Rundll32: The Infamous Proxy for Executing Malicious Code

Take a deeper dive into an often abused Microsoft-signed tool, the infamous rundll32.exe, which allows adversaries to execute malicious code during their offensive operations through a technique which we explain in detail

themed campaigns of Lazarus in the Netherlands and Belgium

Shelob Moonlight – Spinning a Larger Web From IcedID to CONTI, a Trojan and Ransomware collaboration - Cynet

Silvio R. (@Pinas_) / X

System Binary Proxy Execution Rundll32, Nordic Defender

Virus Bulletin on X: The Cybereason Blue Team describe how Microsoft's rundll32.exe tool, which allows code to be loaded and executed, is often used by adversaries during their offensive operations. /

Threat Intelligence Report

Rundll32: The Infamous Proxy for Executing Malicious Code

Swedish Windows Security User Group » NOBELIUM

PcShare Backdoor Attacks Targeting Windows Users with FakeNarrator Malware

Rundll32: The Infamous Proxy for Executing Malicious Code

4 malicious campaigns, 13 confirmed victims, and a new wave of APT41 attacks

The second program that was found is rundll32exe which is a Microsoft signed

The Windows Process Journey: by Dr. Shlomi Boutnaru, PDF, Windows Registry

Rundll32 Injected with mining malware - Microsoft Community

Detect PlugX Trojan Masquerading as a Legitimate Windows Debugger Tool to Fly Under the Radar - SOC Prime