msiexec.exe
Windows Installer - Unicode by Microsoft
This is a Windows system installed file with Windows File Protection (WFP) enabled.
Warning 6 antivirus scanners has detected malware in various versions of msiexec.exe.
Overview
There are 56 versions of msiexec.exe in the wild, the latest version being 5.0.9600.16384 (winblue_rtm.130821-1623). It is started as a Windows Service called 'Instalator Windows' with the name 'msiserver' and described as “Adds, modifies, and removes applications provided as a Windows Installer or APPX package (*.msi, *.msp, *.appx). If this service is disabled, any services that explicitly depend on it will fail to start.”. . A job within the Windows Task Scheduler is added to execute this process of a specific schedule during installation of the program. It is integrated as a plugin to Internet Explorer as a Browser Helper Object, often without any obvious user interface, and will load for each instance of IE. The average file size is about 89.38 KB. The programs Fallout 3, Dead Space™ and Unify Enterprise have been observed as installing specific variations of msiexec.exe. During the process's lifecycle, the typical CPU resource utilization is less than 0.01%, the average private memory consumption is about 10.94 MB with the maximum memory reaching around 17.16 MB. Addionally, typically read and write I/O disk operations is about 4.28 MB per minute for reads and 3.91 MB per minute for writes.
What is msiexec.exe?
Microsoft Windows Installer is an installation and configuration service provided with Windows. The installer service enables customers to provide better corporate deployment and provides a standard format for component management. The installer also enables the advertisement of applications and features according to the operating system.
 Details
|
| File name: | msiexec.exe |
| Publisher: | Microsoft Corporation |
| Product name: | Windows Installer - Unicode |
| Description: | Windows® installer |
| Typical file path: | C:\Windows\System32\msiexec.exe |
| Original name: | msiexec.exe.mui |
| Windows Service |
| Service name: | msiserver |
| Display name: | Instalator Windows |
| Description: | “Adds, modifies, and removes applications provided as a Windows Installer or APPX package (*.msi, *.msp, *.appx). If this service is disabled, any services that explicitly depend on it will fail to start.” |
| Type: | Win32OwnProcess |
Programs installed in
(Note, the programs listed below are for all versions of Windows Installer - Unicode.)
“Autodesk® Inventor® 3D mechanical design software includes CAD productivity and design communication tools that can help you reduce errors, communicate more effectively, and deliver more innovative pr...”
Fallout 3 is an action role-playing open world video game developed by Bethesda Game Studios. It is the third major installment in the Fallout series.
“D-ViewCam software is included with all mydlink-enabled cameras and allows you to view and manage up to 32 cameras on a single screen using your computer. Plus, with D-ViewCam, you can automatically r...”
“D-ViewCam is a software add-in for Windows Home Server that provides instant access to your live camera feeds and all the surveillance video already saved to your server. Compatible with the D-Link Ne...”
Dead Space is a video game distributed through EA's Origin digital distribution and digital rights management content delivery system.
|
Micro-Star International Co., Ltd. |
|
“Fast, secure and affordable, the NTR Cloud offers managed service providers (MSPs), IT managers and other IT professionals a scalable suite of features and capabilities that adapt to their business ne...”
What was formerly known as Right Hemisphere’s Deep Exploration CAD is now SAP Visual Enterprise Author.
Right Hemisphere’s Deep Exploration CAD is now SAP Visual Enterprise Author.
Behaviors
(Note, the behaviors below are for all versions of msiexec.exe, select a unique version for details.)
Services
Runs under 'SYSTEM\CurrentControlSet\Services' as a shared service by the Service Host (svchost.exe)
- 'MSIServer' (Windows Installer)
Windows firewall allowed programs
Exceptions allow programs to access to the Internet through an outbound connections
- Firewall exception for 'C:\WINXP\system32\msiexec.exe'
- Firewall exception for 'C:\WINDOWS.0\system32\msiexec.exe'
- Firewall exception for 'C:\WINDOWS\system32\msiexec.exe'
Scheduled tasks
- The job '{50696451-B3AA-4784-981E-F04E2AA3B1B9}' runs on registration in the path '\{50696451-B3AA-4784-981E-F04E2AA3B1B9}'
- The task '{D318DBBF-4502-4870-A65D-9A9A1C96DB0A}' runs on registration in the path '\{D318DBBF-4502-4870-A65D-9A9A1C96DB0A}'
- Entry path '\{5A701793-8CE3-4E27-8C20-821C0BC4326D}'
Internet Explorer Browser Helper Object
Located in the registry at 'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects'
- BHO CLSID: {127AD70F-B2B7-4f6a-ACD9-C7B1FE48C8C0}
Malware detections
Based on 40+ industry antivirus scanners, 6 of them detected the following malware.
All file variations of msiexec.exe
Distribution by Windows OS
| OS version | distribution |
| Windows 7 Home Premium |
51.75% |
|
| Windows 7 Ultimate |
28.75% |
|
| Windows 7 Professional |
11.25% |
|
| Windows 7 Home Basic |
2.50% |
|
| Windows 8 Pro |
2.25% |
|
| Windows 7 Enterprise |
1.00% |
|
| Windows 7 Starter |
0.75% |
|
| Windows 8 |
0.50% |
|
| Windows 8 Enterprise Evaluation |
0.25% |
|
| Windows Se7en Titan |
0.25% |
|
| Windows 8 Pro with Media Center |
0.25% |
|
| Windows 8 Enterprise |
0.25% |
|
| Windows Seven Black Edition |
0.25% |
|
Distribution by country
United States installs about 39.80% of Windows Installer - Unicode.
Distribution by PC manufacturer
| PC Manufacturer | distribution |
| Dell |
19.39% |
|
| Hewlett-Packard |
16.54% |
|
| ASUS |
16.35% |
|
| Acer |
12.93% |
|
| Toshiba |
11.03% |
|
| Sony |
6.08% |
|
| Lenovo |
4.18% |
|
| GIGABYTE |
3.80% |
|
| Samsung |
2.28% |
|
| Intel |
2.28% |
|
| MSI |
1.14% |
|
| Alienware |
0.95% |
|
| Medion |
0.76% |
|
| Gateway |
0.76% |
|
| Sahara |
0.38% |
|
| NEC |
0.38% |
|
| Compaq |
0.38% |
|
| American Megatrends |
0.38% |
|
