home

rundll32.exe

Daniel Monteiro

It runs as a scheduled task under the Windows Task Scheduler.
Publisher:
Daniel Monteiro  (signed and verified)

MD5:
fdf1aaf6649750ac8933589a8cdd4f97

SHA-1:
4933cc5fe34808fd36e43ab9af6f8b6115445f5f

SHA-256:
1dd2c282e02832f369d7bbcbd32c6ae8bcecc56a087561f924f22d8421ee6793

Scanner detections:
1 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
4/26/2024 8:51:23 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/LogicielsEspions.C potentially unsafe application
7.0.302.0

File size:
4.4 MB (4,599,552 bytes)

File type:
Executable application (Win32 EXE)

Digital Signature
Signed by:
Daniel Monteiro

Authority:
COMODO CA Limited

Valid from:
2/25/2013 12:00:00 AM

Valid to:
2/25/2014 11:59:59 PM

Subject:
CN=Daniel Monteiro, O=Daniel Monteiro, STREET="Condominio Costa Nova. Rua Dois, 601", L=Caraguatatuba, S=SP, PostalCode=11677-000, C=BR

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00899BB4D3DAE16CC66EF4EB9C6BBF803E

File PE Metadata
Compilation timestamp:
6/19/1992 11:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:7TiTjnlnrjLhTwIWQRemgFtrOTTT9QgcmT24qfIykg3fbmbQ/ymQfRL1+m7RYKYO:7TiTBzhTwVmgwQg/aXa7fLbYKvd

Entry address:
0x1F27A4

Entry point:
55, 8B, EC, 83, C4, F0, 53, B8, 44, 1E, 5F, 00, E8, 3F, 4B, E1, FF, 8B, 1D, D4, 47, 60, 00, 8B, 03, E8, 2A, 17, E8, FF, 8B, 0D, 24, 4A, 60, 00, 8B, 03, 8B, 15, EC, A5, 5E, 00, E8, 2F, 17, E8, FF, 8B, 0D, 94, 4A, 60, 00, 8B, 03, 8B, 15, 14, 5D, 4F, 00, E8, 1C, 17, E8, FF, 8B, 0D, 4C, 4B, 60, 00, 8B, 03, 8B, 15, 24, 93, 50, 00, E8, 09, 17, E8, FF, 8B, 0D, AC, 44, 60, 00, 8B, 03, 8B, 15, 60, 6A, 50, 00, E8, F6, 16, E8, FF, 8B, 0D, C4, 47, 60, 00, 8B, 03, 8B, 15, C0, 71, 50, 00, E8, E3, 16, E8, FF, 8B, 0D, C0...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
1.9 MB (2,038,272 bytes)

Scheduled Task
Task name:
{C0AF80BC-AF09-435B-98A7-322C7A24DB54}

Trigger:
Registration (Runs on registration)


Scan rundll32.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.