home

RUNDLL32.EXE

SteamDonkey LLC

It runs as a scheduled task under the Windows Task Scheduler named TiltBreaker triggered to execute each time a user logs in.
Publisher:
SteamDonkey LLC  (signed and verified)

Description:
Windows host process (Rundll32)

Version:
1, 801, 1, 0

MD5:
a1b32a3e57eff2498752792d2a671312

SHA-1:
b6f30c168482b610937093c3dc67faf39223a198

SHA-256:
f6415d57da6ad953706e5fa2eed2519e587979f0a0b0750ec40ed546ebe82cff

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
5/8/2024 8:18:38 PM UTC  (today)

File size:
3.6 MB (3,724,408 bytes)

Product version:
1, 801, 1, 0

Original file name:
RUNDLL32.EXE

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\tilt breaker\rundll32.exe

Digital Signature
Signed by:
SteamDonkey LLC

Authority:
COMODO CA Limited

Valid from:
7/2/2014 4:00:00 AM

Valid to:
7/3/2015 3:59:59 AM

Subject:
CN=SteamDonkey LLC, O=SteamDonkey LLC, STREET=256 Monte Cristo Blvd., L=Tierre Verde, S=Florida, PostalCode=33715, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
514247FD62B6731F637020D60FC8DBBD

File PE Metadata
Compilation timestamp:
6/18/2015 8:20:41 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
98304:dxNZUsc5sjoV6LGZvCNT08Ban+DegItKhZqX9rk:zUsc5sjoV6LGdCNT08BaaHItiqA

Entry address:
0x1DA2A7

Entry point:
E8, 45, 76, 01, 00, E9, 79, FE, FF, FF, CC, CC, CC, 68, F0, 41, 5D, 00, 64, FF, 35, 00, 00, 00, 00, 8B, 44, 24, 10, 89, 6C, 24, 10, 8D, 6C, 24, 10, 2B, E0, 53, 56, 57, A1, 58, 93, 6B, 00, 31, 45, FC, 33, C5, 50, 89, 65, E8, FF, 75, F8, 8B, 45, FC, C7, 45, FC, FE, FF, FF, FF, 89, 45, F8, 8D, 45, F0, 64, A3, 00, 00, 00, 00, C3, 8B, 4D, F0, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, C3, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, 58, 93...
 
[+]

Code size:
2.2 MB (2,295,808 bytes)

Scheduled Task
Task name:
TiltBreaker

Trigger:
Logon (Runs on logon)

Description:
Starts TiltBreaker when user logs on.


Scan RUNDLL32.EXE - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.