rasadhlp.dll

  • File Path: C:\Windows\system32\rasadhlp.dll
  • Description: Remote Access AutoDial Helper

Hashes

Type Hash
MD5 F3325EBA04ED472DB07A67E76B01E38C
SHA1 E577AF01C93E3965EE9AE1BD7AE3B8AFD0C05569
SHA256 D1CDF95C47DC07BE27023C4AB3AB6B8D0FCD1D7F918980B18DE04A1D7881F817
SHA384 B25713B1DF48500CCC89916A05D0DEE995644D2C7DF7FBBC6F18858A68BAA7D657FE779373B046FA7891261787DDBE96
SHA512 68C5655B7EB0398111D5EA2708CF8F4FC812DDB12B1EC64ABE8D338DE00F6FB4C6D36D5E8DBA0DDC029AC224232A558E51502CF2DCB9975C3B4E4A1A61257752
SSDEEP 192:5/qBQhoBPt+AqHBefg3TPpTG67lQupKrmDDw49GJT2QKl/yEtq6JaekHWlYW:MLPt3gRYUCnsGClqq4WlYW
IMP FEAF8EF2A61D5237FD324D1624A3894B
PESHA1 3DC272E82500FCD4355C9E4F6E119B8E6C96E7DE
PE256 8BAB652EAB72D1B9F6464726D65F19538C22C70FBC3E6016EBB782C998068F00

DLL Exports:

Function Name Ordinal Type
WSAttemptAutodialName 3 Exported Function
WSNoteSuccessfulHostentLookup 4 Exported Function
AcsHlpNbConnection 1 Exported Function
WSAttemptAutodialAddr 2 Exported Function

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: rasadhlp.dll
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/67
  • VirusTotal Link: https://www.virustotal.com/gui/file/d1cdf95c47dc07be27023c4ab3ab6b8d0fcd1d7f918980b18de04a1d7881f817/detection/

File Similarity (ssdeep match)

File Score
C:\Windows\SysWOW64\rasadhlp.dll 35

Possible Misuse

The following table contains possible examples of rasadhlp.dll being misused. While rasadhlp.dll is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
malware-ioc misp-turla-crutch-event.json "value": "%PROGRAMFILES%\\(x86)\\Mozilla Firefox\\rasadhlp.dll", © ESET 2014-2018
malware-ioc turla * ++C:\Program Files (x86)\Mozilla Firefox\rasadhlp.dll++``{:.highlight .language-cmhg} © ESET 2014-2018

MIT License. Copyright (c) 2020-2021 Strontic.