cliconfg.exe

  • File Path: C:\WINDOWS\system32\cliconfg.exe
  • Description: SQL Client Configuration Utility EXE

Screenshot

cliconfg.exe

Hashes

Type Hash
MD5 7C009C4F186A7AB8D9958E4D1E61528D
SHA1 0C4BE27A33AC65BCD3A7815D39429E6BDCCEFE13
SHA256 37ED73F7F384068A96E9BC8593793D7086436311A41733404E88C5C8E0173793
SHA384 6F3825B6200B422BFE54126BCF58EA54F60851D2C8C78F103EFA3E3D3F1842829FC6DB7F699A6D07760AD69D05889FE5
SHA512 C275B6D6109DF52868BA1FFFA938F912B5502F87EC905B03732531BBD1492B52B0C86217B15D15BD01D5BDA5EE1A7D9A45C3956563222917E412E6048CC965B6
SSDEEP 384:3nWPSGqGfcT1xDuAgoevZ+0BWrwWAPXuNvBQAMYJQ2JQSkdowyo:mPRQT1xSAdE+0KuuI30lJBkvT
IMP E0A4A433A88E43CFE20831B905227E5B
PESHA1 FB20715E456E2F40C2183BE7FD7471300FF716F6
PE256 F6DF0E053207DBBAE864A871FC8DEBA64C35B71533265AD471638AA9B41FAD22

Runtime Data

Window Title:

SQL Server Client Network Utility

Open Handles:

Path Type
(R-D) C:\Windows\Fonts\StaticCache.dat File
(R-D) C:\Windows\System32\en-US\cliconfg.rll.mui File
(R-D) C:\Windows\WinSxS\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.22000.1_en-us_3d25d89296d34d0b\comctl32.dll.mui File
(RW-) C:\Windows\System32 File
(RW-) C:\Windows\WinSxS\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.22000.1_en-us_3d25d89296d34d0b File
(RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.22000.1_none_271a8fad6a2d1b1e File
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000001.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro Section
\Sessions\2\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 Section
\Sessions\2\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 Section
\Sessions\2\Windows\Theme1077709572 Section
\Windows\Theme3461253685 Section

Loaded Modules:

Path
C:\WINDOWS\system32\cliconfg.exe
C:\WINDOWS\System32\GDI32.dll
C:\WINDOWS\System32\KERNEL32.DLL
C:\WINDOWS\System32\KERNELBASE.dll
C:\WINDOWS\SYSTEM32\ntdll.dll
C:\WINDOWS\System32\USER32.dll
C:\WINDOWS\System32\win32u.dll

Signature

  • Status: Signature verified.
  • Serial: 33000002ED2C45E4C145CF48440000000002ED
  • Thumbprint: 312860D2047EB81F8F58C29FF19ECDB4C634CF6A
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: cliconfg.exe
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.22000.1 (WinBuild.160101.0800)
  • Product Version: 10.0.22000.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/73
  • VirusTotal Link: https://www.virustotal.com/gui/file/37ed73f7f384068a96e9bc8593793d7086436311a41733404e88c5c8e0173793/detection

File Similarity (ssdeep match)

File Score
C:\windows\system32\cliconfg.exe 55
C:\WINDOWS\system32\cliconfg.exe 63
C:\Windows\system32\cliconfg.exe 60
C:\Windows\system32\cliconfg.exe 60
C:\Windows\system32\cliconfg.exe 60
C:\WINDOWS\SysWOW64\cliconfg.exe 61
C:\WINDOWS\SysWOW64\cliconfg.exe 63
C:\Windows\SysWOW64\cliconfg.exe 61
C:\Windows\SysWOW64\cliconfg.exe 63
C:\Windows\SysWOW64\cliconfg.exe 63
C:\windows\SysWOW64\cliconfg.exe 63

Possible Misuse

The following table contains possible examples of cliconfg.exe being misused. While cliconfg.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
signature-base apt_op_honeybee.yar $x2 = “del /f /q %TEMP%\setup.cab && cliconfg.exe” CC BY-NC 4.0
signature-base apt_op_honeybee.yar $x1 = “cmd /c taskkill /im cliconfg.exe /f /t && del /f /q” fullword ascii CC BY-NC 4.0

MIT License. Copyright (c) 2020-2021 Strontic.