msiexec.exe
Windows Installer - Unicode by Microsoft
This is a Windows system installed file with Windows File Protection (WFP) enabled.
Warning 6 antivirus scanners has detected malware in various versions of msiexec.exe.
Overview
msiexec.exe has 56 known versions, the most recent one is 5.0.9600.16384 (winblue_rtm.130821-1623). It is started as a Windows Service called 'Windows Installer -ohjelma' with the name 'msiserver' and described as “Lisää, muokkaa tai poistaa Windows Installer- tai APPX-pakettina (*.msi, *.msp ja *.appx) tarjottuja sovelluksia. Jos tämä palvelu poistetaan käytöstä, siitä suoraan riippuvaiset palvelut eivät käynnisty.”. . During installation the program adds a job to the Task Scheduler. It is installed as an Internet Explorer extension as a Browser Helper Object, often without any obvious user interface, and will start when IE loads. The average file size is about 89.38 KB. The programs Fallout 3, Dead Space™ and Unify Enterprise have been observed as installing specific variations of msiexec.exe. During the process's lifecycle, the typical CPU resource utilization is less than 0.01%, the average private memory consumption is about 10.94 MB with the maximum memory reaching around 17.16 MB. Addionally, typically read and write I/O disk operations is about 4.28 MB per minute for reads and 3.91 MB per minute for writes.
What is msiexec.exe?
Microsoft Windows Installer is an installation and configuration service provided with Windows. The installer service enables customers to provide better corporate deployment and provides a standard format for component management. The installer also enables the advertisement of applications and features according to the operating system.
 Details
|
| File name: | msiexec.exe |
| Publisher: | Microsoft Corporation |
| Product name: | Windows Installer - Unicode |
| Description: | Windows® installer |
| Typical file path: | C:\Windows\System32\msiexec.exe |
| Original name: | msiexec.exe.mui |
| Windows Service |
| Service name: | msiserver |
| Display name: | Windows Installer -ohjelma |
| Description: | “Lisää, muokkaa tai poistaa Windows Installer- tai APPX-pakettina (*.msi, *.msp ja *.appx) tarjottuja sovelluksia. Jos tämä palvelu poistetaan käytöstä, siitä suoraan riippuvaiset palvelut eivät käynnisty.” |
| Type: | Win32OwnProcess |
Programs installed in
(Note, the programs listed below are for all versions of Windows Installer - Unicode.)
“Autodesk® Inventor® 3D mechanical design software includes CAD productivity and design communication tools that can help you reduce errors, communicate more effectively, and deliver more innovative pr...”
Fallout 3 is an action role-playing open world video game developed by Bethesda Game Studios. It is the third major installment in the Fallout series.
“D-ViewCam software is included with all mydlink-enabled cameras and allows you to view and manage up to 32 cameras on a single screen using your computer. Plus, with D-ViewCam, you can automatically r...”
“D-ViewCam is a software add-in for Windows Home Server that provides instant access to your live camera feeds and all the surveillance video already saved to your server. Compatible with the D-Link Ne...”
Dead Space is a video game distributed through EA's Origin digital distribution and digital rights management content delivery system.
|
Micro-Star International Co., Ltd. |
|
“Fast, secure and affordable, the NTR Cloud offers managed service providers (MSPs), IT managers and other IT professionals a scalable suite of features and capabilities that adapt to their business ne...”
What was formerly known as Right Hemisphere’s Deep Exploration CAD is now SAP Visual Enterprise Author.
Right Hemisphere’s Deep Exploration CAD is now SAP Visual Enterprise Author.
Behaviors
(Note, the behaviors below are for all versions of msiexec.exe, select a unique version for details.)
Services
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
- msiserver
- 'msiserver' (Windows Installer)
Scheduled tasks
- The job '{AD1C092E-8BF9-4322-8B6D-869115BC67D2}' runs on registration in the path '\{AD1C092E-8BF9-4322-8B6D-869115BC67D2}'
- The job '{EFAD775F-CDF7-4932-BC9F-7C11500B0E27}' runs on registration in the path '\{EFAD775F-CDF7-4932-BC9F-7C11500B0E27}'
- The task '{AF16EC4C-C7D3-4650-BE4D-593A0E554F4A}' runs on registration in the path '\{AF16EC4C-C7D3-4650-BE4D-593A0E554F4A}'
- The task '{2A68DB8E-C884-4452-862A-37F7C7E8C162}' runs on registration in the path '\{2A68DB8E-C884-4452-862A-37F7C7E8C162}'
- The task '{47FC463B-9928-45D3-823C-B4D5F78A7363}' runs on registration in the path '\{47FC463B-9928-45D3-823C-B4D5F78A7363}'
- The task '{FB16A2A3-DB26-4127-9711-C5E0BF071B10}' runs on registration in the path '\{FB16A2A3-DB26-4127-9711-C5E0BF071B10}'
- The job '{E29801CF-E188-4C12-9343-76AFA0F16BEB}' runs on registration in the path '\{E29801CF-E188-4C12-9343-76AFA0F16BEB}'
- The job '{1869EC6C-EE7B-4B66-B13A-A2FF8E7EBDD0}' runs on registration in the path '\{1869EC6C-EE7B-4B66-B13A-A2FF8E7EBDD0}'
- The job '{AF8E4C1B-E35B-4C57-9A64-1CB2C21CFA46}' runs on registration in the path '\{AF8E4C1B-E35B-4C57-9A64-1CB2C21CFA46}'
- The job '{C02B77F7-A5CC-4BBE-90BF-75B82251A853}' runs on registration in the path '\{C02B77F7-A5CC-4BBE-90BF-75B82251A853}'
- The job '{161E942A-7077-4225-AAE1-3727163FBBBF}' runs on registration in the path '\{161E942A-7077-4225-AAE1-3727163FBBBF}'
- The task '{603A289F-660C-4649-8820-58FD6E7AA78F}' runs on registration in the path '\{603A289F-660C-4649-8820-58FD6E7AA78F}'
- Entry path '\{8C9E5B76-E78A-411A-B939-C6A034267770}'
- Entry path '\{7F6FE1B4-CD5C-4EB3-BA3C-FA05AEE67CB6}'
- Entry path '\{0E478F47-D66E-4DE5-8BE0-876334CD9EBD}'
- Entry path '\{E673B621-598C-4A26-8A81-2A485793D284}'
- Entry path '\{C19210A5-228E-4FEA-8C35-D871B9C4FB5F}'
- Entry path '\{9A26DFD9-8384-4F4C-B4E8-58F5A8829AFB}'
- Entry path '\{5AA35628-621C-4869-8C3F-FDDA0E1007B1}'
- Entry path '\{36EF27E1-070B-4449-BB00-BFD5F2EC510B}'
- Entry path '\{1DCAC8D1-9B4D-4FF8-ABA2-CFD2CD44EEB3}'
- Entry path '\{E7F58D98-807C-426A-8F92-2766A35F2221}'
Internet Explorer Browser Helper Object
Located in the registry at 'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects'
- BHO CLSID: {127AD70F-B2B7-4f6a-ACD9-C7B1FE48C8C0}
Malware detections
Based on 40+ industry antivirus scanners, 6 of them detected the following malware.
All file variations of msiexec.exe
Distribution by Windows OS
| OS version | distribution |
| Windows 7 Home Premium |
51.75% |
|
| Windows 7 Ultimate |
28.75% |
|
| Windows 7 Professional |
11.25% |
|
| Windows 7 Home Basic |
2.50% |
|
| Windows 8 Pro |
2.25% |
|
| Windows 7 Enterprise |
1.00% |
|
| Windows 7 Starter |
0.75% |
|
| Windows 8 |
0.50% |
|
| Windows 8 Enterprise Evaluation |
0.25% |
|
| Windows Se7en Titan |
0.25% |
|
| Windows 8 Pro with Media Center |
0.25% |
|
| Windows 8 Enterprise |
0.25% |
|
| Windows Seven Black Edition |
0.25% |
|
Distribution by country
United States installs about 39.80% of Windows Installer - Unicode.
Distribution by PC manufacturer
| PC Manufacturer | distribution |
| Dell |
19.39% |
|
| Hewlett-Packard |
16.54% |
|
| ASUS |
16.35% |
|
| Acer |
12.93% |
|
| Toshiba |
11.03% |
|
| Sony |
6.08% |
|
| Lenovo |
4.18% |
|
| GIGABYTE |
3.80% |
|
| Samsung |
2.28% |
|
| Intel |
2.28% |
|
| MSI |
1.14% |
|
| Alienware |
0.95% |
|
| Medion |
0.76% |
|
| Gateway |
0.76% |
|
| Sahara |
0.38% |
|
| NEC |
0.38% |
|
| Compaq |
0.38% |
|
| American Megatrends |
0.38% |
|
