ssh-add.exe

File Path: C:\Windows\system32\OpenSSH\ssh-add.exe

Hashes

Type	Hash
MD5	`C808CB063C0B78E92FF7F5A85905218D`
SHA1	`911C6AFE8802F33076A551AD3E6DADEE0E2CCC5C`
SHA256	`7E5D13C4B13BE142DA676FA5F533AA92D12F7C66AC04EC26066C271326B789E7`
SHA384	`04BE6FBE1AE4FB5F571C9963D032995D7DD74454672D6C3A07EEF11A836FA07831A779F5B22BD7B2C3CA10D5B17F353B`
SHA512	`3F7108CA89A7F57FE997F0440F885E5A88B33A2FC87919908E7977E34F179D1C82525EA922504457E1FE560D688270EE8D78E3798E42D84DEEB3646ACBC6B466`
SSDEEP	`6144:4NWN/DJLikLPPD4mv/uws3RrDDdgi2yZ8jiRPgaDb2O7fcCnDtS9LU9qDCLlC4F:4NWNrJPLMQ/uwypei2alOU9uCLlCq`
IMP	`5CE85084191BE301FA076E5F6FC85F6B`
PESHA1	`B7595AA848AE9294EE43BC1EE822BFA8418E539A`
PE256	`A7A76AB098186CDCDA291150D9347A055F2AF14270CAC3A2EB71E31560D758F7`

Runtime Data

Usage (stderr):

Error connecting to agent: No such file or directory

Loaded Modules:

Path
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\system32\OpenSSH\ssh-add.exe

Signature

Status: Signature verified.
Serial: 3300000266BD1580EFA75CD6D3000000000266
Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

Original Filename:
Product Name: OpenSSH for Windows
Company Name:
File Version: 7.7.2.1
Product Version: OpenSSH_7.7p1 for Windows
Language: English (United States)
Legal Copyright:
Machine Type: 64-bit

File Scan

VirusTotal Detections: 0/74
VirusTotal Link: https://www.virustotal.com/gui/file/7e5d13c4b13be142da676fa5f533aa92d12f7c66ac04ec26066c271326b789e7/detection

File Similarity (ssdeep match)

File	Score
C:\Users\user\AppData\Local\GitHubDesktop\app-2.5.3\resources\app\git\usr\bin\ssh-add.exe	33
C:\Users\user\AppData\Local\GitHubDesktop\app-2.5.3\resources\app\git\usr\bin\ssh-agent.exe	32
C:\Users\user\AppData\Local\GitHubDesktop\app-2.5.4\resources\app\git\usr\bin\ssh-add.exe	32
C:\Users\user\AppData\Local\GitHubDesktop\app-2.5.4\resources\app\git\usr\bin\ssh-agent.exe	29
C:\Windows\system32\OpenSSH\ssh-add.exe	30
C:\WINDOWS\system32\OpenSSH\ssh-add.exe	30
C:\Windows\system32\OpenSSH\ssh-agent.exe	33
C:\Windows\system32\OpenSSH\ssh-agent.exe	36
C:\WINDOWS\system32\OpenSSH\ssh-agent.exe	33
C:\Windows\system32\OpenSSH\ssh-keygen.exe	21
C:\Windows\system32\OpenSSH\ssh-keyscan.exe	36
C:\WINDOWS\system32\OpenSSH\ssh-keyscan.exe	30
C:\Windows\system32\OpenSSH\ssh-keyscan.exe	30

Possible Misuse

The following table contains possible examples of ssh-add.exe being misused. While ssh-add.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source	Source File	Example	License
malware-ioc	sshdoor	`\\|`d1d7bc9ed506b364f7713e19a35692bad50c3304 `\\|ssh-add \\|"/usr/share/man/man0/.cache" \\|176.9.47.34:28739 \\|N/A`	© ESET 2014-2018
malware-ioc	sshdoor.yar	`description = "Signature to match the clean (or not) OpenSSH add (ssh-add)"`	© ESET 2014-2018
malware-ioc	windigo	`Trojanized` sshd`,` ssh`,` ssh-add `and the target of the` libkeyutils.so.1``{:.highlight .language-cmhg}	© ESET 2014-2018
malware-ioc	windigo	`*` 575bb6e681b5f1e1b774fee0fa5c4fe538308814 `- Linux/Ebury - Version 0.8.0 - ssh-add`	© ESET 2014-2018