» cisco_tudelft_vpn_client_vista.exe
Overview
Analysis
File Details
Downloads (9)

cisco_tudelft_vpn_client_vista.exe

The program is a setup application that uses the WinZip SFX installer. The file has been seen being downloaded from pfx.megafinance.co.id and multiple other hosts.

File name:

MD5:

8aa41cb3c69bcc72e4a879f4661d0d2f

SHA-1:

3143a6a207001a3628d6b0c20391ca365320e162

SHA-256:

c9dab308d84fa203344024a579bb9f5140ce81acd1a82047ad99693f9ad2934a

Scanner detections:

1 / 68

Status:

Clean (1 probable false positive detection)

Explanation:

This is mosty likely a false positive detection, the file is probably clean.

Analysis date:

4/20/2024 1:49:21 AM UTC (today)

Scan engine

Detection

Engine version

Vba32 AntiVirus

suspected of ZIP.MailBomb

3.12.26.3

File size:

10.2 MB (10,705,408 bytes)

File type:

Executable application (Win32 EXE)

Installer:

WinZip SFX

Common path:

C:\users\{user}\downloads\cisco_tudelft_vpn_client_vista.exe

File PE Metadata

Compilation timestamp:

1/9/2001 3:08:41 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

5.10

CTPH (ssdeep):

196608:sOPDhwotQBjOuQHcX3tr21uDwZpZvTbF5AZ9VIwFN3y9yJoXYgR:ThDiFVQ+3tr21ugbmPIwFdyyo

Entry address:

0x39D8

Entry point:

53, FF, 15, 50, 60, 40, 00, B3, 22, 38, 18, 74, 03, 80, C3, FE, 8A, 48, 01, 40, 33, D2, 3A, CA, 74, 0A, 3A, CB, 74, 06, 8A, 48, 01, 40, EB, F2, 38, 10, 74, 01, 40, 52, 50, 52, 52, FF, 15, 54, 60, 40, 00, 50, E8, 07, F8, FF, FF, 50, FF, 15, 58, 60, 40, 00, 5B, C3, 8B, 44, 24, 04, 8B, 40, 3C, 05, F8, 00, 00, 00, C3, 55, 8B, EC, 51, A1, 28, 84, 40, 00, 83, 0D, A0, 82, 40, 00, FF, 56, 33, F6, 39, 35, F8, 7D, 40, 00, 89, 35, D4, 83, 40, 00, 89, 35, 24, 84, 40, 00, A3, C4, 86, 40, 00, 75, 05, E8, 67, D8, FF, FF... 
[+]

Packer / compiler:

WinZip, 0x32-bit SFX v8.x module

Code size:

18.5 KB (18,944 bytes)

The file cisco_tudelft_vpn_client_vista.exe has been seen being distributed by the following 9 URLs.

http://pfx.megafinance.co.id/crossover.php?SID=788h86l76e3itmhgc5amphrvj4&submit=DOWNLOAD&FILE=setup.exe

https://doc-14-00-docs.googleusercontent.com/docs/securesc/srfk2btjmkmppkmm0mpsvkq8fu70938r/aous8s8os7h8d483k1jlihi2coat7557/1483552800000/07932660180607680189/.../0B-wv_PV2wnRFaGJUVXl6Q1l1Vjg?e=download

https://noc.teikav.edu.gr/.../vpnclient-win-msi-5.0.02.0090-k9.exe

ftp://ftp.cicese.mx/pub/dirTel/redes/.../VPN-winXP-win7.exe

https://doc-10-6g-docs.googleusercontent.com/docs/securesc/ib5pivqfuq54ust80ku2bsc4dn3p8j63/5ha0lfp28kq26ge36rq3930ca0f28c4j/1471363200000/04352101853950731214/.../0B9F9jNQtw_EneDN4UGxVZW54VlU?e=download&h=03709209349734661791&nonce=o9tjrl16865qk&user=15371299496998265008&hash=0q4a6g2anvod4ug23s7cpqj25ua75nne

ftp://intranet.lux.co.id/.../vpnclient-win-msi-5.0.02.0090-k9.exe

http://owldemo.routevision.cl/.../CiscoVPN.exe

https://www.upv.es/contenidos/miw/infoweb/infoacceso/.../CiscoVPN.exe

https://intranet.tudelft.nl/fileadmin/UD/MenC/Support/Internet/TU_Website/TU_Delft_Medewerkers/Services/Netwerk/Remote_Access/VPN/Download_software/.../Cisco_TUDelft_VPN_client_vista.exe

Scan cisco_tudelft_vpn_client_vista.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.