ThreatExpert's awareness of the file "rundll32.dll":

Across all ThreatExpert reports, the file "rundll32.dll" was mostly identified as a threat.

File "rundll32.dll" has the following statistics:

Total number of reports analysed	611,932
Number of cases that involved the file "rundll32.dll"	141
Number of incidents when this file was found to be a threat	130
Statistical volume of cases when "rundll32.dll" was a threat	92%

Please enable javascript to display the chart.

Notes:

Please note that the name of the file should NOT be used to define if it is legitimate or not. Such determination can only be made by observing its dynamic behaviour.
In order to check a file, please submit it to ThreatExpert.
For a comprehensive pro-active protection against threats, please consider ThreatFire - our behavioral antivirus solution.

The file "rundll32.dll" is known to be created under the following filenames:

%Profiles%\localservice\ntuser.dll

%Programs%\startup\chkdisk.dll

%Programs%\startup\scandisk.dll

%System%\autochk.dll

%System%\calc.dll

%System%\rundll32.dll

%Temp%\calc.dll

%Temp%\rundll32.dll

%UserProfile%\ntuser.dll

%UserProfile%\protect.dll

%Windir%\cursors\rundll32.dll

%Windir%\rundll32.dll

%Windir%\temp\rundll32.dll

Notes:

%Profiles% is a variable that refers to the file system directory containing user profile folders. A typical path is C:\Documents and Settings.
%Programs% is a variable that refers to the file system directory that contains the user's program groups. A typical path is C:\Documents and Settings\[UserName]\Start Menu\Programs.
%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).
%UserProfile% is a variable that specifies the current user's profile folder. By default, this is C:\Documents and Settings\[UserName] (Windows NT/2000/XP).
%Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.

The file "rundll32.dll" has the following possible country of origin:

Origin		Number of Incidents
	Russian Federation	34

The following threats are known to be associated with the file "rundll32.dll":

Threat Alias	Number of Incidents
Packed.Win32.Krap.ah [Kaspersky Lab]	1,871
Infostealer [Symantec]	1,588
Mal/EncPk-MA, Mal/FakeDouf-B [Sophos]	1,087
Packed.Win32.Krap [Ikarus]	983
Trojan-PSW.Generic [PC Tools]	916
Trojan:Win32/Opachki.A [Microsoft]	809
Trojan.CryptRedol [Ikarus]	725
Generic.dx!hca [McAfee]	667
Mal/EncPk-LT, Mal/FakeAV-BX, Mal/FakeDouf-B, Mal/EncPk-MA [Sophos]	442
Mal/Generic-A [Sophos]	265
Trojan.Win32.Opachki [Ikarus]	177
Trojan Horse [Symantec]	149
Win-Trojan/Opachki.22528 [AhnLab]	56
Trojan.Win32.Scar.adgt [Kaspersky Lab]	49
Trojan.Win32.Scar.abus [Kaspersky Lab]	21
Generic Downloader.z [McAfee]	16
Generic.dx!fya [McAfee]	7
Trojan.Generic [PC Tools]	7
Trojan.Win32.Scar.aakg [Kaspersky Lab]	4
Win-Trojan/Agent.24064.OL [AhnLab]	4
Infostealer.Refest [Symantec]	2
Mal/Packer, Mal/Basine-A [Sophos]	2
PWS-Cimag.dll [McAfee]	2
Trojan-Dropper.Agent [Ikarus]	2
Trojan-PSW.Win32.Prostor.a [Kaspersky Lab]	2
Trojan-PWS.Prostor [PC Tools]	2
VirTool:Win32/Obfuscator.C [Microsoft]	2
Win-Trojan/Prostor.11828 [AhnLab]	2
Backdoor.Ciadoor.ASY [PC Tools]	1
Backdoor.Win32.Ciadoor.gn [Kaspersky Lab]	1
Generic BackDoor [McAfee]	1
Generic Downloader.x!bdr [McAfee]	1
Mal/EncPk-IF, Mal/FakeDouf-A [Sophos]	1
TROJ_Generic.A [Trend Micro]	1
Trojan.Fakeavalert [Symantec]	1
Trojan.Win32.Scar.yeu [Kaspersky Lab]	1
Trojan.Win32.Scar.ygv [Kaspersky Lab]	1
Trojan-Downloader.Win32.Agent.cnrb [Kaspersky Lab]	1
W32.Randex.gen [Symantec]	1