Rundll32: The Infamous Proxy for Executing Malicious Code

Take a deeper dive into an often abused Microsoft-signed tool, the infamous rundll32.exe, which allows adversaries to execute malicious code during their offensive operations through a technique which we explain in detail

A Survey on the Evolution of Fileless Attacks and Detection Techniques - ScienceDirect

Rundll32: The Infamous Proxy for Executing Malicious Code

Rundll32: The Infamous Proxy for Executing Malicious Code

Silvio R. (@Pinas_) / X

Virus Bulletin on X: The Cybereason Blue Team describe how Microsoft's rundll32.exe tool, which allows code to be loaded and executed, is often used by adversaries during their offensive operations. /

themed campaigns of Lazarus in the Netherlands and Belgium

Persistent pests: A taxonomy of computer worms - Red Canary

System Binary Proxy Execution Rundll32, Nordic Defender

Rundll32: The Infamous Proxy for Executing Malicious Code

Rundll32: The Infamous Proxy for Executing Malicious Code

The second program that was found is rundll32exe which is a Microsoft signed

Swedish Windows Security User Group » ransomware

Persistent pests: A taxonomy of computer worms - Red Canary