» pc3g3h.exe
Overview
Analysis
File Details
Behaviors (1)

pc3g3h.exe

Beijing Tendent Network Technology Co., Ltd.

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Pc3g3h’.

File name:

pc3g3h.exe

Publisher:

Beijing Tendent Network Technology Co., Ltd. (signed and verified)

Version:

2.5.2.198

MD5:

8f1f86a0f3ae666d5cc28be94125157d

SHA-1:

7faa168c1c01c7bf9ed3e3012f33a740d62efb50

SHA-256:

ad98d73807b6474691364b20ba4cd9d7ccb8062a81b2a0037c6960b4fd4b2345

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/19/2024 10:16:39 AM UTC (today)

File size:

6 MB (6,313,064 bytes)

Product version:

1.0.0.0

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\3g3hhelper\bin\pc3g3h.exe

Digital Signature

Signed by:

Beijing Tendent Network Technology Co., Ltd.

Authority:

WoSign eCommerce Services Limited

Valid from:

11/29/2012 9:57:53 PM

Valid to:

12/4/2015 5:45:48 PM

Subject:

E=dtren218@sina.com, CN="Beijing Tendent Network Technology Co., Ltd.", O="Beijing Tendent Network Technology Co., Ltd.", L=Beijing, S=Beijing, C=CN

Issuer:

CN=WoSign Class 3 Code Signing CA, O=WoSign eCommerce Services Limited, C=CN

Serial number:

097226EA19F091

File PE Metadata

Compilation timestamp:

4/20/2013 8:44:52 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

98304:n/AxZmUCfn8SIUPsXr7nuM6dLq/irnfWcb7:n/mNUPsXr7nu3WirnJ7

Entry address:

0x47775C

Entry point:

55, 8B, EC, 83, C4, F0, 53, B8, A8, 4D, 86, 00, E8, 87, 45, B9, FF, 8B, 1D, 54, 8C, 89, 00, 8B, 03, E8, 26, 03, C9, FF, E8, 7D, 2E, FC, FF, 84, C0, 0F, 85, BF, 00, 00, 00, 68, 4C, 78, 87, 00, 6A, FF, 6A, 00, E8, CB, 58, B9, FF, 85, C0, 74, 0C, E8, 5A, 5A, B9, FF, 3D, B7, 00, 00, 00, 75, 0A, E8, 56, 2A, FC, FF, E9, 97, 00, 00, 00, 8B, 03, B2, 01, E8, 24, 20, C9, FF, 8B, 03, C6, 40, 5B, 00, 8B, 03, BA, A8, 78, 87, 00, E8, F2, FC, C8, FF, 6A, 00, 6A, 00, 6A, 00, 33, C9, BA, CC, 78, 87, 00, B8, E5, 00, 00, 00... 
[+]

Entropy:

6.5650

Developed / compiled with:

Microsoft Visual C++

Code size:

4.5 MB (4,679,168 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Pc3g3h

Command:

C:\Program Files\3g3hhelper\bin\pc3g3h.exe \min

Scan pc3g3h.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.