rasdial.exe

  • File Path: C:\Windows\SysWOW64\rasdial.exe
  • Description: Remote Access Command Line Dial UI

Hashes

Type Hash
MD5 799A2572818B770C12B9B02B89E38FEB
SHA1 454C0132295D76E8FAF8EEA39B12CCC7D9B0921E
SHA256 56572B71F9E7E3151FAD06EE724A1CC11C6D56B27981AD2E6FEEF0A0D759F12C
SHA384 87A018ECD8816C763C7D77EC5DA16A570CEF5B5D323817CD1F54BE6CCC9E0B46D975FA1E9D28A682ADF106226F8BF194
SHA512 1A232FDE52F3654F84AF5D7410EC8C7165CB753A02795D4821C5AB092994ABDF7A39C05FD5E0582567D86BE388AC8AD7E23239D0748F853C541C79E1AEE476AE
SSDEEP 384:7Hp44TPy7bcf4Q0jAvsrkkEsQ7yzNmqWrVW:lXy5FQ2zNmn
IMP 5C49C69DC9F9E8B85CB908313C7FCFF4
PESHA1 2489BD88583E66447E7DF239C51F33BB55075896
PE256 4252DEFC966BC8CC6BD681A95D863CC5684BB0DB5471E782387E8D00DD49F57C

Runtime Data

Usage (stdout):

USAGE:
	C:\Windows\SysWOW64\rasdial.exe entryname [username [password|*]] [/DOMAIN:domain]
		[/PHONE:phonenumber] [/CALLBACK:callbacknumber]
		[/PHONEBOOK:phonebookfile] [/PREFIXSUFFIX]

	C:\Windows\SysWOW64\rasdial.exe [entryname] /DISCONNECT

	C:\Windows\SysWOW64\rasdial.exe

	Please refer to our privacy statement at 
	'https://go.microsoft.com/fwlink/?LinkId=521839'

Loaded Modules:

Path
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\wow64.dll
C:\Windows\System32\wow64cpu.dll
C:\Windows\System32\wow64win.dll
C:\Windows\SysWOW64\rasdial.exe

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: RASDIAL.EXE
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 0/75
  • VirusTotal Link: https://www.virustotal.com/gui/file/56572b71f9e7e3151fad06ee724a1cc11c6d56b27981ad2e6feef0a0d759f12c/detection

File Similarity (ssdeep match)

File Score
C:\Windows\SysWOW64\rasdial.exe 77

Possible Misuse

The following table contains possible examples of rasdial.exe being misused. While rasdial.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma proc_creation_win_susp_rasdial_activity.yml title: Suspicious RASdial Activity DRL 1.0
sigma proc_creation_win_susp_rasdial_activity.yml description: Detects suspicious process related to rasdial.exe DRL 1.0
sigma proc_creation_win_susp_rasdial_activity.yml - rasdial.exe DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.