home

acsock64.sys

Cisco AnyConnect Secure Mobility Client

Cisco Systems, Inc.

It runs as a Windows 64-bit kernel mode device driver named “acsock”. This is installed with multiple programs including Cisco AnyConnect ISE Posture Module and Cisco AnyConnect Secure Mobility Client.
Publisher:
Cisco Systems, Inc.  (signed and verified)

Product:
Cisco AnyConnect Secure Mobility Client

Description:
Cisco AnyConnect Kernel Driver Framework Socket Layer Interceptor

Version:
4, 2, 03009

MD5:
2d294602eae4abedc31efe88ed58cc7e

SHA-1:
f994f2401a1f7c34fe523a5a7095da379a531d52

SHA-256:
d8882952067ae23b08bede13650205bdda6f4bca9d1d9770640f702110f9aec6

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
5/5/2024 6:48:00 PM UTC  (today)

File size:
206.8 KB (211,808 bytes)

Product version:
4, 2, 03009

Copyright:
© Copyright 2004-2016, Cisco Systems, Inc.

Trademarks:
You can request legal trademarks and credits at anyconnect-credits@cisco.com

Original file name:
acsock64.sys

File type:
Driver (Win64 SYS)

Language:
English (United States)

Common path:
C:\Windows\System32\drivers\acsock64.sys

Digital Signature
Signed by:
Cisco Systems, Inc.

Authority:
VeriSign, Inc.

Valid from:
3/24/2015 2:00:00 AM

Valid to:
5/23/2017 2:59:59 AM

Subject:
CN="Cisco Systems, Inc.", O="Cisco Systems, Inc.", L=Boxborough, S=Massachusetts, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
64813F6B7BDE8BA2ED1B9263A6DAB71A

File PE Metadata
Compilation timestamp:
3/22/2016 5:15:53 PM

OS version:
6.1

OS bitness:
Win64

Subsystem:
Native (none required)

Linker version:
9.0

CTPH (ssdeep):
6144:1WZLdK3djkhnlIBDE+4VUEX60Hp8vvwZY72OQrThM8:YZLdKtjkhnlUE+yL6pvvwZY72fhZ

Entry address:
0x32064

Entry point:
48, 83, EC, 28, 4C, 8B, C2, 4C, 8B, C9, E8, 95, FF, FF, FF, 49, 8B, D0, 49, 8B, C9, 48, 83, C4, 28, E9, EA, EF, FC, FF, CC, CC, C0, 22, 03, 00, 00, 00, 00, 00, 00, 00, 00, 00, CC, 25, 03, 00, C0, 01, 02, 00, 00, 21, 03, 00, 00, 00, 00, 00, 00, 00, 00, 00, 30, 26, 03, 00, 00, 00, 02, 00, A0, 21, 03, 00, 00, 00, 00, 00, 00, 00, 00, 00, F0, 27, 03, 00, A0, 00, 02, 00, A8, 22, 03, 00, 00, 00, 00, 00, 00, 00, 00, 00, 14, 2F, 03, 00, A8, 01, 02, 00, 78, 21, 03, 00, 00, 00, 00, 00, 00, 00, 00, 00, A8, 31, 03, 00...
 
[+]

Entropy:
6.5975

Code size:
132.5 KB (135,680 bytes)

Driver
Display name:
acsock

Description:
Cisco AnyConnect Kernel Driver Framework Socket Layer Interceptor

Type:
Kernel device driver (KernelDriver)


The file acsock64.sys has been discovered within the following programs.

Cisco AnyConnect ISE Posture Module  by Cisco Systems, Inc.
www.cisco.com
10% remove it
Cisco AnyConnect Network Access Manager  by Cisco Systems, Inc.
Publisher's description - “The Network Access Manager is client software that provides a secure Layer 2 network in accordance with policies set forth by the enterprise network administrators.”
7% remove it
Cisco AnyConnect Secure Mobility Client  by Cisco Systems, Inc.
Publisher's description - “Make the VPN experience easier and more secure with the enhanced remote access technology of Cisco AnyConnect Secure Mobility Client.”
7% remove it
Cisco AnyConnect Web Security Module  by Cisco Systems, Inc.
Publisher's description - “You can deploy the Web Security module and benefit from the ScanSafe web scanning services without having to install an ASA and without enabling the VPN capabilities of the AnyConnect Secure Mobility Client.”
8% remove it
 
Powered by Should I Remove It?

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.