rasdial.exe

  • File Path: C:\WINDOWS\SysWOW64\rasdial.exe
  • Description: Remote Access Command Line Dial UI

Hashes

Type Hash
MD5 AD73A4A7ABC12177340B175D83CC4DC9
SHA1 2FCD6A5DE76C38D768D84DFE86C6B7EDDFD5AEDC
SHA256 54FCE1EDD9D726561970895668A0C8CC94542D591EE17D6D8A40ED5A531E3E0E
SHA384 DCA9313DD2F8B5C9C125E1AAC1FA757EDF5B8CC645E74E5ABC18485FF207AAB7D50C59BE4E044C22E1F07DE6511F50C3
SHA512 CCAB425523DFA72AA08D74CA40423B93A7EE99188336E5BA88AD2C8F386DCCBAD50F7047A71606ED552E6E075012ECC9C30DA4961CF473F898D6A9F261AF5B58
SSDEEP 384:xn72M0NPngz44Ejgf8rkkrnggQ0TaqWWVW/x:eNBGgQAaS

Runtime Data

Usage (stdout):

USAGE:
	C:\WINDOWS\SysWOW64\rasdial.exe entryname [username [password|*]] [/DOMAIN:domain]
		[/PHONE:phonenumber] [/CALLBACK:callbacknumber]
		[/PHONEBOOK:phonebookfile] [/PREFIXSUFFIX]

	C:\WINDOWS\SysWOW64\rasdial.exe [entryname] /DISCONNECT

	C:\WINDOWS\SysWOW64\rasdial.exe

	Please refer to our privacy statement at 
	'https://go.microsoft.com/fwlink/?LinkId=521839'


Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: RASDIAL.EXE
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.18362.1 (WinBuild.160101.0800)
  • Product Version: 10.0.18362.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.

Possible Misuse

The following table contains possible examples of rasdial.exe being misused. While rasdial.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma proc_creation_win_susp_rasdial_activity.yml title: Suspicious RASdial Activity DRL 1.0
sigma proc_creation_win_susp_rasdial_activity.yml description: Detects suspicious process related to rasdial.exe DRL 1.0
sigma proc_creation_win_susp_rasdial_activity.yml - rasdial.exe DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.