PkgMgr.exe

  • File Path: C:\WINDOWS\system32\PkgMgr.exe
  • Description: Windows Package Manager

Screenshot

PkgMgr.exe PkgMgr.exe

Hashes

Type Hash
MD5 16C0DDFCE82A53516E634F691689EBB6
SHA1 36F2AB8F5E09123CFF95C2C188FB3DA829891EBE
SHA256 986FEC137EB41A90AA72A7EF290B8D1D9DF0207B69A401A2BA60DFDBBF30A8B9
SHA384 2E2F138740E9A81F5BB41CF9B2ECE2F143CFE869639D235CDC31FF99536DE29D25A9B97439E65F3650A4832F6ECD3CE6
SHA512 9545C15569BB820DD7E55B4F2B2EAA6BB67E9E4508B4A11F063F1D6D5F13D2992AA8FEB03F23296BF185B3099095EB9A986384EF65E2BF2CD9AE06ACBF9733D6
SSDEEP 3072:2E3D6AFOZaz0xulwqmeSkENXK6JRAqs4xjw8m1I1nUhu:7GAFixqwq7SkMHxM8cAUh

Signature

  • Status: Signature verified.
  • Serial: 330000023241FB59996DCC4DFF000000000232
  • Thumbprint: FF82BC38E1DA5E596DF374C53E3617F7EDA36B06
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: PkgMgr.exe
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.18362.1 (WinBuild.160101.0800)
  • Product Version: 10.0.18362.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.

File Similarity (ssdeep match)

File Score
C:\Windows\system32\ocsetapi.dll 54
C:\windows\system32\PkgMgr.exe 38
C:\WINDOWS\system32\PkgMgr.exe 44
C:\Windows\system32\PkgMgr.exe 49
C:\Windows\system32\PkgMgr.exe 50
C:\Windows\system32\wusa.exe 43

Possible Misuse

The following table contains possible examples of PkgMgr.exe being misused. While PkgMgr.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma file_event_win_uac_bypass_msconfig_gui.yml TargetFilename\|endswith: '\AppData\Local\Temp\pkgmgr.exe' DRL 1.0
sigma proc_creation_win_uac_bypass_msconfig_gui.yml ParentImage\|endswith: '\AppData\Local\Temp\pkgmgr.exe' DRL 1.0
sigma proc_creation_win_uac_bypass_pkgmgr_dism.yml title: UAC Bypass Using PkgMgr and DISM DRL 1.0
sigma proc_creation_win_uac_bypass_pkgmgr_dism.yml description: Detects the pattern of UAC Bypass using pkgmgr.exe and dism.exe (UACMe 23) DRL 1.0
sigma proc_creation_win_uac_bypass_pkgmgr_dism.yml ParentImage\|endswith: '\pkgmgr.exe' DRL 1.0
atomic-red-team T1548.002.md Target: \system32\pkgmgr.exe MIT License. © 2018 Red Canary

MIT License. Copyright (c) 2020-2021 Strontic.