msinfo32.exe

  • File Path: C:\Windows\system32\msinfo32.exe
  • Description: System Information

Screenshot

msinfo32.exe

Hashes

Type Hash
MD5 41AA3C8C427A773B6C08460535EE8070
SHA1 A43ADB2303F09887A5E62F6B3EA5F728AD323E2E
SHA256 B3B40CF1227F21ED74DE6904C99E346EE1DC2B7D5E949D0F44FDCB1D10423307
SHA384 544C9C5594F63551ABF39ACE2978694496657FF9F9D0D2E3EFFD2EC940178E95B7EFA10499A1EB04D0F66CCF955A0477
SHA512 22EF26597E8728EA30D307ECFD40567B847845B10CD3822859781E50F96854E07C1E1D8BA45875EE166C313BC3647E0D8D77116D5B701AC614CB2547D72CF443
SSDEEP 6144:+r2K7TX6A9pEHWI8Ub8mZEOHHrpm1XUZLxEZEOHHrpm1XUZLx:+2AcHaqtLpm1EwtLpm1E
IMP 6AFCFEF40BD31E27B12E97D724B4E513
PESHA1 978AB6700E4DA05BDF8E177E8ACA8D4AF92CC5AB
PE256 14BC1AB0CD3586D67814B68D4CAD71370642A20D0F4D006EDDD76F4177BFCA7B

Runtime Data

Window Title:

System Information

Open Handles:

Path Type
(R-D) C:\Windows\Fonts\StaticCache.dat File
(R-D) C:\Windows\System32\en-US\MFC42u.dll.mui File
(R-D) C:\Windows\System32\en-US\msinfo32.exe.mui File
(R-D) C:\Windows\System32\en-US\propsys.dll.mui File
(R-D) C:\Windows\System32\en-US\user32.dll.mui File
(RW-) C:\Users\user File
(RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17763.1518_none_de6e2bd0534e2567 File
\BaseNamedObjects__ComCatalogCache__ Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000004.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000004.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro Section
\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 Section
\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 Section
\RPC Control\DSEC1304 Section
\Sessions\2\Windows\Theme2131664586 Section
\Windows\Theme966197582 Section

Loaded Modules:

Path
C:\Windows\System32\ADVAPI32.dll
C:\Windows\system32\ATL.DLL
C:\Windows\System32\bcrypt.dll
C:\Windows\System32\bcryptPrimitives.dll
C:\Windows\System32\cfgmgr32.dll
C:\Windows\System32\clbcatq.dll
C:\Windows\System32\combase.dll
C:\Windows\System32\COMDLG32.dll
C:\Windows\System32\CRYPT32.dll
C:\Windows\System32\cryptsp.dll
C:\Windows\system32\dwmapi.dll
C:\Windows\System32\GDI32.dll
C:\Windows\System32\gdi32full.dll
C:\Windows\System32\IMM32.DLL
C:\Windows\System32\kernel.appcore.dll
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\system32\MFC42u.dll
C:\Windows\System32\MSASN1.dll
C:\Windows\System32\MSCTF.dll
C:\Windows\system32\msinfo32.exe
C:\Windows\System32\msvcp_win.dll
C:\Windows\System32\msvcrt.dll
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\ole32.dll
C:\Windows\System32\OLEAUT32.dll
C:\Windows\System32\powrprof.dll
C:\Windows\System32\profapi.dll
C:\Windows\System32\RPCRT4.dll
C:\Windows\System32\sechost.dll
C:\Windows\System32\SETUPAPI.dll
C:\Windows\System32\shcore.dll
C:\Windows\System32\SHELL32.dll
C:\Windows\System32\SHLWAPI.dll
C:\Windows\system32\SLC.dll
C:\Windows\system32\sppc.dll
C:\Windows\System32\ucrtbase.dll
C:\Windows\System32\USER32.dll
C:\Windows\system32\uxtheme.dll
C:\Windows\system32\wbem\fastprox.dll
C:\Windows\system32\wbem\wbemprox.dll
C:\Windows\system32\wbem\wbemsvc.dll
C:\Windows\SYSTEM32\wbemcomn.dll
C:\Windows\System32\win32u.dll
C:\Windows\System32\windows.storage.dll
C:\Windows\System32\WS2_32.dll
C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17763.1518_none_de6e2bd0534e2567\COMCTL32.dll

Signature

  • Status: Signature verified.
  • Serial: 33000001C422B2F79B793DACB20000000001C4
  • Thumbprint: AE9C1AE54763822EEC42474983D8B635116C8452
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: msinfo.dll.mui
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.17763.1 (WinBuild.160101.0800)
  • Product Version: 10.0.17763.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/69
  • VirusTotal Link: https://www.virustotal.com/gui/file/b3b40cf1227f21ed74de6904c99e346ee1dc2b7d5e949d0f44fdcb1d10423307/detection/

File Similarity (ssdeep match)

File Score
C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\msinfo32.exe 49
C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\msinfo32.exe 58
C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\msinfo32.exe 61
C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe 52
C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe 63
C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe 100
C:\Windows\system32\msinfo32.exe 52
C:\Windows\system32\msinfo32.exe 63
C:\WINDOWS\system32\msinfo32.exe 43
C:\windows\system32\msinfo32.exe 69
C:\WINDOWS\system32\msinfo32.exe 63
C:\Windows\system32\msinfo32.exe 61
C:\Windows\SysWOW64\msinfo32.exe 57
C:\WINDOWS\SysWOW64\msinfo32.exe 41
C:\windows\SysWOW64\msinfo32.exe 60
C:\Windows\SysWOW64\msinfo32.exe 49
C:\WINDOWS\SysWOW64\msinfo32.exe 60
C:\Windows\SysWOW64\msinfo32.exe 58
C:\Windows\SysWOW64\msinfo32.exe 61

Additional Info*

*The information below is copied from MicrosoftDocs, which is maintained by Microsoft. Available under CC BY 4.0 license.


msinfo32

Applies to: Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012

Opens the System Information tool to display a comprehensive view of the hardware, system components, and software environment on the local computer.

Some System Information categories contain large amounts of data. You can use the start /wait command to optimize reporting performance for these categories. For more information, see System Information.

Syntax

msinfo32 [/pch] [/nfo <path>] [/report <path>] [/computer <computername>] [/showcategories] [/category <categoryID>] [/categories {+<categoryID>(+<categoryID>)|+all(-<categoryID>)}]

Parameters

Parameter Description
<path> Specifies the file to be opened in the format C:\Folder1\File1.xxx, where C is the drive letter, Folder1 is the folder, File1 is the file name, and xxx is the file name extension.<p>This file can be an .nfo, .xml, .txt, or .cab file.
<computername> Specifies the name of the target or local computer. This can be a UNC name, an IP address, or a full computer name.
<categoryID> Specifies the ID of the category item. You can obtain the category ID by using /showcategories.
/pch Displays the System History view in the System Information tool.
/nfo Saves the exported file as an .nfo file. If the file name that is specified in path does not end in an .nfo extension, the .nfo extension is automatically appended to the file name.
/report Saves the file in path as a text file. The file name is saved exactly as it appears in path. The .txt extension is not appended to the file unless it is specified in path.
/computer Starts the System Information tool for the specified remote computer. You must have the appropriate permissions to access the remote computer.
/showcategories Starts the System Information tool with all available category IDs displayed, rather than displaying the friendly or localized names. For example, the Software Environment category is displayed as the SWEnv category.
/category Starts System Information with the specified category selected. Use /showcategories to display a list of available category IDs.
/categories Starts System Information with only the specified category or categories displayed. It also limits the output to the selected category or categories. Use /showcategories to display a list of available category IDs.
/? Displays help at the command prompt.

Examples

To list the available category IDs, type:

msinfo32 /showcategories

To start the System Information tool with all available information displayed, except Loaded Modules, type:

msinfo32 /categories +all -loadedmodules

To display System Summary information and to create an .nfo file called syssum.nfo, which contains information in the System Summary category, type:

msinfo32 /nfo syssum.nfo /categories +systemsummary

To display resource conflict information and to create an .nfo file called conflicts.nfo, which contains information about resource conflicts, type:

msinfo32 /nfo conflicts.nfo /categories +componentsproblemdevices+resourcesconflicts+resourcesforcedhardware

Additional References


MIT License. Copyright (c) 2020-2021 Strontic.