home

vpndownloader.exe

Cisco AnyConnect Secure Mobility Client

Cisco Systems, Inc.

This is installed with multiple programs including Cisco AnyConnect Web Security Module and Cisco AnyConnect Secure Mobility Client. The file has been seen being downloaded from corpnet.benjaminmoore.com and multiple other hosts.
Publisher:
Cisco Systems, Inc.  (signed and verified)

Product:
Cisco AnyConnect Secure Mobility Client

Description:
Cisco AnyConnect Secure Mobility Client Downloader

Version:
3, 1, 06079

MD5:
2c2386cb394a89697734c6515366e98a

SHA-1:
d76e248e058b675cf5119b14d94aae0a4e313fdd

SHA-256:
c181b633d95711de122d7d12af6706c9368f828445d7ea9f1de6793bfbb6fbab

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
5/16/2024 4:26:24 PM UTC  (today)

File size:
903.9 KB (925,584 bytes)

Product version:
3, 1, 06079

Copyright:
© Copyright 2004-2014, Cisco Systems, Inc.

Trademarks:
You can request legal trademarks and credits at anyconnect-credits@cisco.com

Original file name:
vpndownloader.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\cisco\cisco anyconnect secure mobility client\vpndownloader.exe

Digital Signature
Signed by:
Cisco Systems, Inc.

Authority:
VeriSign, Inc.

Valid from:
4/7/2014 6:00:00 PM

Valid to:
6/6/2016 5:59:59 PM

Subject:
CN="Cisco Systems, Inc.", OU=Endpoint Security, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Cisco Systems, Inc.", L=San Jose, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
636C7543DDBDF969F473160F4B099B9E

File PE Metadata
Compilation timestamp:
1/28/2015 1:01:01 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
12288:YX5czBqMNQMQPDHdL9L/TMEK/iOVT90x/urqYfnBnuHNibvQshGA:WpMNEDHdRBGV50x2rq084hGA

Entry address:
0x65D3D

Entry point:
E8, 43, 05, 00, 00, E9, 58, FD, FF, FF, CC, FF, 25, 34, 57, 47, 00, FF, 25, 38, 57, 47, 00, FF, 25, 3C, 57, 47, 00, FF, 25, 40, 57, 47, 00, FF, 25, 44, 57, 47, 00, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 50, 96, 4C, 00, 89, 0D, 4C, 96, 4C, 00, 89, 15, 48, 96, 4C, 00, 89, 1D, 44, 96, 4C, 00, 89, 35, 40, 96, 4C, 00, 89, 3D, 3C, 96, 4C, 00, 66, 8C, 15, 68, 96, 4C, 00, 66, 8C, 0D, 5C, 96, 4C, 00, 66, 8C, 1D, 38, 96, 4C, 00, 66, 8C, 05, 34, 96, 4C, 00, 66, 8C, 25, 30, 96, 4C, 00, 66, 8C, 2D, 2C, 96, 4C...
 
[+]

Entropy:
6.5666

Code size:
462.5 KB (473,600 bytes)

The file vpndownloader.exe has been discovered within the following programs.

Cisco AnyConnect Secure Mobility Client  by Cisco Systems, Inc.
Publisher's description - “Make the VPN experience easier and more secure with the enhanced remote access technology of Cisco AnyConnect Secure Mobility Client.”
www.cisco.com
7% remove it
Cisco AnyConnect Web Security Module  by Cisco Systems, Inc.
Publisher's description - “You can deploy the Web Security module and benefit from the ScanSafe web scanning services without having to install an ASA and without enabling the VPN capabilities of the AnyConnect Secure Mobility Client.”
8% remove it
 
Powered by Should I Remove It?

The file vpndownloader.exe has been seen being distributed by the following 3 URLs.

https://corpnet.benjaminmoore.com/CACHE/stc/1/.../vpndownloader.exe

https://vpn.inreachce.com/CACHE/stc/1/.../vpndownloader.exe

https://atl-vpn.bxgcorp.com/CACHE/stc/10/.../vpndownloader.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.