cliconfg.exe

  • File Path: C:\Windows\SysWOW64\cliconfg.exe
  • Description: SQL Client Configuration Utility EXE

Screenshot

cliconfg.exe

Hashes

Type Hash
MD5 5924FC77AC5B646CCF8CEF54DBED2D69
SHA1 75CC23EB3792D843D6E42614F2754DE9FB72F284
SHA256 656671D3874B77AABDFB3D1CC3B32703DA33DBE9E7711D645C4CC9C46E03C5D6
SHA384 0786BCC369D42FACA16682A16984F7DD987A1DC9FF48AE6FBC60239D675759B0F58F98E9E882A2911E843050D07C8653
SHA512 8A2E49BA0BA55DDB5D338C85C3B3AEF3FFCD52E03787B57FAF3429C24D55F87A912CA53418799EC8B7E88D92674CFA602348529BA682372200FFF090034AC751
SSDEEP 384:9GwGobCwk/63JWPwWsPXuNvBQAMYJQ2JQSkdowyohy:9ir63OKuI30lJBkvTh
IMP 0BDCEE28946450C424EEAF4F97F264EE
PESHA1 CA67D42E5003E1C352DBBA447EF7F17768434A2A
PE256 2764807431D45E3696EF766FFFCA2CBA2105653FD5431E22E1C3356AE2359318

Runtime Data

Window Title:

SQL Server Client Network Utility

Open Handles:

Path Type
(R-D) C:\Windows\Fonts\StaticCache.dat File
(R-D) C:\Windows\System32\en-US\cliconfg.rll.mui File
(R-D) C:\Windows\WinSxS\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.17763.1518_en-us_cac17eb89b198e19\comctl32.dll.mui File
(RW-) C:\Users\user File
(RW-) C:\Windows File
(RW-) C:\Windows\WinSxS\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.17763.1518_en-us_cac17eb89b198e19 File
(RW-) C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.17763.1518_none_b4b635d36e735c2c File
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000004.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000004.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro Section
\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 Section
\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 Section
\Sessions\2\Windows\Theme2131664586 Section
\Windows\Theme966197582 Section

Loaded Modules:

Path
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\wow64.dll
C:\Windows\System32\wow64cpu.dll
C:\Windows\System32\wow64win.dll
C:\Windows\SysWOW64\cliconfg.exe

Signature

  • Status: Signature verified.
  • Serial: 33000001C422B2F79B793DACB20000000001C4
  • Thumbprint: AE9C1AE54763822EEC42474983D8B635116C8452
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: cliconfg.exe
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.17763.1 (WinBuild.160101.0800)
  • Product Version: 10.0.17763.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 0/73
  • VirusTotal Link: https://www.virustotal.com/gui/file/656671d3874b77aabdfb3d1cc3b32703da33dbe9e7711d645c4cc9c46e03c5d6/detection/

File Similarity (ssdeep match)

File Score
C:\windows\system32\cliconfg.exe 66
C:\WINDOWS\system32\cliconfg.exe 61
C:\Windows\system32\cliconfg.exe 66
C:\WINDOWS\system32\cliconfg.exe 61
C:\Windows\system32\cliconfg.exe 66
C:\Windows\system32\cliconfg.exe 58
C:\WINDOWS\SysWOW64\cliconfg.exe 68
C:\WINDOWS\SysWOW64\cliconfg.exe 72
C:\Windows\SysWOW64\cliconfg.exe 69
C:\Windows\SysWOW64\cliconfg.exe 69
C:\windows\SysWOW64\cliconfg.exe 71

Possible Misuse

The following table contains possible examples of cliconfg.exe being misused. While cliconfg.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
signature-base apt_op_honeybee.yar $x2 = “del /f /q %TEMP%\setup.cab && cliconfg.exe” CC BY-NC 4.0
signature-base apt_op_honeybee.yar $x1 = “cmd /c taskkill /im cliconfg.exe /f /t && del /f /q” fullword ascii CC BY-NC 4.0

MIT License. Copyright (c) 2020-2021 Strontic.