home

vpndownloader.exe

Cisco AnyConnect Secure Mobility Client

Cisco Systems, Inc.

This is installed with multiple programs including Cisco AnyConnect Network Access Manager and Cisco AnyConnect Secure Mobility Client. The file has been seen being downloaded from vpn.hysing.is and multiple other hosts.
Publisher:
Cisco Systems, Inc.  (signed and verified)

Product:
Cisco AnyConnect Secure Mobility Client

Description:
Cisco AnyConnect Secure Mobility Client Downloader

Version:
3, 1, 14018

MD5:
ee6a8b692b4c5c9f1ca4e7ddc29ae575

SHA-1:
e52cae113e71f99c6d501ebe688ae0a346eac119

SHA-256:
34d3542027e3ef84d61da7da0614321e6c3d93b0fafdc4aaa5ea426416ef2364

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/23/2024 7:23:40 PM UTC  (today)

File size:
920.5 KB (942,592 bytes)

Product version:
3, 1, 14018

Copyright:
© Copyright 2004-2016, Cisco Systems, Inc.

Trademarks:
You can request legal trademarks and credits at anyconnect-credits@cisco.com

Original file name:
vpndownloader.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\vpndownloader.exe

Digital Signature
Signed by:
Cisco Systems, Inc.

Authority:
Symantec Corporation

Valid from:
2/17/2016 2:00:00 AM

Valid to:
6/7/2016 1:59:59 AM

Subject:
CN="Cisco Systems, Inc.", OU=Endpoint Security, O="Cisco Systems, Inc.", L=San Jose, S=California, C=US

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
6EF03BA4D6D4EE8E886A4B8C07C99DEC

File PE Metadata
Compilation timestamp:
2/29/2016 12:08:48 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
12288:WXcMrE3zlaGTBHb46cDvScYdFeguKu4DBnDSB1RK/h6j:MXE3zlaGFHb10q17Fh4w/h6j

Entry address:
0x66DBD

Entry point:
E8, 43, 05, 00, 00, E9, 58, FD, FF, FF, CC, FF, 25, 18, 67, 47, 00, FF, 25, 1C, 67, 47, 00, FF, 25, 20, 67, 47, 00, FF, 25, 24, 67, 47, 00, FF, 25, 28, 67, 47, 00, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 60, B6, 4C, 00, 89, 0D, 5C, B6, 4C, 00, 89, 15, 58, B6, 4C, 00, 89, 1D, 54, B6, 4C, 00, 89, 35, 50, B6, 4C, 00, 89, 3D, 4C, B6, 4C, 00, 66, 8C, 15, 78, B6, 4C, 00, 66, 8C, 0D, 6C, B6, 4C, 00, 66, 8C, 1D, 48, B6, 4C, 00, 66, 8C, 05, 44, B6, 4C, 00, 66, 8C, 25, 40, B6, 4C, 00, 66, 8C, 2D, 3C, B6, 4C...
 
[+]

Entropy:
6.5859

Code size:
467.5 KB (478,720 bytes)

The file vpndownloader.exe has been discovered within the following programs.

Cisco AnyConnect Network Access Manager  by Cisco Systems, Inc.
Publisher's description - “The Network Access Manager is client software that provides a secure Layer 2 network in accordance with policies set forth by the enterprise network administrators.”
www.cisco.com
7% remove it
Cisco AnyConnect Secure Mobility Client  by Cisco Systems, Inc.
Publisher's description - “Make the VPN experience easier and more secure with the enhanced remote access technology of Cisco AnyConnect Secure Mobility Client.”
7% remove it
 
Powered by Should I Remove It?

The file vpndownloader.exe has been seen being distributed by the following 4 URLs.

https://vpn.hysing.is/CACHE/stc/1/.../vpndownloader.exe

https://oe-asa2.oschatz-oe.net/CACHE/stc/1/.../vpndownloader.exe

https://remote.au.dk/CACHE/stc/1/.../vpndownloader.exe

https://kl-vpn.wdc.com/CACHE/stc/1/.../vpndownloader.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.