Microsoft Installer package (.msi)
.msi file signature | application/octet-stream
Compound File Binary Format, a container format defined by Microsoft COM. It can contain the equivalent of files and directories. It is used byWindows Installerand for documents in older versions ofMicrosoft Office.[44]It can be used by other programs as well that rely on the COM and OLE API's. (0xD0CF11E0visually resembles "DOCFILE".[45])
High Risk Format
This file type can contain executable code. Always validate the source and scan with antivirus before opening.
Magic Bytes
Offset 0
D0 CF 11 E0 A1 B1 1A E1
Sources: Wikipedia, Gary Kessler
All Known Signatures
3 signature variants are documented for .msi files across multiple sources.
| Hex Signature | Offset | Sources |
|---|---|---|
| D0 CF 11 E0 A1 B1 1A E1 | 0 | Wikipedia, Gary Kessler |
| 23 20 | 0 | Gary Kessler |
| CF FA ED FE | 0 | Gary Kessler |
Extension
.msi
MIME Type
application/octet-stream
Byte Offset
0
Risk Level
High
Validation Code
How to validate .msi files in Python
def is_msi(file_path: str) -> bool:
"""Check if file is a valid MSI by magic bytes."""
signature = bytes([0xD0, 0xCF, 0x11, 0xE0, 0xA1, 0xB1, 0x1A, 0xE1])
with open(file_path, "rb") as f:
return f.read(8) == signatureHow to validate .msi files in Node.js
function isMSI(buffer: Buffer): boolean {
const signature = Buffer.from([0xD0, 0xCF, 0x11, 0xE0, 0xA1, 0xB1, 0x1A, 0xE1]);
return buffer.subarray(0, 8).equals(signature);
}How to validate .msi files in Go
func IsMSI(data []byte) bool {
signature := []byte{0xD0, 0xCF, 0x11, 0xE0, 0xA1, 0xB1, 0x1A, 0xE1}
if len(data) < 8 {
return false
}
return bytes.Equal(data[:8], signature)
}API Endpoint
/api/v1/msi
curl https://filesignature.org/api/v1/msi
See the full API documentation for all endpoints and parameters.
Frequently Asked Questions
What is a .msi file?
A .msi file is a Microsoft Installer package file. Compound File Binary Format, a container format defined by Microsoft COM. It can contain the equivalent of files and directories. It is used byWindows Installerand for documents in older versions ofMicrosoft Office.[44]It can be used by other programs as well that rely on the COM and OLE API's. (0xD0CF11E0visually resembles "DOCFILE".[45])
What are the magic bytes for .msi files?
The magic bytes for Microsoft Installer package files are D0 CF 11 E0 A1 B1 1A E1 at byte offset 0. These bytes uniquely identify the file format regardless of the file extension.
How do I validate a .msi file?
To validate a .msi file, read the first bytes of the file and compare them against the known magic bytes (D0 CF 11 E0 A1 B1 1A E1) at offset 0. This is more reliable than checking the file extension alone, as extensions can be renamed.
What is the MIME type for .msi files?
There is no officially registered MIME type for .msi files. Systems typically use application/octet-stream as a generic fallback when handling this format.
Is it safe to open .msi files?
Microsoft Installer package (.msi) files are high risk because they can contain executable code. Never open .msi files from untrusted sources. Always scan with antivirus software, verify the source, and consider running in a sandboxed environment.