cliconfg.exe

  • File Path: C:\Windows\SysWOW64\cliconfg.exe
  • Description: SQL Client Configuration Utility EXE

Screenshot

cliconfg.exe

Hashes

Type Hash
MD5 5EE49921CB7AEA9FDF2938F99DB69FFA
SHA1 115948FE90CD8D1890F1B59E767409CAF1F95B2B
SHA256 DDC3AA90B1229F7ED1F3C64BCDEBC527D18FA24C6BCA9A0B0A7A9C0ECD37E89B
SHA384 F59153D910A52D707F6A20BF3DF50ADF0719731CD85212464678D9DFDD860667F6578DF145FE79BF51CDE457C19776EF
SHA512 86205ADB8FEFA78B19249000FB11109C42EA12D52455D6606FBFC91087D2395ECAA856CCE4A428A33B1A0E4222A8532C15D7CA6D0AFF9BBA6DDD07CD9A814F38
SSDEEP 384:EwA9G50JT6pxW0wWFPXuNvBQAMYJQ2JQSkdowyoF:5K6pRruI30lJBkvTF
IMP 0BDCEE28946450C424EEAF4F97F264EE
PESHA1 931FED0093A83AC468C70D501D785A75208D871C
PE256 A9636383D7855328A63AE5B34C51438419FE19C7FDFB6537A57CF4B52E667A74

Runtime Data

Window Title:

SQL Server Client Network Utility

Open Handles:

Path Type
(R-D) C:\Windows\Fonts\StaticCache.dat File
(R-D) C:\Windows\System32\en-US\cliconfg.rll.mui File
(R-D) C:\Windows\WinSxS\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.19041.1_en-us_a8f1da377db0be9e\comctl32.dll.mui File
(RW-) C:\Users\user File
(RW-) C:\Windows File
(RW-) C:\Windows\WinSxS\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.19041.1_en-us_a8f1da377db0be9e File
(RW-) C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.488_none_89e6152f0b32762e File
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000002.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2 Section
\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 Section
\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 Section
\Sessions\1\Windows\Theme1175649999 Section
\Windows\Theme601709542 Section

Loaded Modules:

Path
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\wow64.dll
C:\Windows\System32\wow64cpu.dll
C:\Windows\System32\wow64win.dll
C:\Windows\SysWOW64\cliconfg.exe

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: cliconfg.exe
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 0/75
  • VirusTotal Link: https://www.virustotal.com/gui/file/ddc3aa90b1229f7ed1f3c64bcdebc527d18fa24c6bca9a0b0a7a9c0ecd37e89b/detection

File Similarity (ssdeep match)

File Score
C:\windows\system32\cliconfg.exe 68
C:\WINDOWS\system32\cliconfg.exe 61
C:\Windows\system32\cliconfg.exe 63
C:\WINDOWS\system32\cliconfg.exe 63
C:\Windows\system32\cliconfg.exe 69
C:\Windows\system32\cliconfg.exe 63
C:\WINDOWS\SysWOW64\cliconfg.exe 66
C:\WINDOWS\SysWOW64\cliconfg.exe 74
C:\Windows\SysWOW64\cliconfg.exe 69
C:\Windows\SysWOW64\cliconfg.exe 66
C:\windows\SysWOW64\cliconfg.exe 69

Possible Misuse

The following table contains possible examples of cliconfg.exe being misused. While cliconfg.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
signature-base apt_op_honeybee.yar $x2 = “del /f /q %TEMP%\setup.cab && cliconfg.exe” CC BY-NC 4.0
signature-base apt_op_honeybee.yar $x1 = “cmd /c taskkill /im cliconfg.exe /f /t && del /f /q” fullword ascii CC BY-NC 4.0

MIT License. Copyright (c) 2020-2021 Strontic.