msiexec.exe
Windows Installer - Unicode by Microsoft
| Version: | 4.5.6001.22159 (vistasp1_ldr.080415-1732) |
| MD5: | bddfb9f628ded5aa19f4442f5e729166 |
| SHA1: | d961904238c16a4723fd02f2da3ee6614d17b78f |
| SHA256: | 2d4de5a8ddcef94caf04ff5712cd7d4cad93b9785e58c1fea7f75e096b688dcc |
This is a Windows system installed file with Windows File Protection (WFP) enabled.
Warning 4 antivirus scanners has detected malware.
What is msiexec.exe?
Microsoft Windows Installer is an installation and configuration service provided with Windows. The installer service enables customers to provide better corporate deployment and provides a standard format for component management. The installer also enables the advertisement of applications and features according to the operating system.
Overview
msiexec.exe is malware that runs as a service under the name Windows Installer -ohjelma (msiserver) within the local user context. It is installed in Internet Explorer as a Browser Helper Object (BHO) which has full acess to the web browser's behaviors and content. This version is designed to run on Windows Vista.
Details
| File name: | msiexec.exe |
| Publisher: | Microsoft Corporation |
| Product name: | Windows Installer - Unicode |
| Description: | Windows® installer |
| Typical file path: | C:\Windows\System32\msiexec.exe |
| Original name: | msiexec.exe.mui |
| File version: | 4.5.6001.22159 (vistasp1_ldr.080415-1732) |
| Product version: | 4.5.6001.22159 |
| Size: | 111 KB (113,664 bytes) |
| Digital DNA |
| PE subsystem: | Windows GUI |
| Entropy: | 5.753598 |
| File packed: | No |
| Code language: | Microsoft Visual C++ |
| .NET CLR: | No |
More details
Behaviors
Services
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
- msiserver
- 'msiserver' (Windows Installer)
Scheduled tasks
- The job '{AD1C092E-8BF9-4322-8B6D-869115BC67D2}' runs on registration in the path '\{AD1C092E-8BF9-4322-8B6D-869115BC67D2}'
- The job '{EFAD775F-CDF7-4932-BC9F-7C11500B0E27}' runs on registration in the path '\{EFAD775F-CDF7-4932-BC9F-7C11500B0E27}'
- The task '{AF16EC4C-C7D3-4650-BE4D-593A0E554F4A}' runs on registration in the path '\{AF16EC4C-C7D3-4650-BE4D-593A0E554F4A}'
- The task '{2A68DB8E-C884-4452-862A-37F7C7E8C162}' runs on registration in the path '\{2A68DB8E-C884-4452-862A-37F7C7E8C162}'
- The task '{47FC463B-9928-45D3-823C-B4D5F78A7363}' runs on registration in the path '\{47FC463B-9928-45D3-823C-B4D5F78A7363}'
- The task '{FB16A2A3-DB26-4127-9711-C5E0BF071B10}' runs on registration in the path '\{FB16A2A3-DB26-4127-9711-C5E0BF071B10}'
- The job '{E29801CF-E188-4C12-9343-76AFA0F16BEB}' runs on registration in the path '\{E29801CF-E188-4C12-9343-76AFA0F16BEB}'
- The job '{1869EC6C-EE7B-4B66-B13A-A2FF8E7EBDD0}' runs on registration in the path '\{1869EC6C-EE7B-4B66-B13A-A2FF8E7EBDD0}'
- The job '{AF8E4C1B-E35B-4C57-9A64-1CB2C21CFA46}' runs on registration in the path '\{AF8E4C1B-E35B-4C57-9A64-1CB2C21CFA46}'
- The job '{C02B77F7-A5CC-4BBE-90BF-75B82251A853}' runs on registration in the path '\{C02B77F7-A5CC-4BBE-90BF-75B82251A853}'
- The job '{161E942A-7077-4225-AAE1-3727163FBBBF}' runs on registration in the path '\{161E942A-7077-4225-AAE1-3727163FBBBF}'
- The task '{603A289F-660C-4649-8820-58FD6E7AA78F}' runs on registration in the path '\{603A289F-660C-4649-8820-58FD6E7AA78F}'
- Entry path '\{8C9E5B76-E78A-411A-B939-C6A034267770}'
- Entry path '\{7F6FE1B4-CD5C-4EB3-BA3C-FA05AEE67CB6}'
- Entry path '\{0E478F47-D66E-4DE5-8BE0-876334CD9EBD}'
- Entry path '\{E673B621-598C-4A26-8A81-2A485793D284}'
- Entry path '\{C19210A5-228E-4FEA-8C35-D871B9C4FB5F}'
- Entry path '\{9A26DFD9-8384-4F4C-B4E8-58F5A8829AFB}'
- Entry path '\{5AA35628-621C-4869-8C3F-FDDA0E1007B1}'
- Entry path '\{36EF27E1-070B-4449-BB00-BFD5F2EC510B}'
- Entry path '\{1DCAC8D1-9B4D-4FF8-ABA2-CFD2CD44EEB3}'
- Entry path '\{E7F58D98-807C-426A-8F92-2766A35F2221}'
Internet Explorer Browser Helper Object
Located in the registry at 'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects'
- BHO CLSID: {127AD70F-B2B7-4f6a-ACD9-C7B1FE48C8C0}
Malware detections
Based on 40+ industry antivirus scanners, 4 of them detected the following malware.
| Antivirus engine | Engine version | Detection |
| Bkav Security |
1.3.0.4923 |
W32.SedbotLAC.Trojan |
| Norman |
7.03.02 |
Suspicious_Gen2.VHJNO |
| Trend Micro HouseCall |
9.700.0.1001 |
TROJ_GEN.F47V0718 |
| VIPRE Antivirus |
25750 |
Backdoor.IRCBot |
Distribution by Windows OS
| OS version | distribution |
| Windows 7 Home Premium |
59.50% |
|
| Windows 7 Ultimate |
25.50% |
|
| Windows 7 Professional |
9.50% |
|
| Windows 7 Home Basic |
2.50% |
|
| Windows 7 Starter |
1.50% |
|
| Windows 8 Pro |
1.00% |
|
| Windows 8 Enterprise Evaluation |
0.50% |
|
Distribution by country
United States installs about 48.74% of Windows Installer - Unicode.
Distribution by PC manufacturer
| PC Manufacturer | distribution |
| Dell |
23.57% |
|
| Hewlett-Packard |
18.63% |
|
| ASUS |
12.93% |
|
| Toshiba |
12.93% |
|
| Acer |
11.79% |
|
| Lenovo |
4.56% |
|
| Samsung |
3.04% |
|
| Sony |
3.04% |
|
| GIGABYTE |
3.04% |
|
| Gateway |
1.52% |
|
| MSI |
1.52% |
|
| Alienware |
0.76% |
|
| Medion |
0.76% |
|
| Intel |
0.76% |
|
| NEC |
0.76% |
|
| Sahara |
0.38% |
|
