× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 82ef3b124362b701ac146fffe8c6d2f5a932417bd7011a887665df6f09797a60
File name: msiexec.exe
Detection ratio: 0 / 62
Analysis date: 2017-03-19 19:01:40 UTC ( 1 week, 3 days ago )
Probably harmless! There are strong indicators suggesting that this file is safe to use.
Antivirus Result Update
Ad-Aware 20170319
AegisLab 20170319
AhnLab-V3 20170319
Alibaba 20170228
ALYac 20170319
Antiy-AVL 20170319
Arcabit 20170319
Avast 20170319
AVG 20170319
Avira (no cloud) 20170319
AVware 20170319
Baidu 20170318
BitDefender 20170319
Bkav 20170318
CAT-QuickHeal 20170318
ClamAV 20170319
CMC 20170317
Comodo 20170319
CrowdStrike Falcon (ML) 20170130
Cyren 20170319
DrWeb 20170319
Emsisoft 20170319
Endgame 20170317
ESET-NOD32 20170319
F-Prot 20170319
F-Secure 20170319
Fortinet 20170319
GData 20170319
Ikarus 20170319
Invincea 20170203
Jiangmin 20170319
K7AntiVirus 20170319
K7GW 20170319
Kaspersky 20170319
Kingsoft 20170319
Malwarebytes 20170319
McAfee 20170319
McAfee-GW-Edition 20170319
Microsoft 20170319
eScan 20170319
NANO-Antivirus 20170319
nProtect 20170319
Palo Alto Networks (Known Signatures) 20170319
Panda 20170319
Qihoo-360 20170319
Rising 20170319
SentinelOne (Static ML) 20170315
Sophos 20170319
SUPERAntiSpyware 20170319
Symantec 20170319
Tencent 20170319
TheHacker 20170318
TotalDefense 20170319
TrendMicro 20170319
TrendMicro-HouseCall 20170319
Trustlook 20170319
VBA32 20170317
VIPRE 20170319
ViRobot 20170319
Webroot 20170319
WhiteArmor 20170315
Yandex 20170318
Zillya 20170317
ZoneAlarm by Check Point 20170319
Zoner 20170319
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem that targets 64bit architectures.
Authenticode signature block and FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Windows Installer - Unicode
Original name msiexec.exe
Internal name msiexec
File version 5.0.7601.18896 (win7sp1_gdr.150615-0956)
Description Windows® installer
Signature verification Signed file, verified signature
Signing date 9:45 AM 6/16/2015
Signers
[+] Microsoft Windows
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Windows Verification PCA
Valid from 6:48 PM 5/20/2015
Valid to 6:48 PM 3/14/2016
Valid usage Code Signing, NT5 Crypto
Algorithm sha1RSA
Thumbprint 49DA9A5E21EDC4682AD0211C85D552C86C422F13
Serial number 33 00 00 00 35 4C 94 FF 5B 25 BE 52 77 00 00 00 00 00 35
[+] Microsoft Windows Verification PCA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Root Certificate Authority
Valid from 10:55 PM 9/15/2005
Valid to 11:05 PM 3/15/2016
Valid usage Code Signing, NT5 Crypto
Algorithm sha1RSA
Thumbprint 5DF0D7571B0780783960C68B78571FFD7EDAF021
Serial number 61 07 02 DC 00 00 00 00 00 0B
[+] Microsoft Root Certificate Authority
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 12:19 AM 5/10/2001
Valid to 12:28 AM 5/10/2021
Valid usage All
Algorithm sha1RSA
Thumbprint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
Counter signers
[+] Microsoft Time-Stamp Service
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Time-Stamp PCA
Valid from 6:32 PM 3/20/2015
Valid to 6:32 PM 6/20/2016
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 5740FB2B2D092E26E2E9DFFAE9E53412B9F7D21B
Serial number 33 00 00 00 6F 65 2D 58 6D 07 11 46 28 00 00 00 00 00 6F
[+] Microsoft Time-Stamp PCA
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 1:53 PM 4/3/2007
Valid to 2:03 PM 4/3/2021
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 375FCB825C3DC3752A02E34EB70993B4997191EF
Serial number 61 16 68 34 00 00 00 00 00 1C
[+] Microsoft Root Certificate Authority
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 12:19 AM 5/10/2001
Valid to 12:28 AM 5/10/2021
Valid usage All
Algorithm sha1RSA
Thumbrint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
PE header basic information
Target machine x64
Compilation timestamp 2015-06-15 20:51:29
Entry Point 0x000171A4
Number of sections 5
PE sections
PE imports
RegCreateKeyExW
SetSecurityDescriptorOwner
RegCloseKey
GetAce
OpenServiceW
AdjustTokenPrivileges
ControlService
InitializeAcl
LookupPrivilegeValueW
RegOpenKeyExW
RegDeleteKeyW
DeleteService
RegQueryValueExW
GetSecurityDescriptorLength
SetSecurityDescriptorDacl
CloseServiceHandle
RegisterEventSourceW
OpenProcessToken
DeregisterEventSource
QueryServiceStatus
MakeAbsoluteSD
AddAccessAllowedAce
RegEnumKeyW
GetSecurityDescriptorOwner
CreateServiceW
GetTokenInformation
RegGetKeySecurity
SetServiceStatus
RegisterServiceCtrlHandlerW
RegEnumKeyExW
OpenThreadToken
GetLengthSid
RegDeleteValueW
RevertToSelf
RegSetValueExW
FreeSid
MakeSelfRelativeSD
OpenSCManagerW
ReportEventW
AllocateAndInitializeSid
InitializeSecurityDescriptor
StartServiceCtrlDispatcherW
EqualSid
SetThreadToken
SetSecurityDescriptorGroup
GetLastError
SetCurrentDirectoryW
GetStdHandle
EnterCriticalSection
GetUserDefaultLangID
lstrlenW
LoadLibraryW
GlobalFree
WaitForSingleObject
GetVersionExW
FreeLibrary
QueryPerformanceCounter
CompareStringW
ExitProcess
lstrcmpiW
lstrcmpW
DeleteCriticalSection
GetCurrentProcess
SetConsoleCtrlHandler
GetCurrentProcessId
OpenProcess
GetCommandLineW
CreateThread
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
GetStartupInfoW
GetProcAddress
GetLocaleInfoW
GetSystemDefaultLangID
WideCharToMultiByte
GetModuleFileNameW
GetSystemDirectoryW
SetUnhandledExceptionFilter
WriteFile
CloseHandle
GetSystemTimeAsFileTime
GetACP
GetModuleHandleW
SetEvent
FormatMessageW
TerminateProcess
CreateEventW
InitializeCriticalSection
OutputDebugStringW
OpenEventW
GlobalAlloc
CreateProcessW
Sleep
GetFileType
GetTickCount
GetCurrentThreadId
GetVersion
GetCurrentThread
GetEnvironmentVariableW
SetLastError
LeaveCriticalSection
IsCharAlphaNumericW
PeekMessageW
PostThreadMessageW
TranslateMessage
GetMessageW
MsgWaitForMultipleObjects
PostQuitMessage
DispatchMessageW
Ord(280)
Ord(131)
Ord(148)
Ord(70)
Ord(78)
Ord(8)
Ord(197)
Ord(141)
Ord(88)
Ord(222)
Ord(190)
Ord(228)
Ord(136)
Ord(196)
Ord(175)
Ord(169)
Ord(240)
Ord(184)
Ord(199)
memset
__dllonexit
_cexit
_fmode
_vsnwprintf
_amsg_exit
?terminate@@YAXXZ
__C_specific_handler
_lock
_onexit
exit
_XcptFilter
_commode
__setusermatherr
wcsrchr
_acmdln
_wcsicmp
_ismbblead
_unlock
memcpy
__getmainargs
_initterm
_vsnprintf
_exit
__set_app_type
RtlNtStatusToDosError
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CoUninitialize
CoRegisterClassObject
CoInitialize
StgOpenStorage
CoRevokeClassObject
Number of PE resources by type
RT_ICON 4
RT_GROUP_ICON 1
MUI 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 8
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.2

InitializedDataSize
33280

ImageVersion
6.1

ProductName
Windows Installer - Unicode

FileVersionNumber
5.0.7601.18896

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
9.0

FileTypeExtension
exe

OriginalFileName
msiexec.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
5.0.7601.18896 (win7sp1_gdr.150615-0956)

TimeStamp
2015:06:15 21:51:29+01:00

FileType
Win64 EXE

PEType
PE32+

InternalName
msiexec

ProductVersion
5.0.7601.18896

FileDescription
Windows installer

OSVersion
6.1

FileOS
Windows NT 32-bit

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
AMD AMD64

CompanyName
Microsoft Corporation

CodeSize
99328

FileSubtype
0

ProductVersionNumber
5.0.7601.18896

EntryPoint
0x171a4

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
Compressed bundles
File identification
MD5 81cb8d34112178ce1826c86ba5f268c3
SHA1 b70de8d38057b4b7a9ed88b34b2d469be8612aab
SHA256 82ef3b124362b701ac146fffe8c6d2f5a932417bd7011a887665df6f09797a60
ssdeep
3072:tTO4r3Li+CcL4I2/tYN++esJ72M88ikPEYEN:1LRCcN2/tYNBesJ63kP/

authentihash d3ca08788ac8db9045ea3ecbf878a135ce8b633a8b361e25a58237b0296e3187
imphash 72567d001c30c3c46b19a98842491779
File size 125.0 KB ( 128000 bytes )
File type Win32 EXE
Magic literal
PE32+ executable for MS Windows (GUI) Mono/.Net assembly

TrID Win64 Executable (generic) (87.3%)
Generic Win/DOS Executable (6.3%)
DOS Executable Generic (6.3%)
Tags
64bits peexe assembly signed

VirusTotal metadata
First submission 2015-07-14 17:49:19 UTC ( 1 year, 8 months ago )
Last submission 2017-03-19 19:01:40 UTC ( 1 week, 3 days ago )
File names 8d5057c6e2bee340b7c3524e069b6364.tmp
0b4ab81266893c459d03309452a41b4b.tmp
e4418e0e49253d43b86b646fb573836a.tmp
e7f7700c0d79d5489f4a8860ee3491c5.tmp
6e63a784e0bac144973b734f482b18bd.tmp
cd364c6dff4720469aaa70505d2cfe84.tmp
a6829860cb779d6492a6a9ccf805f277349a231e.exe
ad5c4e5f4255d2010e0300006846c428_msiexec.exe
5b1eebf180a961489cd9eb74ba5d8d08.tmp
d68dd231b3c6d44e843d478e63bdfd49.tmp
e1b0c13a7b8653438b7245ee74142866.tmp
5a3d958de22c36499cbcbb7f09b239e6.tmp
b3a8e3d617fe894297954978718b6355.tmp
15aed56c06e3de43b8c59177d7b5f6a8.tmp
msiexec.exe
f23e231b0063364c8d75a7c5b05acf5b.tmp
4ec614dfd3f2d0222df7600ea00950cacacc6192.exe
af0cf70795c8bf438507ea2ade40191a.tmp
f1bed95fd6c7464392770cd481997fa7.tmp
f56b0c5335105d4ca55f5a0eddb725a8.tmp
aef07e5d4c40674db01f674054aa74e0.tmp
b8b14f1c49b7c5429cf794487a96bc7b.tmp
334877753808e24494b1c1c48b4438cc.tmp
c561523bc7c83b48a382750cfe0ce97b.tmp
5225c.tmpscan
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!