Analysis assistance requested

[SephStorm]

Hi all,

I am currently trying out Amahi Home server as a home server (obviously) included is a vpn server, and they suggest their own, easy to use client software for windows.

download HERE: http://dl.amahi.org/HDAConnect3.exe

Now, when I downloaded the software I scanned it with MSE (clean) and submitted it to Virus total. The file had last been submitted in 2010 with 2 alerts. I reanalyzed the file and the report came back clean 100%. On a whim, i threw the MD5 into google and received one result

http://xml.ssdsandbox.net/index.php/4a7fbb2eee1efb0cad809bb78f1180ca

It looks like an analysis of the file with a different exe name. IAC, the review  indicated what to my untrained eyes appears to be suspicious and concerning.

http://xml.ssdsandbox.net/index.php/files424 shows trojan files I suppose in the exe. In addition the exe appears to add some flags to itself, "Security anonymous" I havent looked this up yet but it seems suspicious. I was wondering if anyone wanted to take a look before I present this to the Amahi community.

In the meantime, i'll likely look elsewhere for a free vpn client.

[ajohnson]

It's probably a false positive. From what I've seen, it's relatively common to see remote access software identified as generic trojans. Also, someone could have repackaged it with malware and gotten it associated with something malicious at some point. I'm not familiar with the company, but if the vendor's reputable, it's probably a false positive.

Also, SECURITY_ANONYMOUS appears to be preferred since it doesn't attempt to impersonate anything and uses the anonymous impersonation level:
http://msdn.microsoft.com/en-us/library/windows/desktop/aa363858%28v=vs.85%29.aspx

http://msdn.microsoft.com/en-us/library/windows/desktop/aa378832%28v=vs.85%29.aspx

[3xban]

Check out OpenVPN, if all you need is a single VPN license, this works well and supports multiple platforms.  For Mac you need TunnelBlick.  The server end comes as pre-packed ISO for VM installation or CD/DVD install.  I think they may have instructions on installing it to a current system.

[SephStorm]

The server includes OpenVPN, but i need a client to connect with. Thanks dynamik, Those are possibilities I considered, i'll wait a few days, see if anyone is interested.

[3xban]

Ah, I am using Tunnelblick on my Mac, works pretty well.  I think the Windows and linux clients you can download directly from the OpenVPN Server site on the box.  I think you can see it if you visit the 443 site on your server.  Or whatever https port you are using.  OpenVPN has two service ports it uses, the https and the management port.