home

vpndownloader.exe

Cisco AnyConnect Secure Mobility Client

Cisco Systems, Inc.

This is installed with multiple programs including Cisco AnyConnect Network Access Manager and Cisco AnyConnect Secure Mobility Client. The file has been seen being downloaded from vpn1.bmmi.com.bh and multiple other hosts.
Publisher:
Cisco Systems, Inc.  (signed and verified)

Product:
Cisco AnyConnect Secure Mobility Client

Description:
Cisco AnyConnect Secure Mobility Client Downloader

Version:
3, 1, 02026

MD5:
71f6fb813fdbd50ba956c0ba0ea85064

SHA-1:
0746a2479b1dbac542f2a16ac01c319c383d9054

SHA-256:
63dbfa968334279c9a5f35eb47cb595b24585996ba47ee7a33eb997072bf489a

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/24/2024 6:46:36 PM UTC  (today)

File size:
859.1 KB (879,688 bytes)

Product version:
3, 1, 02026

Copyright:
© Copyright 2004-2012, Cisco Systems, Inc.

Trademarks:
You can request legal trademarks and credits at anyconnect-credits@cisco.com

Original file name:
vpndownloader.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\cisco\cisco anyconnect vpn client\vpndownloader.exe

Digital Signature
Signed by:
Cisco Systems, Inc.

Authority:
VeriSign, Inc.

Valid from:
2/7/2011 7:00:00 PM

Valid to:
2/7/2013 6:59:59 PM

Subject:
CN="Cisco Systems, Inc.", OU=Endpoint Security, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Cisco Systems, Inc.", L=Boxborough, S=Massachusetts, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
06DB161D57C91FB4A942678B9975D458

File PE Metadata
Compilation timestamp:
12/13/2012 8:40:44 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
12288:jBTusfstc1ahWGPLwaVaxGwUEkJgKzJOzUSuBnGZaV+krPkT7k6ts:13fsNXPLwaVa4wUbJgAzHhr+7k6ts

Entry address:
0x5E88D

Entry point:
E8, 43, 05, 00, 00, E9, 58, FD, FF, FF, CC, FF, 25, F4, D6, 46, 00, FF, 25, F8, D6, 46, 00, FF, 25, FC, D6, 46, 00, FF, 25, 00, D7, 46, 00, FF, 25, 04, D7, 46, 00, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 40, E5, 4B, 00, 89, 0D, 3C, E5, 4B, 00, 89, 15, 38, E5, 4B, 00, 89, 1D, 34, E5, 4B, 00, 89, 35, 30, E5, 4B, 00, 89, 3D, 2C, E5, 4B, 00, 66, 8C, 15, 58, E5, 4B, 00, 66, 8C, 0D, 4C, E5, 4B, 00, 66, 8C, 1D, 28, E5, 4B, 00, 66, 8C, 05, 24, E5, 4B, 00, 66, 8C, 25, 20, E5, 4B, 00, 66, 8C, 2D, 1C, E5, 4B...
 
[+]

Entropy:
6.5496

Code size:
431 KB (441,344 bytes)

The file vpndownloader.exe has been discovered within the following programs.

Cisco AnyConnect Network Access Manager  by Cisco Systems, Inc.
Publisher's description - “The Network Access Manager is client software that provides a secure Layer 2 network in accordance with policies set forth by the enterprise network administrators.”
www.cisco.com
7% remove it
Cisco AnyConnect Secure Mobility Client  by Cisco Systems, Inc.
Publisher's description - “Make the VPN experience easier and more secure with the enhanced remote access technology of Cisco AnyConnect Secure Mobility Client.”
7% remove it
Cisco AnyConnect VPN Client  by Cisco Systems, Inc.
Publisher's description - “The Cisco AnyConnect VPN Client provides remote users with secure VPN connections to the Cisco ASA 5500 Series Adaptive Security Appliance using the Secure Socket Layer (SSL) protocol and the Datagram TLS (DTLS) protocol.”
9% remove it
Cisco AnyConnect Web Security Module  by Cisco Systems, Inc.
Publisher's description - “You can deploy the Web Security module and benefit from the ScanSafe web scanning services without having to install an ASA and without enabling the VPN capabilities of the AnyConnect Secure Mobility Client.”
8% remove it
 
Powered by Should I Remove It?

The file vpndownloader.exe has been seen being distributed by the following 4 URLs.

https://vpn1.bmmi.com.bh/CACHE/stc/1/.../vpndownloader.exe

https://myoffice.eu.goodyear.com/CACHE/stc/1/.../vpndownloader.exe

https://sconnect7.nic.in/CACHE/stc/1/.../vpndownloader.exe

https://sconnect1.nic.in/CACHE/stc/1/.../vpndownloader.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.