» pc3g3h.exe
Overview
Analysis
File Details
Behaviors (1)

pc3g3h.exe

Beijing Tendent Network Technology Co., Ltd.

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Pc3g3h’.

File name:

pc3g3h.exe

Publisher:

Beijing Tendent Network Technology Co., Ltd. (signed and verified)

Version:

2.6.6.255

MD5:

4176b42f026d4100a904cc41dc4020d6

SHA-1:

86b8475ea8ee882e6ef03b1856f77eb7c4367920

SHA-256:

cca7a6b35d40c42082ef85c41fbe28a7d1ae2ae77b2e145cb8b47d8699e84324

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/24/2024 2:15:54 PM UTC (today)

File size:

6.1 MB (6,381,160 bytes)

Product version:

1.0.0.0

File type:

Executable application (Win32 EXE)

Language:

Chinese (Simplified, PRC)

Common path:

C:\Program Files\3g3hhelper\bin\pc3g3h.exe

Digital Signature

Signed by:

Beijing Tendent Network Technology Co., Ltd.

Authority:

WoSign eCommerce Services Limited

Valid from:

11/29/2012 9:57:53 PM

Valid to:

12/4/2015 5:45:48 PM

Subject:

E=dtren218@sina.com, CN="Beijing Tendent Network Technology Co., Ltd.", O="Beijing Tendent Network Technology Co., Ltd.", L=Beijing, S=Beijing, C=CN

Issuer:

CN=WoSign Class 3 Code Signing CA, O=WoSign eCommerce Services Limited, C=CN

Serial number:

097226EA19F091

File PE Metadata

Compilation timestamp:

6/17/2015 11:02:14 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

98304:/f7VMdxyGarOf1G7J25xDosbVLoWQQRHNfvOcbj:/ftrOfg25xDomouVZRj

Entry address:

0x482768

Entry point:

55, 8B, EC, 83, C4, F0, 53, B8, 98, F6, 86, 00, E8, 7B, 95, B8, FF, 8B, 1D, 20, 3F, 8A, 00, 8B, 03, E8, E2, 68, C8, FF, E8, 19, 24, FC, FF, 84, C0, 0F, 85, BF, 00, 00, 00, 68, 58, 28, 88, 00, 6A, FF, 6A, 00, E8, BF, A8, B8, FF, 85, C0, 74, 0C, E8, 4E, AA, B8, FF, 3D, B7, 00, 00, 00, 75, 0A, E8, E2, 1B, FC, FF, E9, 97, 00, 00, 00, 8B, 03, B2, 01, E8, E0, 85, C8, FF, 8B, 03, C6, 40, 5B, 00, 8B, 03, BA, B4, 28, 88, 00, E8, AE, 62, C8, FF, 6A, 00, 6A, 00, 6A, 00, 33, C9, BA, D8, 28, 88, 00, B8, EC, 00, 00, 00... 
[+]

Entropy:

6.5686

Developed / compiled with:

Microsoft Visual C++

Code size:

4.5 MB (4,723,200 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Pc3g3h

Command:

C:\Program Files\3g3hhelper\bin\pc3g3h.exe \min

Scan pc3g3h.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.