rundll32
Loads and runs DLLs. Used to execute malicious DLL exports directly, bypassing application whitelisting.
Binary Paths
C:\Windows\System32\rundll32.exeC:\Windows\SysWOW64\rundll32.exe
Glob Patterns
| Pattern | Wildcards | Notes |
|---|---|---|
for /f %i in ('where rundll3?.exe') do %i
|
? | Wildcard replaces '2' |
for /f %i in ('where r*32.exe') do %i
|
* | Star matches 'undll' |
for /f %i in ('where rundll*.exe') do %i
|
* | Star matches '32' |
for /f %i in ('dir /b C:\Windows\System32\rundll*.exe') do %i
|
* | dir glob search |