Basic dynamic analysis techniques will be rendered useless if you can’t get the malware running. Here we focus on running the majority of malware you will encounter (EXEs and DLLs). Although you’ll usually find it simple enough to run executable malware by double-clicking the executable or running the file from the command line, it can be tricky to launch malicious DLLs because Windows doesn’t know how to run them automatically. (We’ll discuss DLL internals in depth in Chapter 7.)

Let’s take a look at how you can launch DLLs to be successful in performing dynamic analysis.

The program rundll32.exe is included with all modern versions of Windows. It provides a container for running a DLL using this syntax:

C:\>rundll32.exe DLLname ...