home

vpndownloader.exe

Cisco AnyConnect Secure Mobility Client

Cisco Systems, Inc.

This is installed with multiple programs including Cisco AnyConnect Network Access Manager and Cisco AnyConnect Secure Mobility Client. The file has been seen being downloaded from southvpn.airtel.in and multiple other hosts.
Publisher:
Cisco Systems, Inc.  (signed and verified)

Product:
Cisco AnyConnect Secure Mobility Client

Description:
Cisco AnyConnect Secure Mobility Client Downloader

Version:
3, 1, 13015

MD5:
c8efbba4d410f4144a82bd239cd5a9d7

SHA-1:
9f777484c1973dbd663194a28ddf7487e3a32b2b

SHA-256:
da086df67ac67775dff1a331672fb265708d81090b4d755489cf3f0b63b4321a

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/25/2024 10:48:41 AM UTC  (today)

File size:
913.9 KB (935,824 bytes)

Product version:
3, 1, 13015

Copyright:
© Copyright 2004-2015, Cisco Systems, Inc.

Trademarks:
You can request legal trademarks and credits at anyconnect-credits@cisco.com

Original file name:
vpndownloader.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\vpndownloader.exe

Digital Signature
Signed by:
Cisco Systems, Inc.

Authority:
VeriSign, Inc.

Valid from:
4/7/2014 8:00:00 PM

Valid to:
6/6/2016 7:59:59 PM

Subject:
CN="Cisco Systems, Inc.", OU=Endpoint Security, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Cisco Systems, Inc.", L=San Jose, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
636C7543DDBDF969F473160F4B099B9E

File PE Metadata
Compilation timestamp:
12/23/2015 8:19:33 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
12288:STzNisQbfvRakrqEVWo+wQNOqOrEPBnD8XLwANhElEn:UMsQrMkGloVQNONrEVmUihYEn

Entry address:
0x66E2D

Entry point:
E8, 43, 05, 00, 00, E9, 58, FD, FF, FF, CC, FF, 25, 24, 67, 47, 00, FF, 25, 28, 67, 47, 00, FF, 25, 2C, 67, 47, 00, FF, 25, 30, 67, 47, 00, FF, 25, 34, 67, 47, 00, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 60, B6, 4C, 00, 89, 0D, 5C, B6, 4C, 00, 89, 15, 58, B6, 4C, 00, 89, 1D, 54, B6, 4C, 00, 89, 35, 50, B6, 4C, 00, 89, 3D, 4C, B6, 4C, 00, 66, 8C, 15, 78, B6, 4C, 00, 66, 8C, 0D, 6C, B6, 4C, 00, 66, 8C, 1D, 48, B6, 4C, 00, 66, 8C, 05, 44, B6, 4C, 00, 66, 8C, 25, 40, B6, 4C, 00, 66, 8C, 2D, 3C, B6, 4C...
 
[+]

Entropy:
6.5722

Code size:
467.5 KB (478,720 bytes)

The file vpndownloader.exe has been discovered within the following programs.

Cisco AnyConnect Network Access Manager  by Cisco Systems, Inc.
Publisher's description - “The Network Access Manager is client software that provides a secure Layer 2 network in accordance with policies set forth by the enterprise network administrators.”
www.cisco.com
7% remove it
Cisco AnyConnect Secure Mobility Client  by Cisco Systems, Inc.
Publisher's description - “Make the VPN experience easier and more secure with the enhanced remote access technology of Cisco AnyConnect Secure Mobility Client.”
7% remove it
 
Powered by Should I Remove It?

The file vpndownloader.exe has been seen being distributed by the following 4 URLs.

https://southvpn.airtel.in/CACHE/stc/1/.../vpndownloader.exe

https://northvpn.airtel.in/CACHE/stc/1/.../vpndownloader.exe

https://vpn.snaeurope.com/CACHE/stc/1/.../vpndownloader.exe

https://vpn.sibcem.ru/CACHE/stc/7/.../vpndownloader.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.