home

acsock64.sys

Cisco AnyConnect Secure Mobility Client

Cisco Systems, Inc.

It runs as a Windows 64-bit kernel mode device driver named “acsock”. This is installed with multiple programs including Cisco AnyConnect Web Security Module and Cisco AnyConnect Secure Mobility Client.
Publisher:
Cisco Systems, Inc.  (signed and verified)

Product:
Cisco AnyConnect Secure Mobility Client

Description:
Cisco AnyConnect Kernel Driver Framework Socket Layer Interceptor

Version:
4, 3, 03077

MD5:
8a4ce981d7a266239b057745a99f9026

SHA-1:
fba95e2cd8ca65038efe1591fa862db79d9cc0de

SHA-256:
e95b6848c7d7058ba6ef7349210e820a4faa74bf6217276827bcb237c6b0215d

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
5/5/2024 4:11:29 PM UTC  (today)

File size:
232.8 KB (238,344 bytes)

Product version:
4, 3, 03077

Copyright:
© Copyright 2004-2016, Cisco Systems, Inc.

Trademarks:
You can request legal trademarks and credits at anyconnect-credits@cisco.com

Original file name:
acsock64.sys

File type:
Driver (Win64 SYS)

Language:
English (United States)

Common path:
C:\Windows\System32\drivers\acsock64.sys

Digital Signature
Signed by:
Cisco Systems, Inc.

Authority:
VeriSign, Inc.

Valid from:
3/24/2015 1:00:00 AM

Valid to:
5/23/2017 1:59:59 AM

Subject:
CN="Cisco Systems, Inc.", O="Cisco Systems, Inc.", L=Boxborough, S=Massachusetts, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
64813F6B7BDE8BA2ED1B9263A6DAB71A

File PE Metadata
Compilation timestamp:
9/23/2016 4:19:16 PM

OS version:
10.0

OS bitness:
Win64

Subsystem:
Native (none required)

Linker version:
14.0

CTPH (ssdeep):
6144:DlCXKvKH4QOXm4Yp6M9oGeVdxMwtCM6yMI:DkHS1Yp6M9oGejxMwF6y5

Entry address:
0x1184

Entry point:
48, 89, 5C, 24, 08, 57, 48, 83, EC, 20, 48, 8B, DA, 48, 8B, F9, E8, 67, 8E, 03, 00, 48, 8B, D3, 48, 8B, CF, 48, 8B, 5C, 24, 30, 48, 83, C4, 20, 5F, E9, B2, FE, FF, FF, CC, CC, 48, 89, 5C, 24, 08, 57, 48, 83, EC, 20, 48, 8B, 05, 07, D7, 02, 00, 48, 8B, F9, 48, 8D, 0D, E5, D6, 02, 00, 48, 8D, 1D, EE, D6, 02, 00, 48, 3B, C1, 74, 45, 48, 3B, D8, 77, 40, 48, 8B, 43, 40, 48, 85, C0, 74, 18, 4C, 8B, 05, FC, E7, 02, 00, 48, 8D, 0D, A7, F1, 01, 00, 4C, 8B, CB, 48, 8B, D7, FF, D0, EB, 12, 48, 8B, 15, E4, E7, 02, 00...
 
[+]

Code size:
176.5 KB (180,736 bytes)

Driver
Display name:
acsock

Description:
Cisco AnyConnect Kernel Driver Framework Socket Layer Interceptor

Type:
Kernel device driver (KernelDriver)


The file acsock64.sys has been discovered within the following programs.

Cisco AnyConnect ISE Posture Module  by Cisco Systems, Inc.
www.cisco.com
10% remove it
Cisco AnyConnect Network Access Manager  by Cisco Systems, Inc.
Publisher's description - “The Network Access Manager is client software that provides a secure Layer 2 network in accordance with policies set forth by the enterprise network administrators.”
7% remove it
Cisco AnyConnect Secure Mobility Client  by Cisco Systems, Inc.
Publisher's description - “Make the VPN experience easier and more secure with the enhanced remote access technology of Cisco AnyConnect Secure Mobility Client.”
7% remove it
Cisco AnyConnect Web Security Module  by Cisco Systems, Inc.
Publisher's description - “You can deploy the Web Security module and benefit from the ScanSafe web scanning services without having to install an ASA and without enabling the VPN capabilities of the AnyConnect Secure Mobility Client.”
8% remove it
 
Powered by Should I Remove It?

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.