MsiDb.exe
- File Path:
C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\x86\MsiDb.exe
- Description: Windows Installer Table Creator
Screenshot
Hashes
| Type |
Hash |
| MD5 |
A8F07B6C9038A150566C3086F48AA79A |
| SHA1 |
59102B8A1EBEB66A016CBE54E4D18D62B5ACFE7B |
| SHA256 |
A4DF033D52A74020EB742A88138D312B0C3FB2770468FE8B6A9C5CFA5D2256B8 |
| SHA384 |
67479A9E293195556476B010725A7A25DAF5F4E7D17C8323ED9C57E599E9DD72E8830B7E76F96291FE307FF4BDA846E3 |
| SHA512 |
E761E81BBCE892CF5D1D1942E990B7073ED4646C739AC6F3029822F1347929584C20E55F5DB618F74BB640A40339EC42A153C7D77926F61098DC30790315BCCF |
| SSDEEP |
1536:kBIfJYeBqWCuVyW9zQYuJWoaw2TQ6xlgppbIkM6CTfxD+tWHlgQ/X3y:kBIfeeBBt9SdZ2TFx2NC+tkyi |
| IMP |
2DF29D0736B8A2A1FCCE9F4F1B61F32A |
| PESHA1 |
1AFF2367A3B4FF0298793112C76CD36D95F0AE55 |
| PE256 |
D822C6F9246A2C5540537943CE8D37D256F727E24554D7CD196EE0C23214D85E |
Runtime Data
Usage (stdout):
No mode option specified: (-e, -i, -c, -m, -a, -r, -t)
Window Title:
MsiDb(d) - Database Modifier
Open Handles:
| Path |
Type |
| (R-D) C:\Windows\Fonts\StaticCache.dat |
File |
| (RW-) C:\Users\user |
File |
| (RW-) C:\Windows |
File |
| (RW-) C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.488_none_89e6152f0b32762e |
File |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000002.db |
Section |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db |
Section |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2 |
Section |
| \BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 |
Section |
| \BaseNamedObjects\NLS_CodePage_437_3_2_0_0 |
Section |
| \Sessions\1\Windows\Theme1383959086 |
Section |
| \Windows\Theme2042523233 |
Section |
Loaded Modules:
| Path |
| C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\x86\MsiDb.exe |
| C:\Windows\SYSTEM32\ntdll.dll |
| C:\Windows\System32\wow64.dll |
| C:\Windows\System32\wow64cpu.dll |
| C:\Windows\System32\wow64win.dll |
Signature
- Status: Signature verified.
- Serial:
33000002CF6D2CC57CAA65A6D80000000002CF
- Thumbprint:
1A221B3B4FEF088B17BA6704FD088DF192D9E0EF
- Issuer: CN=Microsoft Code Signing PCA 2010, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Subject: CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Original Filename: msidb.exe
- Product Name: Windows Installer
- Company Name: Microsoft Corporation
- File Version: 5.0.19041.1 (WinBuild.160101.0800)
- Product Version: 5.0.19041.1
- Language: English (United States)
- Legal Copyright: Microsoft Corporation. All rights reserved.
- Machine Type: 32-bit
File Scan
- VirusTotal Detections: Unknown
File Similarity (ssdeep match)
MIT License. Copyright (c) 2020-2021 Strontic.