Microsoft Installer package (.msi)

.msi file signature | application/x-ms-installer

Microsoft Installer (MSI) is a package file format developed and maintained by Microsoft for the Windows Installer service. It is used to distribute software installers, updates, and administrative deployment packages on Windows systems, and may also store shortcuts, configuration data, and installation scripts. MSI packages are common targets for software deployment and abuse, so files from untrusted sources should be handled cautiously; the format also has roots in older Compound File Binary Format containers.

High

High Risk Format

This file type can contain executable code. Always validate the source and scan with antivirus before opening.

Magic Bytes

Offset 0


              D0 CF 11 E0 A1 B1 1A E1

Sources: Wikipedia, Gary Kessler

All Known Signatures

2 signature variants are documented for .msi files across multiple sources.

Hex Signature	Offset	Sources
D0 CF 11 E0 A1 B1 1A E1	0	Wikipedia, Gary Kessler
23 20	0	Gary Kessler

Extension

.msi

MIME Type

application/x-ms-installer

Byte Offset

Risk Level

High

Validation Code

How to validate .msi files in Python

Python

def is_msi(file_path: str) -> bool:
    """Check if file is a valid MSI by magic bytes."""
    signature = bytes([0xD0, 0xCF, 0x11, 0xE0, 0xA1, 0xB1, 0x1A, 0xE1])
    with open(file_path, "rb") as f:
        return f.read(8) == signature

How to validate .msi files in Node.js

Node.js

function isMSI(buffer: Buffer): boolean {
  const signature = Buffer.from([0xD0, 0xCF, 0x11, 0xE0, 0xA1, 0xB1, 0x1A, 0xE1]);
  return buffer.subarray(0, 8).equals(signature);
}

How to validate .msi files in Go

func IsMSI(data []byte) bool {
    signature := []byte{0xD0, 0xCF, 0x11, 0xE0, 0xA1, 0xB1, 0x1A, 0xE1}
    if len(data) < 8 {
        return false
    }
    return bytes.Equal(data[:8], signature)
}

API Endpoint

GET /api/v1/msi


              curl https://filesignature.org/api/v1/msi

See the full API documentation for all endpoints and parameters.

Related Formats

.a .axf .bin .com .cpl .dll

Frequently Asked Questions

What is a .msi file?

A .msi file is a Microsoft Installer package file. Microsoft Installer (MSI) is a package file format developed and maintained by Microsoft for the Windows Installer service. It is used to distribute software installers, updates, and administrative deployment packages on Windows systems, and may also store shortcuts, configuration data, and installation scripts. MSI packages are common targets for software deployment and abuse, so files from untrusted sources should be handled cautiously; the format also has roots in older Compound File Binary Format containers.

What are the magic bytes for .msi files?

The magic bytes for Microsoft Installer package files are D0 CF 11 E0 A1 B1 1A E1 at byte offset 0. These bytes uniquely identify the file format regardless of the file extension.

How do I validate a .msi file?

To validate a .msi file, read the first bytes of the file and compare them against the known magic bytes (D0 CF 11 E0 A1 B1 1A E1) at offset 0. This is more reliable than checking the file extension alone, as extensions can be renamed.

What is the MIME type for .msi files?

The primary MIME type for .msi files is application/x-ms-installer.

Is it safe to open .msi files?

Microsoft Installer package (.msi) files are high risk because they can contain executable code. Never open .msi files from untrusted sources. Always scan with antivirus software, verify the source, and consider running in a sandboxed environment.