rasdial.exe

  • File Path: C:\WINDOWS\SysWOW64\rasdial.exe
  • Description: Remote Access Command Line Dial UI

Hashes

Type Hash
MD5 EB44AE609D17577704B0821D3CBD28C6
SHA1 BFBD1146658AA53ABF0067599C28BCEE1EAEB239
SHA256 A19399A741C02A775F58D83DB883F0F064DE998FC857E699C60177A820CA73DC
SHA384 CB4AABFAA9B9E012C57275E15142ED612FEF610E084579C50E4CEAD8CBD780A14D1A7A506C18119CBB5169E794E14989
SHA512 63B2DE8FF14750DBF1578444E0D51EEC57C4ED0A10EF7A53FB2F4EE69F72D790167DE9F61D5D822FD0A58CC4D79185E40EAEF078FD0C9CFD7C47975AE2B5A63D
SSDEEP 384:8TRBalPJay3esEAE7Nd3qQNXOPTdXU6WkVWKaJopO:2CerRKdXUYA6pO
IMP 5C49C69DC9F9E8B85CB908313C7FCFF4
PESHA1 96BE7F7EFB029E378E0F8F21B2B76CCDC7139CB2
PE256 2D51A2726751C6D622EA89A5466B4B37776827A6E81992C935CD72147F644842

Runtime Data

Usage (stdout):

USAGE:
	C:\WINDOWS\SysWOW64\rasdial.exe entryname [username [password|*]] [/DOMAIN:domain]
		[/PHONE:phonenumber] [/CALLBACK:callbacknumber]
		[/PHONEBOOK:phonebookfile] [/PREFIXSUFFIX]

	C:\WINDOWS\SysWOW64\rasdial.exe [entryname] /DISCONNECT

	C:\WINDOWS\SysWOW64\rasdial.exe

	Please refer to our privacy statement at 
	'https://go.microsoft.com/fwlink/?LinkId=521839'


Loaded Modules:

Path
C:\WINDOWS\SYSTEM32\ntdll.dll
C:\WINDOWS\System32\wow64.dll
C:\WINDOWS\System32\wow64base.dll
C:\WINDOWS\System32\wow64con.dll
C:\WINDOWS\System32\wow64cpu.dll
C:\WINDOWS\System32\wow64win.dll
C:\WINDOWS\SysWOW64\rasdial.exe

Signature

  • Status: Signature verified.
  • Serial: 33000002ED2C45E4C145CF48440000000002ED
  • Thumbprint: 312860D2047EB81F8F58C29FF19ECDB4C634CF6A
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: RASDIAL.EXE
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.22000.1 (WinBuild.160101.0800)
  • Product Version: 10.0.22000.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 0/74
  • VirusTotal Link: https://www.virustotal.com/gui/file/a19399a741c02a775f58d83db883f0f064de998fc857e699c60177a820ca73dc/detection

Possible Misuse

The following table contains possible examples of rasdial.exe being misused. While rasdial.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma proc_creation_win_susp_rasdial_activity.yml title: Suspicious RASdial Activity DRL 1.0
sigma proc_creation_win_susp_rasdial_activity.yml description: Detects suspicious process related to rasdial.exe DRL 1.0
sigma proc_creation_win_susp_rasdial_activity.yml - rasdial.exe DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.