{"success":true,"data":{"ext":"msi","name":"Microsoft Installer package","description":"Microsoft Installer (MSI) is a package file format developed and maintained by Microsoft for the Windows Installer service. It is used to distribute software installers, updates, and administrative deployment packages on Windows systems, and may also store shortcuts, configuration data, and installation scripts. MSI packages are common targets for software deployment and abuse, so files from untrusted sources should be handled cautiously; the format also has roots in older Compound File Binary Format containers.","mime":["application/x-ms-installer"],"risk_level":"High","signatures":[{"hex":"D0 CF 11 E0 A1 B1 1A E1","offset":0,"sources":[{"name":"Wikipedia","url":"https://en.wikipedia.org/wiki/List_of_file_signatures"},{"name":"Gary Kessler","url":"https://www.garykessler.net/library/file_sigs_GCK_latest.html"}]},{"hex":"23 20","offset":0,"sources":[{"name":"Gary Kessler","url":"https://www.garykessler.net/library/file_sigs_GCK_latest.html"}]}],"related":["a","bin","com","dll","elf","exe"],"usage":{"python":"def is_msi(file_path: str) -> bool:\n    \"\"\"Check if file is a valid MSI by magic bytes.\"\"\"\n    signature = bytes([0xD0, 0xCF, 0x11, 0xE0, 0xA1, 0xB1, 0x1A, 0xE1])\n    with open(file_path, \"rb\") as f:\n        return f.read(8) == signature","node":"function isMSI(buffer: Buffer): boolean {\n  const signature = Buffer.from([0xD0, 0xCF, 0x11, 0xE0, 0xA1, 0xB1, 0x1A, 0xE1]);\n  return buffer.subarray(0, 8).equals(signature);\n}","go":"func IsMSI(data []byte) bool {\n    signature := []byte{0xD0, 0xCF, 0x11, 0xE0, 0xA1, 0xB1, 0x1A, 0xE1}\n    if len(data) < 8 {\n        return false\n    }\n    return bytes.Equal(data[:8], signature)\n}"},"category":"Executables"}}