PkgMgr.exe

  • File Path: C:\windows\SysWOW64\PkgMgr.exe
  • Description: Windows Package Manager

Screenshot

PkgMgr.exe PkgMgr.exe

Hashes

Type Hash
MD5 049A6E9C689E058AC091C3DD08CB06DF
SHA1 8C38D2628C43AC4632941539BDBD5294A41C51ED
SHA256 833DB9236CA1471180D12D1EDF5655FCF8959BA839CA8DF07141BB8AF52D2A5C
SHA384 E30B2B87642D7DCC6069ECC670E33649CC197335CB6D859496B2F40418DD763C72DE5A918A7C4648FD27CEB9B32973AB
SHA512 EC4DB6B6F8194814E7DB661010F84BE0350591C49ACE84EFE15BB4BC5C968F6F4FAC8BB06F8E091FF25D11C4338D2FBB6BFA45BEBB8960EA8534DA6D1A0EEF90
SSDEEP 3072:7i5rUENnKKphw6s4RTQcWl4Fa/DkCFdCf9TGOK18/qZ9vRtFmZQ:crU8nRccMC6hzCf9TGOIaqZ

Signature

  • Status: The file C:\windows\SysWOW64\PkgMgr.exe is not digitally signed. You cannot run this script on the current system. For more information about running scripts and setting execution policy, see about_Execution_Policies at http://go.microsoft.com/fwlink/?LinkID=135170
  • Serial: ``
  • Thumbprint: ``
  • Issuer:
  • Subject:

File Metadata

  • Original Filename: PkgMgr.exe
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 6.3.9600.17415 (winblue_r4.141028-1500)
  • Product Version: 6.3.9600.17415
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.

File Similarity (ssdeep match)

File Score
C:\Windows\SysWOW64\ocsetapi.dll 49
C:\Windows\SysWOW64\PkgMgr.exe 47
C:\Windows\SysWOW64\PkgMgr.exe 49
C:\Windows\SysWOW64\PkgMgr.exe 46
C:\WINDOWS\SysWOW64\PkgMgr.exe 46
C:\WINDOWS\SysWOW64\PkgMgr.exe 43
C:\Windows\SysWOW64\wusa.exe 46

Possible Misuse

The following table contains possible examples of PkgMgr.exe being misused. While PkgMgr.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma file_event_win_uac_bypass_msconfig_gui.yml TargetFilename\|endswith: '\AppData\Local\Temp\pkgmgr.exe' DRL 1.0
sigma proc_creation_win_uac_bypass_msconfig_gui.yml ParentImage\|endswith: '\AppData\Local\Temp\pkgmgr.exe' DRL 1.0
sigma proc_creation_win_uac_bypass_pkgmgr_dism.yml title: UAC Bypass Using PkgMgr and DISM DRL 1.0
sigma proc_creation_win_uac_bypass_pkgmgr_dism.yml description: Detects the pattern of UAC Bypass using pkgmgr.exe and dism.exe (UACMe 23) DRL 1.0
sigma proc_creation_win_uac_bypass_pkgmgr_dism.yml ParentImage\|endswith: '\pkgmgr.exe' DRL 1.0
atomic-red-team T1548.002.md Target: \system32\pkgmgr.exe MIT License. © 2018 Red Canary

MIT License. Copyright (c) 2020-2021 Strontic.