rundll32.exe
Windows host process (Rundll32) by Microsoft
| Version: | 6.2.9200.16384 (win8_rtm.120725-1247) |
| MD5: | 224f6b374852153c8c24bed141ae3a20 |
| SHA1: | e267a1a7dae5702e18ebdd0d451578a50df5abca |
| SHA256: | 9f73b0e980df0aea1ca13a3418db2434ab8e3c56e97f150a5fd62489583a9d20 |
This is a Windows system installed file with Windows File Protection (WFP) enabled.
Overview
rundll32.exe executes as a process with the local user's privileges typically within the context of its parent
LogonUI.exe (Windows Logon User Interface Host by Microsoft). It is set to be run when the PC boots and the user logs into Windows (added to the Run registry key for the current user). It configures an autoplay handler withing explorer.exe named MSPhotoAcqHWEventHandler that will launch the program automatically. This version is installed on Windows 8 and is compiled as a 32 bit program.
Details
| File name: | rundll32.exe |
| Publisher: | Microsoft Corporation |
| Product name: | Windows host process (Rundll32) |
| Description: | Microsoft® Windows® Operating System |
| Typical file path: | C:\Windows\System32\rundll32.exe |
| Original name: | RUNDLL32.EXE.MUI |
| File version: | 6.2.9200.16384 (win8_rtm.120725-1247) |
| Product version: | 6.2.9200.16384 |
| Size: | 47.5 KB (48,640 bytes) |
| Digital DNA |
| PE subsystem: | Windows GUI |
| Entropy: | 6.056689 |
| File packed: | No |
| Code language: | Microsoft Visual C++ |
| .NET CLR: | No |
More details
Behaviors
Autoplay handlers
Runs under the registry key 'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers'
- Handler name 'WinampMTPHandler'
- Handler name 'PStarterVideoFilesArrival'
- Handler name 'PStarterPicturesArrival'
- Handler name 'PStarterMusicFilesArrival'
- Handler name 'PStarterMixedCDArrival'
- Handler name 'PStarterDVDBurningOnArrival'
- Handler name 'PStarterBlankCDArrival'
- Handler name 'Power2GoPlayCDAudioOnArrival'
- Handler name 'PDirDVArrival'
- Handler name 'P2GDVDBurningOnArrival'
- Handler name 'P2GCDBurningOnArrival'
- Handler name 'muveeVideoOnArrival'
- Handler name 'muveeVideoCameraArrivalCaptureWizard'
- Handler name 'MSShowPicturesOnArrival'
- Handler name 'MSSHAudioDevHandler'
- Handler name 'MSRipCDAudioOnArrival'
- Handler name 'MediaCapture9VideoCamera'
- Handler name 'MSSdRunBackup'
- Handler name 'MSSdConfigBackup'
- Handler name 'MSPromptEachTimeNoContent'
- Handler name 'MSPromptEachTime'
- Handler name 'MSPhotoAcqHWEventHandler'
Approved shell extensions
Located in the registry at 'SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved'
- CLSID: {9D687A4C-1404-41ef-A089-883B6FBECDE6}
Scheduled tasks
- The job 'MyTurboPC.com Registration3' runs daily in the path '\MyTurboPC.com Registration3'
- The job 'EasyShare Registration Task' runs daily in the path '\EasyShare Registration Task'
- The task 'PC Utility Kit Registration3' runs daily in the path '\PC Utility Kit Registration3'
- The task 'PC Unleashed Online Registration3' runs daily in the path '\PC Unleashed Online Registration3'
- The task 'SparkTrust Registration3' runs daily in the path '\SparkTrust Registration3'
- The job 'ParetoLogic Registration' runs daily in the path '\ParetoLogic Registration'
- The task 'SpeedMaxPc Registration3' runs daily in the path '\SpeedMaxPc Registration3'
- The job 'ParetoLogic Registration3' runs daily in the path '\ParetoLogic Registration3'
- The task 'SpeedyPC Registration3' runs daily in the path '\SpeedyPC Registration3'
- Entry path '\{DF592278-9ED5-4925-9117-7AD619F1AAA8}'
- Entry path '\{D6488D52-E069-4A39-816E-D1598D5449A4}'
- Entry path '\{C8536D19-006C-4D7C-B8C4-5A4B5160C5ED}'
- Entry path '\{BBA662F7-038F-467B-8873-EB604B5242A2}'
- Entry path '\{B86A1F70-22DB-44E2-850A-04DB8130A83A}'
- Entry path '\{A9F6F357-C7F2-493B-9CA6-BA8096AAF4DF}'
- Entry path '\{8A560E02-3FEE-4E3F-BD2F-E30E081ACB04}'
- Entry path '\{898C3889-ACDA-439E-91B0-36187A01B19B}'
- Entry path '\{0FF765F0-1DE5-461B-9F9B-936450ABA203}'
- Entry path '\{0420CBAC-4E40-4938-9955-4C7C8595BC42}'
- Entry path '\{00BAB955-E3A4-40EE-A715-E595C89513B0}'
- Entry path '\EasyShare Registration Task'
- Entry path '\MyTurboPC.com Registration3'
Startup files (user) run
Runs under the registry key 'HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
- 'uprkr' → rundll32.exe ",RetrieveKey
User start menu folder
Shortcut pointer placed in '%appdata%\Microsoft\Windows\Start Menu'
- Shortcut to 'rundll32.exe'
- Shortcut to 'lsass.exe'
Startup files (all users) run
Runs under the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
- 'CTMasterOnOffMonitor' → Rundll32.exe CTMWatch.dll StartCTMasterOnOffWatch
Resource utilization
(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
| CPU |
| Total CPU: | 0.00024508% | |
| Kernel CPU: | 0.00023220% | |
| User CPU: | 0.00001288% | |
| Kernel CPU time: | 260,023 ms/min | |
| CPU cycles: | 523/sec | |
| Context switches: | 11/sec | |
| Memory |
| Private memory: | 4 MB | |
| Private (maximum): | 6.57 MB | |
| Private (minimum): | 3.97 MB | |
| Non-paged memory: | 4 MB | |
| Virtual memory: | 70.75 MB | |
| Virtual memory (peak): | 71.88 MB | |
| Working set: | 4.11 MB | |
| Working set (peak): | 6.59 MB | |
| Page faults: | 4,990/min | |
| I/O |
| I/O read transfer: | 5 Bytes/sec | |
| I/O read operations: | 1/sec | |
| I/O other transfer: | 0 Bytes/sec | |
| I/O other operations: | 1/sec | |
| Resource allocations |
| Threads: | 3 | |
| Handles: | 159 | |
| GUI GDI count: | 12 | |
| GUI GDI peak: | 13 | |
| GUI USER count: | 4 | |
| GUI USER peak: | 5 | |
Process properties
| Integrety level: | Medium |
| Platform: | 32-bit |
| Command lines: |
- "C:\Windows\System32\rundll32.exe" -localserver 22d8c27b-47a1-48d1-ad08-7da7abd79617
- "C:\Windows\System32\rundll32.exe" cmicnfg3.cpl,cmictrlwnd
|
| Owner: | User |
| Parent processes: |
|
Distribution by Windows OS
| OS version | distribution |
| Windows 7 Ultimate |
36.50% |
|
| Windows 7 Home Premium |
25.00% |
|
| Windows Vista™ Home Premium |
9.00% |
|
| Windows Vista Ultimate |
7.00% |
|
| Windows Vista Home Premium |
4.50% |
|
| Windows 7 Professional |
3.00% |
|
| Microsoft Windows 7 Professional |
2.50% |
|
| Windows 8.1 |
2.00% |
|
| Windows 8 Pro |
2.00% |
|
| Windows Vista Home Basic |
1.50% |
|
| Windows 8 |
1.50% |
|
| Windows 8.1 Pro |
1.00% |
|
| Windows 7 Home Basic |
1.00% |
|
| Windows 7 Starter |
1.00% |
|
| Windows 8 Single Language |
0.50% |
|
| Windows 8 Enterprise |
0.50% |
|
| Windows 8 Pro with Media Center |
0.50% |
|
| Windows 7 Home Premium N |
0.50% |
|
| Windows Server 2008 Standard |
0.50% |
|
Distribution by country
United States installs about 50.56% of Windows host process (Rundll32).
Distribution by PC manufacturer
| PC Manufacturer | distribution |
| Hewlett-Packard |
21.36% |
|
| Acer |
18.45% |
|
| Toshiba |
13.59% |
|
| Dell |
13.59% |
|
| Sony |
9.71% |
|
| Lenovo |
9.71% |
|
| Alienware |
4.85% |
|
| GIGABYTE |
4.85% |
|
| ASUS |
1.94% |
|
| Gateway |
1.94% |
|
