PkgMgr.exe

  • File Path: C:\windows\system32\PkgMgr.exe
  • Description: Windows Package Manager

Screenshot

PkgMgr.exe PkgMgr.exe

Hashes

Type Hash
MD5 B212B2FE6910AF8B2068F2FF2242204F
SHA1 D66174037EF0A240C62325D3AE3EC2FE339DEB18
SHA256 FA461A210D64C65243BA9FFDCD39D5F7D7E433E666ABC895B674D5136D1A59A0
SHA384 06F0CF049612AD392FCDA31FBCF6DE05A1EDA40D16F1BDEAB2574F109DB9526F33FF0B59CCD79B6356EC752137CBB522
SHA512 DECB0BBC4E09744B9103C5A9F3E755812217C9815E52BC822F2069A94691E2DA2646F54CD260BFF950436C42D6E5D016F72BAFA528D3F5A1450B0630A5ABCA36
SSDEEP 3072:OnbEENXK6JRAqs4xjw8m1IXS2A87b9XTyCNa6KSiyaiyaiPNi6XwY5nyW+7TzLbY:ybEMHxM8c6SX8H98NQY5s2P

Signature

  • Status: The file C:\windows\system32\PkgMgr.exe is not digitally signed. You cannot run this script on the current system. For more information about running scripts and setting execution policy, see about_Execution_Policies at http://go.microsoft.com/fwlink/?LinkID=135170
  • Serial: ``
  • Thumbprint: ``
  • Issuer:
  • Subject:

File Metadata

  • Original Filename: PkgMgr.exe
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 6.3.9600.17415 (winblue_r4.141028-1500)
  • Product Version: 6.3.9600.17415
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.

File Similarity (ssdeep match)

File Score
C:\Windows\system32\ocsetapi.dll 36
C:\WINDOWS\system32\PkgMgr.exe 38
C:\WINDOWS\system32\PkgMgr.exe 32
C:\Windows\system32\PkgMgr.exe 40
C:\Windows\system32\PkgMgr.exe 41
C:\Windows\system32\wusa.exe 36

Possible Misuse

The following table contains possible examples of PkgMgr.exe being misused. While PkgMgr.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma file_event_win_uac_bypass_msconfig_gui.yml TargetFilename\|endswith: '\AppData\Local\Temp\pkgmgr.exe' DRL 1.0
sigma proc_creation_win_uac_bypass_msconfig_gui.yml ParentImage\|endswith: '\AppData\Local\Temp\pkgmgr.exe' DRL 1.0
sigma proc_creation_win_uac_bypass_pkgmgr_dism.yml title: UAC Bypass Using PkgMgr and DISM DRL 1.0
sigma proc_creation_win_uac_bypass_pkgmgr_dism.yml description: Detects the pattern of UAC Bypass using pkgmgr.exe and dism.exe (UACMe 23) DRL 1.0
sigma proc_creation_win_uac_bypass_pkgmgr_dism.yml ParentImage\|endswith: '\pkgmgr.exe' DRL 1.0
atomic-red-team T1548.002.md Target: \system32\pkgmgr.exe MIT License. © 2018 Red Canary

MIT License. Copyright (c) 2020-2021 Strontic.