rasdial.exe

  • File Path: C:\Windows\system32\rasdial.exe
  • Description: Remote Access Command Line Dial UI

Hashes

Type Hash
MD5 6AEB82B4CA13B5FBD316F3247049DB0F
SHA1 E88733C2ED3E96C7DE001909D29D97E2F1E99B0F
SHA256 31016AE60A8AEF2DBF1C399F7709BC4FF69BE1E2EBAE5699FA55CFCA606C397A
SHA384 AAFF2BAB4CD9816D24FD1B1F393B97FC7DBC3717D017F1C4DE36B384FF1A2484045E90C30B36C315997D474500FCB14E
SHA512 A4F11DC7DD73F46718DFDD7F2D589E2A14E8CF41BBF15E5C857BD23AC8D4D65948937B13EA37EC6C50AAB1234A1E021732B2A9A199E1248733C19365D6E80FE2
SSDEEP 384:mYoqPypTRhuYONke1rk9I45HFO+0+DKOFNXrEmg6WrVW:mYXyuDNke1o9Iush507M3
IMP D893FB6DD140FF7107D0E41FFBAAAEC9
PESHA1 AF08A96DA94DFB34623C0A2975EDBDCD10FE5C52
PE256 AF20FD0A04E2E66374781C2AEDAAAD51C8CE1F4B28E96DAABD426CC78BF8BE8B

Runtime Data

Usage (stdout):

USAGE:
	C:\Windows\system32\rasdial.exe entryname [username [password|*]] [/DOMAIN:domain]
		[/PHONE:phonenumber] [/CALLBACK:callbacknumber]
		[/PHONEBOOK:phonebookfile] [/PREFIXSUFFIX]

	C:\Windows\system32\rasdial.exe [entryname] /DISCONNECT

	C:\Windows\system32\rasdial.exe

	Please refer to our privacy statement at 
	'https://go.microsoft.com/fwlink/?LinkId=521839'


Loaded Modules:

Path
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\system32\rasdial.exe

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: RASDIAL.EXE.MUI
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/76
  • VirusTotal Link: https://www.virustotal.com/gui/file/31016ae60a8aef2dbf1c399f7709bc4ff69be1e2ebae5699fa55cfca606c397a/detection

File Similarity (ssdeep match)

File Score
C:\Windows\system32\rasdial.exe 74

Possible Misuse

The following table contains possible examples of rasdial.exe being misused. While rasdial.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma proc_creation_win_susp_rasdial_activity.yml title: Suspicious RASdial Activity DRL 1.0
sigma proc_creation_win_susp_rasdial_activity.yml description: Detects suspicious process related to rasdial.exe DRL 1.0
sigma proc_creation_win_susp_rasdial_activity.yml - rasdial.exe DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.