rundll32.exe | Used To Run DLL Files | Safe?

Rundll32.exe is an executable file used by Windows to run DLL files as if they were within the actual program. Unfortunately, virus writers use similar names to trick users, and malware often uses this program to run code in Windows.

What Are DLL Files?

Here’s what lifewire says:

A DLL file, short for Dynamic Link Library, is a type of file that contains instructions that other programs can call upon to do certain things.

This way, multiple programs can share the abilities programmed into a single file, and even do so simultaneously.

For example, several different programs might all call upon the veryuseful.dll file (I made that up, of course) to find the free space on a hard drive, locate a file in a particular directory, and print a test page to the default printer.

Unlike executable programs, like those with the EXE file extension, DLL files can’t be run directly but instead must be called upon by other code that is already running.

https://www.lifewire.com/what-is-a-dll-file-2625852

What Is rundll32.exe?

The Microsoft Operating System uses rundll32.exe to access these DLL libraries on behalf of other programs.

It’s therefore an important file and shouldn’t, usually, be removed or disabled. However it is known to have a couple of security issues.


Security Issues With The rundll32.exe Process

Issue 1: Malware Masquerading As rundll32.exe

This is an issue common to other Windows processes such as conhost.exe.

Virus/Trojan/Spyware etc writers give their malicious files a similar name to these legitimate processes, hoping that users will mistake them for their safe namesake.

The key way to check that the rundle32.exe file running on your computer is the legitimate one is to check its file location. The real process sits in the C://Windows/System32 folder and hence if your file is elsewhere, it is likely to be malicious.

How To Check A File’s Location

a. Press ctrl-alt-del

b. Click on the ‘Details Tab’ as below:

Examine Rundll32.exe
source: https://www.raymond.cc/blog/identify-loaded-rundll32exe-in-windows-task-list/

c. Highlight the rundll32.exe file as above

d. Right click and click ‘Properties’ to get the following screen:

how to find rundll32.exe location

e. Note the location (circled)

Issue 2: Malicious DLL Libraries

The legitimate rundll32.exe file can also be used for nefarious purposes.

It can be used to download and run malicious code in a rogue DLL file. This is a well known security vulnerability (see here).


Conclusion

The rundll32 process is usually legitimate and should not be removed.

However both rogue files with a similar name, and malware which uses the process to run malicious code should be guarded against.



Featured Posts

What Is Libcef.dll? Libcef.dll is a DLL file associated with the Chromium Embedded Framework. It is used to embed the open-source Chromium web browser into another application. Who Wrote This Libcef.dll File? Chromium is an open-source browser project from Google – it’s basically the code behind its Chrome browser. In ...
Read More
What Is LogiLDA.dll? LogiLDA.dll is a DLL file associated with the Logitech Download Assistant, usually downloaded when installing a Logitech piece of hardware, such as a mouse, webcam, or keyboard, onto a Windows machine. Sometimes it is preloaded onto a PC on purchase. This Logitech Download Assistant software is the ...
Read More
Svchost.exe, Service Host, like the name suggests, hosts Microsoft services and will load all the DLLs files of the program by itself. Should you remove the svchost.exe file from your computer? It is spyware, a trojan, or a virus, or could it be a legitimate file keeping things neat? We ...
Read More
IAStorIcon.exe is an executable file used by Intel to manage storage devices in your computer set up. It is usually entirely safe and should not be removed. If you've recently noticed the IAStorIcon.exe file in your task manager, then you're probably wondering if it's a virus or spyware. After all, ...
Read More
The Best Malware Removal Tools Reviews: we look at the top 5 tools to remove trojans, spyware, viruses and other malware from your computer. When it comes to malware, there is one thing we can all agree on – we do not want them attacking our computers. Even Warren Buffet ...
Read More
GWX.EXE – What You Need To Know About It You may see gwx.exe in your task manager and are wondering whether it’s safe, or a virus/trojan. Or perhaps you’ve noticed a new logo on the notification bar of your laptop and are concerned it may be adware. Whatever your concern, ...
Read More
What are the best online scanners? Here we review software built to ensure the Microsoft Office and zipped files you download are safe. Reports On The Threat In a cybersecurity report published by Cisco in 2018 during the Annual Cybersecurity Report, a terrifying piece of the cybersecurity puzzle was revealed ...
Read More
Should you remove the sedlauncher.exe file from your computer? Is it a legitimate file or is the sedlauncher.exe file a virus, trojan or even a type of spyware? We investigate. What is sedlauncher.exe? sedlauncher.exe represents a .exe file that belongs to the Microsoft Windows Operating System developed by Microsoft. The ...
Read More
instup.exe is an executable file developed by AVAST that is part of the Avast Free Antivirus software. The file is usually safe and helps keep systems free of malware. What is instup.exe? The AVAST antivirus software is available to download for free on Windows, Android, and Mac operating systems. The ...
Read More
GSvr.exe is an executable file that provides dynamic energy management for Gigabyte motherboards. Gigabyte is reputable supplier and hence this file is usually entirely safe. What Is GSvr.exe And Is It Safe? The file was created by Gigabyte to help with the smooth running of their motherboards and as such, ...
Read More