.. / rundll32.exe

The process for running DLL’s on Windows. In normal usage the rundll32 process wil execute specific functions of DLL’s via the following format rundll32.exe <DLL>, <EntryPoint>. Some DLL’s contain special function for running specific files. For example, rundll32 can be used to run .CPL files via the shell32.dll DLL and the Control_RunDLL function. Malware author often abuse this by creating malicious .CPL files and running them via the rundll32 utility.

Image Path

Executable’s image path.

Parent Process

A process which spawned the analyzed process.

Number of Instances

Expected number of processes running which may normally run on Windows.

User Account

Windows account with which the process was launched. This defines what privileges given process has.

Start Time

Expected time of process to be launched.