home

VpnConf.exe

CyberoamVPNClient

TheGreenBow

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘TgbVpn’. This is installed with CyberoamVPNClient.
Publisher:
Cyberoam  (signed by TheGreenBow)

Product:
CyberoamVPNClient

Version:
5.02

MD5:
ba490d0094983ebd4ea878f5377ff71a

SHA-1:
9bf0623a8421b728ea9df3a4dc02b5766b5612bb

SHA-256:
a0715e96e9311fec42dac82f9c95facd522096e0768997059d98fc13d858e239

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/25/2024 10:55:52 PM UTC  (today)

File size:
510.1 KB (522,296 bytes)

Product version:
5.02

Copyright:
© Cyberoam 2011. All rights reserved.

Original file name:
VpnConf.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\cyberoam\cyberoam vpn\vpnconf.exe

Digital Signature
Signed by:
TheGreenBow

Authority:
VeriSign, Inc.

Valid from:
9/1/2010 4:00:00 AM

Valid to:
9/1/2011 3:59:59 AM

Subject:
CN=TheGreenBow, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=TheGreenBow, L=Paris, S=Paris, C=FR

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
308EC2493F569511F3A44763677F86F9

File PE Metadata
Compilation timestamp:
4/27/2011 7:10:39 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
12288:56WFYLLYS10ERWtaKgk7w8F9mp8reYsYQgdb5WSYOJCU:56WrS10EjKg58S8ybARYjU

Entry address:
0x18BD00

Entry point:
60, BE, 00, A0, 51, 00, 8D, BE, 00, 70, EE, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89...
 
[+]

Entropy:
7.7947

Packer / compiler:
UPX 2.90LZMA

Code size:
456 KB (466,944 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
TgbVpn

Command:
"C:\Program Files\cyberoam\cyberoam vpn\vpnconf.exe"


The file VpnConf.exe has been discovered within the following program.

CyberoamVPNClient  by Cyberoam
www.Cyberoam.com
About 1% of users remove it
 
Powered by Should I Remove It?

Scan VpnConf.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.