rasdial.exe

  • File Path: C:\Windows\system32\rasdial.exe
  • Description: Remote Access Command Line Dial UI

Hashes

Type Hash
MD5 92260053B3B48CFEC6113464C76235FD
SHA1 D6CD743EC4F3910DF0E59977E5E68EA110EC33B4
SHA256 7427FE46C5A8B9A8E2A85FFE4AF8706473CE02ECD4168517C3FF81E6802302E1
SHA384 ACEEA98F8AC2311D25EF9428906EDF25D43BD7067ED3054F100D7C843C7A227C34B1D328BA74D621AD628790BB80AFD2
SHA512 E5016E501D7D5276D08DA3735260FE7C5F29FD3DEDD4C3F9B2DECECD9C3EBB6CC87AE4EA18A5E4746A054D28EAA9177DFD0A6B35A91D97452ADE2E7A71E9E9A7
SSDEEP 384:qMrNEf9uohXdznu+hyUje+GRmLjM2OOAIf+bxVY9t0yNwKWQVW:qMrN2uohXQ60NRa4DRbLytNNws
IMP D893FB6DD140FF7107D0E41FFBAAAEC9
PESHA1 57B804D50266E680C52C58286255F12394CE1B88
PE256 CEFEB555BDE7FE1DC9B0D6C8ADF0759590D0170D7611239192C1C5C07509ADA9

Runtime Data

Usage (stdout):

USAGE:
	C:\Windows\system32\rasdial.exe entryname [username [password|*]] [/DOMAIN:domain]
		[/PHONE:phonenumber] [/CALLBACK:callbacknumber]
		[/PHONEBOOK:phonebookfile] [/PREFIXSUFFIX]

	C:\Windows\system32\rasdial.exe [entryname] /DISCONNECT

	C:\Windows\system32\rasdial.exe

	Please refer to our privacy statement at 
	'https://go.microsoft.com/fwlink/?LinkId=521839'


Loaded Modules:

Path
C:\Windows\System32\advapi32.dll
C:\Windows\System32\bcryptPrimitives.dll
C:\Windows\System32\cfgmgr32.dll
C:\Windows\System32\combase.dll
C:\Windows\System32\cryptsp.dll
C:\Windows\System32\GDI32.dll
C:\Windows\System32\gdi32full.dll
C:\Windows\System32\IMM32.DLL
C:\Windows\System32\kernel.appcore.dll
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\System32\msvcp_win.dll
C:\Windows\System32\msvcrt.dll
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\powrprof.dll
C:\Windows\System32\profapi.dll
C:\Windows\system32\RASAPI32.dll
C:\Windows\system32\rasdial.exe
C:\Windows\system32\rasman.dll
C:\Windows\System32\RPCRT4.dll
C:\Windows\system32\rtutils.dll
C:\Windows\System32\sechost.dll
C:\Windows\System32\shcore.dll
C:\Windows\System32\SHELL32.dll
C:\Windows\System32\shlwapi.dll
C:\Windows\System32\ucrtbase.dll
C:\Windows\System32\USER32.dll
C:\Windows\System32\win32u.dll
C:\Windows\System32\windows.storage.dll

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: RASDIAL.EXE.MUI
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.17763.1 (WinBuild.160101.0800)
  • Product Version: 10.0.17763.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/69
  • VirusTotal Link: https://www.virustotal.com/gui/file/7427fe46c5a8b9a8e2a85ffe4af8706473ce02ecd4168517c3ff81e6802302e1/detection/

File Similarity (ssdeep match)

File Score
C:\WINDOWS\system32\rasdial.exe 47

Possible Misuse

The following table contains possible examples of rasdial.exe being misused. While rasdial.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma proc_creation_win_susp_rasdial_activity.yml title: Suspicious RASdial Activity DRL 1.0
sigma proc_creation_win_susp_rasdial_activity.yml description: Detects suspicious process related to rasdial.exe DRL 1.0
sigma proc_creation_win_susp_rasdial_activity.yml - rasdial.exe DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.