% |
|
| 22 other Windows OS version |
Distribution by country
United States installs about 54.23% of Windows host process (Rundll32).
Distribution by PC manufacturer
| PC Manufacturer | distribution |
| Hewlett-Packard |
20.00% |
|
| Acer |
17.27% |
|
| Dell |
16.36% |
|
| Toshiba |
12.73% |
|
| Sony |
9.09% |
|
| Lenovo |
9.09% |
|
| GIGABYTE |
5.45% |
|
| Alienware |
4.55% |
|
| ASUS |
3.64% |
|
| Gateway |
1.82% |
|
