msg.exe

  • File Path: C:\Windows\system32\msg.exe
  • Description: Message Utility

Hashes

Type Hash
MD5 B42553599E40029366A0FD8F81079BED
SHA1 81EE73E59C1D612700761CAC931CD3013215DFB2
SHA256 2BDAB404DF6E4990BC1FD8F7464DBA325FB993C67E592BA1C5DC4F07C02A8E85
SHA384 D1BFDA7690FC0A289275DAA13EDEC0B75B3097B5E03F583F92ECD7269E582637189FE5D0828A72C2A08394FE26860B43
SHA512 379226EDD56B5BF109102BE5FB3B340DB92AE9E1B0DB9BAA2A21EBEBC4E5A15C8E37E79E04167A4CDCC9F875F34F22C8D74FF7AE2BFBFEFFD8D47697EB3C2B4C
SSDEEP 768:S8Wp08SpWHZNwhOvCB5fHP14PoxZ8qtLwGP:S8Wp08FHZ8nCstDP
IMP CD3B5466F111A79E4AC06248B98E0B04
PESHA1 554191C216D0B4978BDD00B70A5DBDCB7601958C
PE256 F421C05B5CBE096EBF4B940BE6F518FB5B5D40B381D455381BAD48E369429EDF

Runtime Data

Usage (stdout):

Send a message to a user.

MSG {username | sessionname | sessionid | @filename | *}
    [/SERVER:servername] [/TIME:seconds] [/V] [/W] [message]

  username            Identifies the specified username.
  sessionname         The name of the session.
  sessionid           The ID of the session.
  @filename           Identifies a file containing a list of usernames,
                      sessionnames, and sessionids to send the message to.
  *                   Send message to all sessions on specified server.
  /SERVER:servername  server to contact (default is current).
  /TIME:seconds       Time delay to wait for receiver to acknowledge msg.
  /V                  Display information about actions being performed.
  /W                  Wait for response from user, useful with /V.
  message             Message to send.  If none specified, prompts for it
                      or reads from stdin.


Usage (stderr):

Invalid parameter(s)
Send a message to a user.

MSG {username | sessionname | sessionid | @filename | *}
    [/SERVER:servername] [/TIME:seconds] [/V] [/W] [message]

  username            Identifies the specified username.
  sessionname         The name of the session.
  sessionid           The ID of the session.
  @filename           Identifies a file containing a list of usernames,
                      sessionnames, and sessionids to send the message to.
  *                   Send message to all sessions on specified server.
  /SERVER:servername  server to contact (default is current).
  /TIME:seconds       Time delay to wait for receiver to acknowledge msg.
  /V                  Display information about actions being performed.
  /W                  Wait for response from user, useful with /V.
  message             Message to send.  If none specified, prompts for it
                      or reads from stdin.


Child Processes:

conhost.exe

Open Handles:

Path Type
(R-D) C:\Windows\System32\en-US\msg.exe.mui File
(RW-) C:\Users\user File
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000002.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2 Section
\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 Section
\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 Section

Loaded Modules:

Path
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\system32\msg.exe
C:\Windows\SYSTEM32\ntdll.dll

Signature

  • Status: Signature verified.
  • Serial: 330000023241FB59996DCC4DFF000000000232
  • Thumbprint: FF82BC38E1DA5E596DF374C53E3617F7EDA36B06
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: msg.exe.mui
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/75
  • VirusTotal Link: https://www.virustotal.com/gui/file/2bdab404df6e4990bc1fd8f7464dba325fb993c67e592ba1c5dc4f07c02a8e85/detection

Additional Info*

*The information below is copied from MicrosoftDocs, which is maintained by Microsoft. Available under CC BY 4.0 license.


msg

Applies to: Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012

Sends a message to a user on a Remote Desktop Session Host server.

[!NOTE] You must have Message special access permission to send a message.

Syntax

msg {<username> | <sessionname> | <sessionID>| @<filename> | *} [/server:<servername>] [/time:<seconds>] [/v] [/w] [<message>]

Parameters

Parameter Description
<username> Specifies the name of the user that you want to receive the message. If you don’t specify a user or a session, this command displays an error message. When specifying a session, it must be an active one.
<sessionname> Specifies the name of the session that you want to receive the message. If you don’t specify a user or a session, this command displays an error message. When specifying a session, it must be an active one.
<sessionID> Specifies the numeric ID of the session whose user you want to receive a message.
@<filename> Identifies a file containing a list of user names, session names, and session IDs that you want to receive the message.
* Sends the message to all user names on the system.
/server:<servername> Specifies the Remote Desktop Session Host server whose session or user you want to receive the message. If unspecified, /server uses the server to which you are currently logged on.
/time:<seconds> Specifies the amount of time that the message you sent is displayed on the user’s screen. After the time limit is reached, the message disappears. If no time limit is set, the message remains on the user’s screen until the user sees the message and clicks OK.
/v Displays information about the actions being performed.
/w Waits for an acknowledgment from the user that the message has been received. Use this parameter with /time:<*seconds*> to avoid a possible long delay if the user does not immediately respond. Using this parameter with /v is also helpful.
<message> Specifies the text of the message that you want to send. If no message is specified, you will be prompted to enter a message. To send a message that is contained in a file, type the less than (<) symbol followed by the file name.
/? Displays help at the command prompt.

Examples

To send a message entitled, Let’s meet at 1PM today to all sessions for User1, type:

msg User1 Let's meet at 1PM today

To send the same message to session modeM02, type:

msg modem02 Let's meet at 1PM today

To send the message to all sessions contained in the file userlist, type:

msg @userlist Let's meet at 1PM today

To send the message to all users who are logged on, type:

msg * Let's meet at 1PM today

To send the message to all users, with an acknowledgment time-out (for example, 10 seconds), type:

msg * /time:10 Let's meet at 1PM today

Additional References


MIT License. Copyright (c) 2020-2021 Strontic.