cliconfg.exe

  • File Path: C:\WINDOWS\SysWOW64\cliconfg.exe
  • Description: SQL Client Configuration Utility EXE

Screenshot

cliconfg.exe

Hashes

Type Hash
MD5 36E2CB28B685271CBCE42DB1B802B671
SHA1 FF192C87B83DB0B12CFB2EBA1526F4B26D14FCC7
SHA256 7ABBCB77289D26313E3049ED5A974F91A449119239EA9F359DDE256AE91EFB30
SHA384 A047BB5F5FEC9BBA6BEA87FE12059D0DE39C713E78CF5ABDABC947C366AFA7A744DAA4B49060BC3C62AE6030D1DA9667
SHA512 ED1EC961E6593C5CD6E96FA8208A7A5383AEC00F78E4A7CEDD15C3AB41601220C0F0DB9324CDC7E7973443A95B7D15B19B39ACC6EE29204EB26A41B1BEC230EC
SSDEEP 384:KpyQJm86TobkHyJWrwWAPXuNvBQAMYJQ2JQSkdowyoZcT:KjMHySuuI30lJBkvT
IMP 0BDCEE28946450C424EEAF4F97F264EE
PESHA1 40C238ACF8084621E9DBAAC727F27DD9CF8511F5
PE256 EB95CC927F6B940F9761715E16F7E99604E1FC1664AA8E8B927A192B1259D9B9

Runtime Data

Window Title:

SQL Server Client Network Utility

Open Handles:

Path Type
(R-D) C:\Windows\Fonts\StaticCache.dat File
(R-D) C:\Windows\System32\en-US\cliconfg.rll.mui File
(R-D) C:\Windows\WinSxS\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.22000.1_en-us_84d30f69ab4f7611\comctl32.dll.mui File
(RW-) C:\Windows File
(RW-) C:\Windows\SysWOW64 File
(RW-) C:\Windows\WinSxS\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.22000.1_en-us_84d30f69ab4f7611 File
(RW-) C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.22000.1_none_6ec7c6847ea94424 File
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000001.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro Section
\Sessions\2\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 Section
\Sessions\2\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 Section
\Sessions\2\Windows\Theme1077709572 Section
\Windows\Theme3461253685 Section

Loaded Modules:

Path
C:\WINDOWS\SYSTEM32\ntdll.dll
C:\WINDOWS\System32\wow64.dll
C:\WINDOWS\System32\wow64base.dll
C:\WINDOWS\System32\wow64con.dll
C:\WINDOWS\System32\wow64cpu.dll
C:\WINDOWS\System32\wow64win.dll
C:\WINDOWS\SysWOW64\cliconfg.exe

Signature

  • Status: Signature verified.
  • Serial: 33000002ED2C45E4C145CF48440000000002ED
  • Thumbprint: 312860D2047EB81F8F58C29FF19ECDB4C634CF6A
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: cliconfg.exe
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.22000.1 (WinBuild.160101.0800)
  • Product Version: 10.0.22000.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 0/73
  • VirusTotal Link: https://www.virustotal.com/gui/file/7abbcb77289d26313e3049ed5a974f91a449119239ea9f359dde256ae91efb30/detection

File Similarity (ssdeep match)

File Score
C:\windows\system32\cliconfg.exe 61
C:\WINDOWS\system32\cliconfg.exe 61
C:\Windows\system32\cliconfg.exe 65
C:\WINDOWS\system32\cliconfg.exe 61
C:\Windows\system32\cliconfg.exe 63
C:\Windows\system32\cliconfg.exe 63
C:\WINDOWS\SysWOW64\cliconfg.exe 65
C:\Windows\SysWOW64\cliconfg.exe 68
C:\Windows\SysWOW64\cliconfg.exe 66
C:\Windows\SysWOW64\cliconfg.exe 61
C:\windows\SysWOW64\cliconfg.exe 65

Possible Misuse

The following table contains possible examples of cliconfg.exe being misused. While cliconfg.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
signature-base apt_op_honeybee.yar $x2 = “del /f /q %TEMP%\setup.cab && cliconfg.exe” CC BY-NC 4.0
signature-base apt_op_honeybee.yar $x1 = “cmd /c taskkill /im cliconfg.exe /f /t && del /f /q” fullword ascii CC BY-NC 4.0

MIT License. Copyright (c) 2020-2021 Strontic.