msg.exe

  • File Path: C:\WINDOWS\system32\msg.exe
  • Description: Message Utility

Hashes

Type Hash
MD5 27D2C294A45ACA08E9048A43AC8519F0
SHA1 D1549E6F1B159E7C7D050E1148CBEBBEE0D1E377
SHA256 81782E9F3F0816D1E242FCCBEB1D3589C6D2825D92D964CCA8D1E1C48E973F68
SHA384 E3A151D51EBD5806268113C058DF36A5A729B8AD6B4FF3116BAA7F2E38896E1905F6EFB7F3923FA2F8F28C965FF10848
SHA512 F857A80E55679260268892718E5B9F1AB459F51DAA5691B7F31EBAEC1CE4E509D4BBBAF3DBD773B309574D92F21EB9F8BCDDA9E47645A856893AE5BDB9326688
SSDEEP 768:P4znx3bPBIz9nyzhfY1DXD19ibFz7fmnVZb4:P4zx37BIz9nyl03IzE4
IMP CD3B5466F111A79E4AC06248B98E0B04
PESHA1 C78BF547ECA88D3A1BD2E68DA6A8C1CA48D8896F
PE256 80A5A1F5710E9E53A6607456F7553AFE8D5E2348EB5327281FDB0345EC6A1207

Runtime Data

Usage (stdout):

Send a message to a user.

MSG {username | sessionname | sessionid | @filename | *}
    [/SERVER:servername] [/TIME:seconds] [/V] [/W] [message]

  username            Identifies the specified username.
  sessionname         The name of the session.
  sessionid           The ID of the session.
  @filename           Identifies a file containing a list of usernames,
                      sessionnames, and sessionids to send the message to.
  *                   Send message to all sessions on specified server.
  /SERVER:servername  server to contact (default is current).
  /TIME:seconds       Time delay to wait for receiver to acknowledge msg.
  /V                  Display information about actions being performed.
  /W                  Wait for response from user, useful with /V.
  message             Message to send.  If none specified, prompts for it
                      or reads from stdin.


Usage (stderr):

Invalid parameter(s)
Send a message to a user.

MSG {username | sessionname | sessionid | @filename | *}
    [/SERVER:servername] [/TIME:seconds] [/V] [/W] [message]

  username            Identifies the specified username.
  sessionname         The name of the session.
  sessionid           The ID of the session.
  @filename           Identifies a file containing a list of usernames,
                      sessionnames, and sessionids to send the message to.
  *                   Send message to all sessions on specified server.
  /SERVER:servername  server to contact (default is current).
  /TIME:seconds       Time delay to wait for receiver to acknowledge msg.
  /V                  Display information about actions being performed.
  /W                  Wait for response from user, useful with /V.
  message             Message to send.  If none specified, prompts for it
                      or reads from stdin.


Child Processes:

conhost.exe

Open Handles:

Path Type
(R-D) C:\Windows\System32\en-US\msg.exe.mui File
(RW-) C:\Windows\System32 File
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000001.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro Section
\Sessions\2\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 Section
\Sessions\2\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 Section

Loaded Modules:

Path
C:\WINDOWS\System32\KERNEL32.DLL
C:\WINDOWS\System32\KERNELBASE.dll
C:\WINDOWS\system32\msg.exe
C:\WINDOWS\SYSTEM32\ntdll.dll

Signature

  • Status: Signature verified.
  • Serial: 33000002ED2C45E4C145CF48440000000002ED
  • Thumbprint: 312860D2047EB81F8F58C29FF19ECDB4C634CF6A
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: msg.exe.mui
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.22000.1 (WinBuild.160101.0800)
  • Product Version: 10.0.22000.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/72
  • VirusTotal Link: https://www.virustotal.com/gui/file/81782e9f3f0816d1e242fccbeb1d3589c6d2825d92d964cca8d1e1c48e973f68/detection

Additional Info*

*The information below is copied from MicrosoftDocs, which is maintained by Microsoft. Available under CC BY 4.0 license.


msg

Applies to: Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012

Sends a message to a user on a Remote Desktop Session Host server.

[!NOTE] You must have Message special access permission to send a message.

Syntax

msg {<username> | <sessionname> | <sessionID>| @<filename> | *} [/server:<servername>] [/time:<seconds>] [/v] [/w] [<message>]

Parameters

Parameter Description
<username> Specifies the name of the user that you want to receive the message. If you don’t specify a user or a session, this command displays an error message. When specifying a session, it must be an active one.
<sessionname> Specifies the name of the session that you want to receive the message. If you don’t specify a user or a session, this command displays an error message. When specifying a session, it must be an active one.
<sessionID> Specifies the numeric ID of the session whose user you want to receive a message.
@<filename> Identifies a file containing a list of user names, session names, and session IDs that you want to receive the message.
* Sends the message to all user names on the system.
/server:<servername> Specifies the Remote Desktop Session Host server whose session or user you want to receive the message. If unspecified, /server uses the server to which you are currently logged on.
/time:<seconds> Specifies the amount of time that the message you sent is displayed on the user’s screen. After the time limit is reached, the message disappears. If no time limit is set, the message remains on the user’s screen until the user sees the message and clicks OK.
/v Displays information about the actions being performed.
/w Waits for an acknowledgment from the user that the message has been received. Use this parameter with /time:<*seconds*> to avoid a possible long delay if the user does not immediately respond. Using this parameter with /v is also helpful.
<message> Specifies the text of the message that you want to send. If no message is specified, you will be prompted to enter a message. To send a message that is contained in a file, type the less than (<) symbol followed by the file name.
/? Displays help at the command prompt.

Examples

To send a message entitled, Let’s meet at 1PM today to all sessions for User1, type:

msg User1 Let's meet at 1PM today

To send the same message to session modeM02, type:

msg modem02 Let's meet at 1PM today

To send the message to all sessions contained in the file userlist, type:

msg @userlist Let's meet at 1PM today

To send the message to all users who are logged on, type:

msg * Let's meet at 1PM today

To send the message to all users, with an acknowledgment time-out (for example, 10 seconds), type:

msg * /time:10 Let's meet at 1PM today

Additional References


MIT License. Copyright (c) 2020-2021 Strontic.