Dism.exe
- File Path:
C:\WINDOWS\SysWOW64\Dism.exe
- Description: Dism Image Servicing Utility
Hashes
Type |
Hash |
MD5 |
C41348073F502958A4FE3F6981A97ECB |
SHA1 |
D225602DBCFF412339C55F4452A4A222129DC9C3 |
SHA256 |
46D22406DF80879695FF8E73423CBC3B1ACEACC0BDBE1A13B510E170BF87A798 |
SHA384 |
C7F7CF3520B1E9B92DECEE977859DA9A63391D9C6B41D4472CBB3C59DE09FF8DA558871A3E85C390DAD0C1412B02677B |
SHA512 |
4F3A8A2FE01423C6A6C17236D6C39D965F33D699984001B30A2112D56D7BECE25B400F961659B388D1E07178AEE305C7E43271309930E728C0273CC5191654CF |
SSDEEP |
6144:vQaeF52z31EpT8hnwHXeIAiy56GrzGlSVx:vQKzlTZwOIzC6blSb |
IMP |
FD96DFD036209569746EF34D1C73C11A |
PESHA1 |
A6D75C105415EF9E1488DFCCFC92CA0BD8C36CE7 |
PE256 |
2B5E1044E6F6F7816564B4062E9E03E8790962261C0F3C62271D2051BC83016F |
Runtime Data
Usage (stdout):
Deployment Image Servicing and Management tool
Version: 10.0.22000.1
DISM.exe [dism_options] {Imaging_command} [<Imaging_arguments>]
DISM.exe {/Image:<path_to_offline_image> | /Online} [dism_options]
{servicing_command} [<servicing_arguments>]
DESCRIPTION:
DISM enumerates, installs, uninstalls, configures, and updates features
and packages in Windows images. The commands that are available depend
on the image being serviced and whether the image is offline or running.
FFU COMMANDS:
/Capture-Ffu - Captures a physical disk image into a new FFU file.
/Apply-Ffu - Applies an .ffu image.
/Split-Ffu - Splits an existing .ffu file into multiple read-only
split FFU files.
/Optimize-Ffu - Optimizes a FFU file so that it can be applied to storage
of a different size.
WIM COMMANDS:
/Apply-CustomDataImage - Dehydrates files contained in the custom data image.
/Capture-CustomImage - Captures customizations into a delta WIM file on a
WIMBoot system. Captured directories include all
subfolders and data.
/Get-WIMBootEntry - Displays WIMBoot configuration entries for the
specified disk volume.
/Update-WIMBootEntry - Updates WIMBoot configuration entry for the
specified disk volume.
/List-Image - Displays a list of the files and folders in a
specified image.
/Delete-Image - Deletes the specified volume image from a WIM file
that has multiple volume images.
/Export-Image - Exports a copy of the specified image to another
file.
/Append-Image - Adds another image to a WIM file.
/Capture-Image - Captures an image of a drive into a new WIM file.
Captured directories include all subfolders and
data.
/Get-MountedWimInfo - Displays information about mounted WIM images.
/Get-WimInfo - Displays information about images in a WIM file.
/Commit-Wim - Saves changes to a mounted WIM image.
/Unmount-Wim - Unmounts a mounted WIM image.
/Mount-Wim - Mounts an image from a WIM file.
/Remount-Wim - Recovers an orphaned WIM mount directory.
/Cleanup-Wim - Deletes resources associated with mounted WIM
images that are corrupted.
GENERIC IMAGING COMMANDS:
/Split-Image - Splits an existing .wim file into multiple
read-only split WIM (SWM) files.
/Apply-Image - Applies an image.
/Get-MountedImageInfo - Displays information about mounted WIM and VHD
images.
/Get-ImageInfo - Displays information about images in a WIM, a VHD
or a FFU file.
/Commit-Image - Saves changes to a mounted WIM or VHD image.
/Unmount-Image - Unmounts a mounted WIM or VHD image.
/Mount-Image - Mounts an image from a WIM or VHD file.
/Remount-Image - Recovers an orphaned image mount directory.
/Cleanup-Mountpoints - Deletes resources associated with corrupted
mounted images.
IMAGE SPECIFICATIONS:
/Online - Targets the running operating system.
/Image - Specifies the path to the root directory of an
offline Windows image.
DISM OPTIONS:
/English - Displays command line output in English.
/Format - Specifies the report output format.
/WinDir - Specifies the path to the Windows directory.
/SysDriveDir - Specifies the path to the system-loader file named
BootMgr.
/LogPath - Specifies the logfile path.
/LogLevel - Specifies the output level shown in the log (1-4).
/NoRestart - Suppresses automatic reboots and reboot prompts.
/Quiet - Suppresses all output except for error messages.
/ScratchDir - Specifies the path to a scratch directory.
For more information about these DISM options and their arguments, specify an
option immediately before /?.
Examples:
DISM.exe /Mount-Wim /?
DISM.exe /ScratchDir /?
DISM.exe /Image:C:\test\offline /?
DISM.exe /Online /?
Child Processes:
conhost.exe
Open Handles:
Path |
Type |
(R-D) C:\Windows\SysWOW64\Dism\en-US\DismCore.dll.mui |
File |
(R-D) C:\Windows\SysWOW64\en-US\Dism.exe.mui |
File |
(RW-) C:\Windows |
File |
(RW-) C:\Windows\Logs\DISM\dism.log |
File |
(RW-) C:\Windows\SysWOW64 |
File |
\BaseNamedObjects__ComCatalogCache__ |
Section |
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000001.db |
Section |
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db |
Section |
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro |
Section |
\BaseNamedObjects\SetupLogSection |
Section |
\Sessions\2\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 |
Section |
\Sessions\2\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 |
Section |
Loaded Modules:
Path |
C:\WINDOWS\SYSTEM32\ntdll.dll |
C:\WINDOWS\System32\wow64.dll |
C:\WINDOWS\System32\wow64base.dll |
C:\WINDOWS\System32\wow64con.dll |
C:\WINDOWS\System32\wow64cpu.dll |
C:\WINDOWS\System32\wow64win.dll |
C:\WINDOWS\SysWOW64\Dism.exe |
Signature
- Status: Signature verified.
- Serial:
33000002ED2C45E4C145CF48440000000002ED
- Thumbprint:
312860D2047EB81F8F58C29FF19ECDB4C634CF6A
- Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Original Filename: DISM.EXE.MUI
- Product Name: Microsoft Windows Operating System
- Company Name: Microsoft Corporation
- File Version: 10.0.22000.1 (WinBuild.160101.0800)
- Product Version: 10.0.22000.1
- Language: English (United States)
- Legal Copyright: Microsoft Corporation. All rights reserved.
- Machine Type: 32-bit
File Scan
- VirusTotal Detections: 0/73
- VirusTotal Link: https://www.virustotal.com/gui/file/46d22406df80879695ff8e73423cbc3b1aceacc0bdbe1a13b510e170bf87a798/detection
Possible Misuse
The following table contains possible examples of Dism.exe
being misused. While Dism.exe
is not inherently malicious, its legitimate functionality can be abused for malicious purposes.
MIT License. Copyright (c) 2020-2021 Strontic.