PackageInspector.exe
- File Path:
C:\WINDOWS\system32\PackageInspector.exe
- Description: PackageInspector allows creation of a catalog containing all executable files laid down by an installer
Hashes
| Type |
Hash |
| MD5 |
6C538AD5F6CE5DBC6FF72F1E4319AE0B |
| SHA1 |
ABE69F49D08E465FDF9CEB538935E3011D1E13A1 |
| SHA256 |
F32F1FC2245E6AD6B6A316C8E68AEA73EB354C5C8542D45DE36162FCD397B0A2 |
| SHA384 |
1CA13F0D7E374880E1CB602FC8013A3685D37263931B8D63B83C8B74451A6C9867960FD09AB675F25AA8B4A3A32379CB |
| SHA512 |
8FFC3CD5919D435769CEC8E7786AF80FC570691CDA08598D2F0D19A18EF7E233F51DEF6A563614B862F8D2DA4B12F4685D21151CAE53FF29AEA36B82FFFD37B1 |
| SSDEEP |
1536:3C9Kmf+unWC79Mo3i3rZB20GFnSODukGX9q+K73FgHV5TlbJaLn:3CbnWC7Ib7GgO9Gw+K71gHV5Tlw |
| IMP |
BE9CC8974980428AD11BEA059AD1E4B2 |
| PESHA1 |
7D0F3A6C54903037DA71B8058384BF1233213018 |
| PE256 |
6EE070FB026814FF0EFD7C722CDF1481F87AA226A9AD515F5C68832CBD6D9C71 |
Runtime Data
Usage (stdout):
Usage:
PackageInspector.exe <command> <DriveLetter or Path> [options]
PackageInspector.exe start <DriveLetter>: [-path <pathToInstaller>]
PackageInspector.exe stop <DriveLetter>: -out cdf|cat|list [-cdfPath <outputCdfPath>] [-name <nameOfCat>] [-resdir <directoryForCat>] [-ph true | false] [-en <encoding type>] [-ca1 <CATATTR1>] [-ca2 <CATATTR2>] [-listPath <pathToOutputList.txt>]
PackageInspector.exe scan <PathToScan> -out cdf|cat|list [-cdfPath <outputCdfPath>] [-name <nameOfCat>] [-resdir <directoryForCat>] [-ph true | false] [-en <encoding type>] [-ca1 <CATATTR1>] [-ca2 <CATATTR2>] [-listPath <pathToOutputList.txt>]
Valid Commands :
start -- Specifies that a user will start a scan
stop -- Specifies that a scan is complete and one of the supported outputs it to be produced
scan -- Specifies that PackageInspector is to directly scan the given path rather than monitor created files. Takes same options as stop
Start Options :
path -- File path to the package being inspected
Stop/Scan Options :
out -- Specifies what the tool should output from the scan (CAT, CDF, or List)
cdfPath -- Specifies the full path for output of CDF including filename
name -- Specifies the name of the catalog to produce
resdir -- Specifies the result directory of the catalog
ph -- Specifies whether page hashes should be included in the catalog
en -- Specifies the encoding type of the catalog
ca1 -- Specifies CATATTR1 in the CDF or CAT
ca2 -- Specifies CATATTR2 in the CDF or CAT
listPath -- Specifies location to output list of files laid down by installer (for -out list)
Loaded Modules:
| Path |
| C:\WINDOWS\System32\KERNEL32.DLL |
| C:\WINDOWS\System32\KERNELBASE.dll |
| C:\WINDOWS\SYSTEM32\ntdll.dll |
| C:\WINDOWS\system32\PackageInspector.exe |
Signature
- Status: Signature verified.
- Serial:
33000002ED2C45E4C145CF48440000000002ED
- Thumbprint:
312860D2047EB81F8F58C29FF19ECDB4C634CF6A
- Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Original Filename: PACKAGEINSPECTOR.EXE.MUI
- Product Name: Microsoft Windows Operating System
- Company Name: Microsoft Corporation
- File Version: 1.00 (WinBuild.160101.0800)
- Product Version: 10.0.22000.1
- Language: English (United States)
- Legal Copyright: Microsoft Corporation. All rights reserved.
- Machine Type: 64-bit
File Scan
- VirusTotal Detections: 0/71
- VirusTotal Link: https://www.virustotal.com/gui/file/f32f1fc2245e6ad6b6a316c8e68aea73eb354c5c8542d45de36162fcd397b0a2/detection
MIT License. Copyright (c) 2020-2021 Strontic.