ssh-add.exe

  • File Path: C:\Users\user\AppData\Local\GitHubDesktop\app-2.5.3\resources\app\git\usr\bin\ssh-add.exe

Hashes

Type Hash
MD5 166F0CE9CC00A55569794AF53E847039
SHA1 2B43799239B2C69A2CAD2FDA2B6F4D46D2CE88F3
SHA256 7021E63813FE9CE5CB4510AEEE91CA5B439DB337E05CFE9239A669F344F4301C
SHA384 2378ABC4C7D25A7B4DB3EA3D0BECD165E1F23B11E5A2CFB829C4A060011F1A793435B007FB60EA3AB75B0EEE5E45231A
SHA512 ED573D1CE4225EDFB9B998350A530695658E93E2FECDC9160D13FBA7768F1D6A5B450AFB53ED84B7EB338C98D65AB6E20E1FDBABB0AEFF57A3F279B8DCBF7105
SSDEEP 6144:23ylgL0/HEdz2Db2O7fcCnDtiWH2Jb4Hetf5pvS:2bL0/Hg8BMb4Hetf5pvS

Runtime Data

Usage (stderr):

Could not open a connection to your authentication agent.

Signature

  • Status: Signature verified.
  • Serial: 045D8F14A82147641722D4FAFC66BC80
  • Thumbprint: FB713A60A7FA79DFC03CB301CA05D4E8C1BDD431
  • Issuer: CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US
  • Subject: CN=”GitHub, Inc.”, O=”GitHub, Inc.”, L=San Francisco, S=California, C=US

File Metadata

  • Original Filename:
  • Product Name:
  • Company Name:
  • File Version:
  • Product Version:
  • Language:
  • Legal Copyright:

File Similarity (ssdeep match)

File Score
C:\Users\user\AppData\Local\GitHubDesktop\app-2.5.3\resources\app\git\usr\bin\ssh-agent.exe 49
C:\Users\user\AppData\Local\GitHubDesktop\app-2.5.4\resources\app\git\usr\bin\ssh-add.exe 46
C:\Users\user\AppData\Local\GitHubDesktop\app-2.5.4\resources\app\git\usr\bin\ssh-agent.exe 40
C:\Windows\system32\OpenSSH\ssh-add.exe 35
C:\Windows\system32\OpenSSH\ssh-add.exe 33
C:\WINDOWS\system32\OpenSSH\ssh-add.exe 35
C:\Windows\system32\OpenSSH\ssh-agent.exe 36
C:\Windows\system32\OpenSSH\ssh-agent.exe 38
C:\WINDOWS\system32\OpenSSH\ssh-agent.exe 36
C:\Windows\system32\OpenSSH\ssh-keyscan.exe 35
C:\WINDOWS\system32\OpenSSH\ssh-keyscan.exe 32
C:\Windows\system32\OpenSSH\ssh-keyscan.exe 32

Possible Misuse

The following table contains possible examples of ssh-add.exe being misused. While ssh-add.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
malware-ioc sshdoor \|d1d7bc9ed506b364f7713e19a35692bad50c3304 \|ssh-add \|"/usr/share/man/man0/.cache" \|176.9.47.34:28739 \|N/A © ESET 2014-2018
malware-ioc sshdoor.yar description = "Signature to match the clean (or not) OpenSSH add (ssh-add)" © ESET 2014-2018
malware-ioc windigo Trojanized sshd, ssh, ssh-add and the target of the libkeyutils.so.1``{:.highlight .language-cmhg} © ESET 2014-2018
malware-ioc windigo * 575bb6e681b5f1e1b774fee0fa5c4fe538308814 - Linux/Ebury - Version 0.8.0 - ssh-add © ESET 2014-2018

MIT License. Copyright (c) 2020-2021 Strontic.