msinfo32.exe

  • File Path: C:\Windows\SysWOW64\msinfo32.exe
  • Description: System Information

Screenshot

msinfo32.exe

Hashes

Type Hash
MD5 5C49B7B55D4AF40DB1047E08484D6656
SHA1 1C25FC6D78B306225FFEFFE6226BFC8541D24FDC
SHA256 7C84C55EA7DF524E972BEF93CDDF8B8F62C23790FD8B2D3E239455635FA65948
SHA384 61A91DC7E5F7B7C477CBAB941A27B06BA567863F148E62EEBD655D5FFE275FA61ECDE67072F426E7B134026F3535D649
SHA512 A38AB7B73033E6468559490510BC5D0BBE8AEE17B14C30A27846BE69E1F1851B5554660803BA2040FD4E57FEF4A4385559869EB9F6662511C1D89C1B85B748CD
SSDEEP 6144:74PdGoG/rOrz3/+pYsMOm3WxKhph5hph2n1oCCwZEOHHrpm1XUZLxEZEOHHrpm1z:7cGN/qfEYLh3WxKhph5hph2n1ewtLpmK
IMP B82A7325B56EDAACBA365CDE179A07C8
PESHA1 B6D1649EB5E4C552E7446E417A20EA148B9BBBB7
PE256 F99A20E537DDD0878B7C1D6061CDAEA9A508EF6A22819647A16C239AFA70807B

Runtime Data

Window Title:

System Information

Open Handles:

Path Type
(R-D) C:\Windows\Fonts\StaticCache.dat File
(R-D) C:\Windows\System32\en-US\MFC42u.dll.mui File
(R-D) C:\Windows\System32\en-US\msinfo32.exe.mui File
(R-D) C:\Windows\System32\en-US\propsys.dll.mui File
(R-D) C:\Windows\System32\en-US\winnlsres.dll.mui File
(R-D) C:\Windows\SysWOW64\en-US\user32.dll.mui File
(RW-) C:\Users\user File
(RW-) C:\Windows File
(RW-) C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984 File
\BaseNamedObjects__ComCatalogCache__ Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000002.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2 Section
\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 Section
\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 Section
\Sessions\1\Windows\Theme449731986 Section
\Windows\Theme1396518710 Section

Loaded Modules:

Path
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\wow64.dll
C:\Windows\System32\wow64cpu.dll
C:\Windows\System32\wow64win.dll
C:\Windows\SysWOW64\msinfo32.exe

Signature

  • Status: Signature verified.
  • Serial: 33000002EC6579AD1E670890130000000002EC
  • Thumbprint: F7C2F2C96A328C13CDA8CDB57B715BDEA2CBD1D9
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: msinfo.dll
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1110 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.1110
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 0/73
  • VirusTotal Link: https://www.virustotal.com/gui/file/7c84c55ea7df524e972bef93cddf8b8f62c23790fd8b2d3e239455635fa65948/detection

File Similarity (ssdeep match)

File Score
C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\msinfo32.exe 100
C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\msinfo32.exe 63
C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\msinfo32.exe 47
C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe 44
C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe 49
C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe 49
C:\Windows\system32\msinfo32.exe 44
C:\Windows\system32\msinfo32.exe 49
C:\Windows\system32\msinfo32.exe 49
C:\WINDOWS\system32\msinfo32.exe 43
C:\windows\system32\msinfo32.exe 49
C:\WINDOWS\system32\msinfo32.exe 50
C:\Windows\system32\msinfo32.exe 47
C:\Windows\SysWOW64\msinfo32.exe 44
C:\WINDOWS\SysWOW64\msinfo32.exe 38
C:\windows\SysWOW64\msinfo32.exe 44
C:\WINDOWS\SysWOW64\msinfo32.exe 61
C:\Windows\SysWOW64\msinfo32.exe 63
C:\Windows\SysWOW64\msinfo32.exe 47

Additional Info*

*The information below is copied from MicrosoftDocs, which is maintained by Microsoft. Available under CC BY 4.0 license.

msinfo32

Applies to: Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012

Opens the System Information tool to display a comprehensive view of the hardware, system components, and software environment on the local computer.

Some System Information categories contain large amounts of data. You can use the start /wait command to optimize reporting performance for these categories. For more information, see System Information.

Syntax

msinfo32 [/pch] [/nfo <path>] [/report <path>] [/computer <computername>] [/showcategories] [/category <categoryID>] [/categories {+<categoryID>(+<categoryID>)|+all(-<categoryID>)}]

Parameters

Parameter Description
<path> Specifies the file to be opened in the format C:\Folder1\File1.xxx, where C is the drive letter, Folder1 is the folder, File1 is the file name, and xxx is the file name extension.<p>This file can be an .nfo, .xml, .txt, or .cab file.
<computername> Specifies the name of the target or local computer. This can be a UNC name, an IP address, or a full computer name.
<categoryID> Specifies the ID of the category item. You can obtain the category ID by using /showcategories.
/pch Displays the System History view in the System Information tool.
/nfo Saves the exported file as an .nfo file. If the file name that is specified in path does not end in an .nfo extension, the .nfo extension is automatically appended to the file name.
/report Saves the file in path as a text file. The file name is saved exactly as it appears in path. The .txt extension is not appended to the file unless it is specified in path.
/computer Starts the System Information tool for the specified remote computer. You must have the appropriate permissions to access the remote computer.
/showcategories Starts the System Information tool with all available category IDs displayed, rather than displaying the friendly or localized names. For example, the Software Environment category is displayed as the SWEnv category.
/category Starts System Information with the specified category selected. Use /showcategories to display a list of available category IDs.
/categories Starts System Information with only the specified category or categories displayed. It also limits the output to the selected category or categories. Use /showcategories to display a list of available category IDs.
/? Displays help at the command prompt.

Examples

To list the available category IDs, type:

msinfo32 /showcategories

To start the System Information tool with all available information displayed, except Loaded Modules, type:

msinfo32 /categories +all -loadedmodules

To display System Summary information and to create an .nfo file called syssum.nfo, which contains information in the System Summary category, type:

msinfo32 /nfo syssum.nfo /categories +systemsummary

To display resource conflict information and to create an .nfo file called conflicts.nfo, which contains information about resource conflicts, type:

msinfo32 /nfo conflicts.nfo /categories +componentsproblemdevices+resourcesconflicts+resourcesforcedhardware

Additional References

MIT License. Copyright (c) 2020-2021 Strontic.