home

RUNDLL32.EXE

SteamDonkey LLC

It runs as a scheduled task under the Windows Task Scheduler named TiltBreaker triggered to execute each time a user logs in.
Publisher:
SteamDonkey LLC  (signed and verified)

Description:
Windows host process (Rundll32)

Version:
1, 792, 1, 0

MD5:
6195d89d7f40307e3a74ec833a696d48

SHA-1:
1ccbd2db460c006a7a347400c5c127152f02b6e6

SHA-256:
0c716b61d4b9a0deeb555b9123b3418b3928d96e68265eedfb055cca4b2d2ce4

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
5/8/2024 10:32:08 AM UTC  (today)

File size:
3.5 MB (3,699,320 bytes)

Product version:
1, 792, 1, 0

Original file name:
RUNDLL32.EXE

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\tilt breaker\rundll32.exe

Digital Signature
Signed by:
SteamDonkey LLC

Authority:
COMODO CA Limited

Valid from:
7/2/2014 3:00:00 AM

Valid to:
7/3/2015 2:59:59 AM

Subject:
CN=SteamDonkey LLC, O=SteamDonkey LLC, STREET=256 Monte Cristo Blvd., L=Tierre Verde, S=Florida, PostalCode=33715, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
514247FD62B6731F637020D60FC8DBBD

File PE Metadata
Compilation timestamp:
3/11/2015 3:09:31 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
98304:uCc5Yonor+AkL9y13uA8w+bq+W+kYX9r:uCc5Yonor+AkY13uA8wy0G

Entry address:
0x1D6307

Entry point:
E8, 55, 76, 01, 00, E9, 79, FE, FF, FF, CC, CC, CC, 68, 00, 01, 5D, 00, 64, FF, 35, 00, 00, 00, 00, 8B, 44, 24, 10, 89, 6C, 24, 10, 8D, 6C, 24, 10, 2B, E0, 53, 56, 57, A1, F0, 39, 6B, 00, 31, 45, FC, 33, C5, 50, 89, 65, E8, FF, 75, F8, 8B, 45, FC, C7, 45, FC, FE, FF, FF, FF, 89, 45, F8, 8D, 45, F0, 64, A3, 00, 00, 00, 00, C3, 8B, 4D, F0, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, C3, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, F0, 39...
 
[+]

Code size:
2.2 MB (2,277,888 bytes)

Scheduled Task
Task name:
TiltBreaker

Trigger:
Logon (Runs on logon)

Description:
Starts TiltBreaker when user logs on.


Scan RUNDLL32.EXE - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.