home

installanyconnect.exe

WebDownload Application

Stanford University

This is a self-extracting archive and installer. The file has been seen being downloaded from weblogin.stanford.edu and multiple other hosts.
Publisher:
Stanford University  (signed and verified)

Product:
WebDownload Application

Description:
Stanford University SelfExtracting Installer

Version:
2.0.4.0

MD5:
663210f0a43aa76c10aad3a248098089

SHA-1:
f91fb26d55680da78eed08f5cc0cb661959a352e

SHA-256:
401a6fefed4283cb9b927b88f7bf3a3da1793f6c52bc2af95fdd4b21cf8a9eaf

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
5/5/2024 7:34:39 AM UTC  (today)

File size:
8.4 MB (8,845,752 bytes)

Product version:
2.0.4.0

Copyright:
Copyright (C) 2007-2013 Stanford University

Original file name:
Susei.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\installanyconnect.exe

Digital Signature
Signed by:
Stanford University

Authority:
Internet2

Valid from:
3/22/2016 5:00:00 PM

Valid to:
3/23/2019 4:59:59 PM

Subject:
CN=Stanford University, O=Stanford University, STREET=450 Serra Mall, L=Stanford, S=CA, PostalCode=94305, C=US

Issuer:
CN=InCommon RSA Code Signing CA, OU=InCommon, O=Internet2, L=Ann Arbor, S=MI, C=US

Serial number:
00BC29E735BBCE75AF2312954883F53812

File PE Metadata
Compilation timestamp:
1/26/2016 12:24:51 PM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

CTPH (ssdeep):
196608:I5vf8i2NKmagtH73WvFN16bNWpMJ/xgkYKpciYmVQ8uajkDoI:+vUi2cma6gLQbnqkY8cifTGUI

Entry address:
0x178A0

Entry point:
E8, AC, 05, 00, 00, E9, 4E, FE, FF, FF, E9, 85, 8A, 00, 00, 55, 8B, EC, 83, 61, 04, 00, 83, 61, 08, 00, 8B, 45, 08, 89, 41, 04, 8B, C1, C7, 01, E0, 00, 46, 00, 5D, C2, 04, 00, 55, 8B, EC, 51, 56, FF, 75, 08, 8B, F1, 89, 75, FC, E8, 60, 00, 00, 00, C7, 06, E0, 00, 46, 00, 8B, C6, 5E, 8B, E5, 5D, C2, 04, 00, 83, 61, 04, 00, 8B, C1, 83, 61, 08, 00, C7, 41, 04, E8, 00, 46, 00, C7, 01, E0, 00, 46, 00, C3, 55, 8B, EC, 51, 56, FF, 75, 08, 8B, F1, 89, 75, FC, E8, 27, 00, 00, 00, C7, 06, FC, 00, 46, 00, 8B, C6, 5E...
 
[+]

Entropy:
7.9086  (probably packed)

Code size:
370.5 KB (379,392 bytes)

The file installanyconnect.exe has been seen being distributed by the following 2 URLs.

https://weblogin.stanford.edu/login

https://web.stanford.edu/dept/its/support/vpn/.../InstallAnyConnect.exe

Scan installanyconnect.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.