» acsock64.sys
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

acsock64.sys

Cisco AnyConnect Secure Mobility Client

Cisco Systems, Inc.

It runs as a Windows 64-bit kernel mode device driver named “acsock”. This is installed with Cisco AnyConnect Secure Mobility Client.

File name:

acsock64.sys

Publisher:

Cisco Systems, Inc. (signed and verified)

Product:

Cisco AnyConnect Secure Mobility Client

Description:

Cisco AnyConnect Kernel Driver Framework Socket Layer Interceptor

Version:

4, 3, 02025

MD5:

b598e1d166e92198948ba07888e196f6

SHA-1:

087f8f6f0423cc7cc285b1527d117a6ff6f1f58c

SHA-256:

df8764f444020c271d00bcc36d7530cddf1394035cabe7444625b75fbef4d624

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

5/5/2024 6:12:56 PM UTC (today)

File size:

232.8 KB (238,344 bytes)

Product version:

4, 3, 02025

Trademarks:

You can request legal trademarks and credits at anyconnect-credits@cisco.com

Original file name:

acsock64.sys

File type:

Driver (Win64 SYS)

Language:

English (United States)

Common path:

C:\Windows\System32\drivers\acsock64.sys

Digital Signature

Signed by:

Cisco Systems, Inc.

Authority:

VeriSign, Inc.

Valid from:

3/23/2015 7:00:00 PM

Valid to:

5/22/2017 6:59:59 PM

Subject:

CN="Cisco Systems, Inc.", O="Cisco Systems, Inc.", L=Boxborough, S=Massachusetts, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

64813F6B7BDE8BA2ED1B9263A6DAB71A

File PE Metadata

Compilation timestamp:

7/27/2016 5:28:54 AM

OS version:

10.0

OS bitness:

Win64

Subsystem:

Native (none required)

Linker version:

14.0

CTPH (ssdeep):

6144:sYyabsejhO6GmbSXhEkhg76M9o29IgINV+f3mBjZGK:skZzuxEkhg76M9o29UNV++Bv

Entry address:

0x1184

Entry point:

48, 89, 5C, 24, 08, 57, 48, 83, EC, 20, 48, 8B, DA, 48, 8B, F9, E8, 67, 8E, 03, 00, 48, 8B, D3, 48, 8B, CF, 48, 8B, 5C, 24, 30, 48, 83, C4, 20, 5F, E9, B2, FE, FF, FF, CC, CC, 48, 89, 5C, 24, 08, 57, 48, 83, EC, 20, 48, 8B, 05, 07, D7, 02, 00, 48, 8B, F9, 48, 8D, 0D, E5, D6, 02, 00, 48, 8D, 1D, EE, D6, 02, 00, 48, 3B, C1, 74, 45, 48, 3B, D8, 77, 40, 48, 8B, 43, 40, 48, 85, C0, 74, 18, 4C, 8B, 05, 0C, E8, 02, 00, 48, 8D, 0D, C7, F3, 01, 00, 4C, 8B, CB, 48, 8B, D7, FF, D0, EB, 12, 48, 8B, 15, F4, E7, 02, 00... 
[+]

Entropy:

6.6868

Code size:

177 KB (181,248 bytes)

Driver

Display name:

acsock

Description:

Cisco AnyConnect Kernel Driver Framework Socket Layer Interceptor

Type:

Kernel device driver (KernelDriver)

The file acsock64.sys has been discovered within the following program.

Cisco AnyConnect Secure Mobility Client by Cisco Systems, Inc.

Publisher's description - “Make the VPN experience easier and more secure with the enhanced remote access technology of Cisco AnyConnect Secure Mobility Client.”

www.cisco.com

7% remove it

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.