» vpnui.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (5)

vpnui.exe

Cisco AnyConnect Secure Mobility Client

Cisco Systems, Inc.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Cisco AnyConnect Secure Mobility Agent for Windows’. This is installed with multiple programs including Cisco AnyConnect Telemetry Module and Cisco AnyConnect Secure Mobility Client.

File name:

vpnui.exe

Publisher:

Cisco Systems, Inc. (signed and verified)

Product:

Cisco AnyConnect Secure Mobility Client

Description:

Cisco AnyConnect User Interface

Version:

3, 1, 03103

MD5:

8737a3d8a6e256fe4d2db180b0641e83

SHA-1:

f364bb88a49ae01c6c241c535f0e12dec0dd5beb

SHA-256:

03c89ad27aa47fa343e517016c11bb29d1c9a4d364940d0857a26f1e58acff37

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/23/2024 4:31:40 PM UTC (today)

File size:

687.4 KB (703,888 bytes)

Product version:

3, 1, 03103

Trademarks:

You can request legal trademarks and credits at anyconnect-credits@cisco.com

Original file name:

vpnui.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\cisco\cisco anyconnect secure mobility client\vpnui.exe

Digital Signature

Signed by:

Cisco Systems, Inc.

Authority:

VeriSign, Inc.

Valid from:

1/3/2013 5:30:00 AM

Valid to:

4/5/2015 5:29:59 AM

Subject:

CN="Cisco Systems, Inc.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Cisco Systems, Inc.", L=Boxborough, S=Massachusetts, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

5ECE4ABD054DB0EE1ACEF57C4D3F442C

File PE Metadata

Compilation timestamp:

3/26/2013 9:13:14 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

12288:C1i/5GDCiVKRKJV3qBp6NA+XFkq9q7wiWbk6G6+BfnE22:Ei/kDCiHJV8p6t1J9qEikk4+BfnE22

Entry address:

0x452E1

Entry point:

E8, 27, 13, 00, 00, E9, 58, FD, FF, FF, CC, 68, 45, 53, 44, 00, 64, FF, 35, 00, 00, 00, 00, 8B, 44, 24, 10, 89, 6C, 24, 10, 8D, 6C, 24, 10, 2B, E0, 53, 56, 57, A1, 24, 80, 48, 00, 31, 45, FC, 33, C5, 50, 89, 65, E8, FF, 75, F8, 8B, 45, FC, C7, 45, FC, FE, FF, FF, FF, 89, 45, F8, 8D, 45, F0, 64, A3, 00, 00, 00, 00, C3, 8B, 4D, F0, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, C3, 8B, FF, 55, 8B, EC, FF, 75, 14, FF, 75, 10, FF, 75, 0C, FF, 75, 08, 68, 30, 48, 44, 00, 68, 24, 80, 48, 00, E8... 
[+]

Entropy:

6.3765

Code size:

388.5 KB (397,824 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Cisco AnyConnect Secure Mobility Agent for Windows

Command:

"C:\Program Files\cisco\cisco anyconnect secure mobility client\vpnui.exe" -minimized

The file vpnui.exe has been discovered within the following programs.

Cisco AnyConnect Network Access Manager by Cisco Systems, Inc.

Publisher's description - “The Network Access Manager is client software that provides a secure Layer 2 network in accordance with policies set forth by the enterprise network administrators.”

www.cisco.com

7% remove it

Cisco AnyConnect Secure Mobility Client by Cisco Systems, Inc.

Publisher's description - “Make the VPN experience easier and more secure with the enhanced remote access technology of Cisco AnyConnect Secure Mobility Client.”

7% remove it

Cisco AnyConnect Telemetry Module by Cisco Systems, Inc.

Publisher's description - “The AnyConnect telemetry module for AnyConnect Secure Mobility Client sends information about the origin of malicious content to the web filtering infrastructure of the Cisco IronPort Web Security Appliance (WSA).”

9% remove it

Cisco AnyConnect Web Security Module by Cisco Systems, Inc.

Publisher's description - “You can deploy the Web Security module and benefit from the ScanSafe web scanning services without having to install an ASA and without enabling the VPN capabilities of the AnyConnect Secure Mobility Client.”

8% remove it

Cisco Unified Attendant Console Enterprise Edition by Cisco Systems, Inc.

9% remove it

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.