pc3g3h.exe

Beijing Tendent Network Technology Co., Ltd.

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Pc3g3h’.
Publisher:

Version:
2.6.6.255

MD5:
4176b42f026d4100a904cc41dc4020d6

SHA-1:
86b8475ea8ee882e6ef03b1856f77eb7c4367920

SHA-256:
cca7a6b35d40c42082ef85c41fbe28a7d1ae2ae77b2e145cb8b47d8699e84324

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/20/2017 8:33:02 PM UTC  (today)

File size:
6.1 MB (6,381,160 bytes)

Product version:
1.0.0.0

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, PRC)

Common path:
C:\Program Files\3g3hhelper\bin\pc3g3h.exe

Digital Signature
Authority:
WoSign eCommerce Services Limited

Valid from:
11/29/2012 9:57:53 PM

Valid to:
12/4/2015 5:45:48 PM

Subject:
E=dtren218@sina.com, CN="Beijing Tendent Network Technology Co., Ltd.", O="Beijing Tendent Network Technology Co., Ltd.", L=Beijing, S=Beijing, C=CN

Issuer:
CN=WoSign Class 3 Code Signing CA, O=WoSign eCommerce Services Limited, C=CN

Serial number:
097226EA19F091

File PE Metadata
Compilation timestamp:
6/17/2015 11:02:14 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:/f7VMdxyGarOf1G7J25xDosbVLoWQQRHNfvOcbj:/ftrOfg25xDomouVZRj

Entry address:
0x482768

Entry point:
55, 8B, EC, 83, C4, F0, 53, B8, 98, F6, 86, 00, E8, 7B, 95, B8, FF, 8B, 1D, 20, 3F, 8A, 00, 8B, 03, E8, E2, 68, C8, FF, E8, 19, 24, FC, FF, 84, C0, 0F, 85, BF, 00, 00, 00, 68, 58, 28, 88, 00, 6A, FF, 6A, 00, E8, BF, A8, B8, FF, 85, C0, 74, 0C, E8, 4E, AA, B8, FF, 3D, B7, 00, 00, 00, 75, 0A, E8, E2, 1B, FC, FF, E9, 97, 00, 00, 00, 8B, 03, B2, 01, E8, E0, 85, C8, FF, 8B, 03, C6, 40, 5B, 00, 8B, 03, BA, B4, 28, 88, 00, E8, AE, 62, C8, FF, 6A, 00, 6A, 00, 6A, 00, 33, C9, BA, D8, 28, 88, 00, B8, EC, 00, 00, 00...
 
[+]

Entropy:
6.5686

Developed / compiled with:
Microsoft Visual C++

Code size:
4.5 MB (4,723,200 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Pc3g3h

Command:
C:\Program Files\3g3hhelper\bin\pc3g3h.exe \min


Scan pc3g3h.exe - Powered by Reason Core Security