mspaint.exe

  • File Path: C:\Users\user\AppData\Local\Microsoft\WindowsApps\mspaint.exe
  • Description: –help - Paint (Window Title)

Screenshot

mspaint.exe

Hashes

Type | Hash – | – MD5 | SHA1 | SHA256 | SHA384 | SHA512 | SSDEEP |

Runtime Data

Window Title:

–help - Paint

Open Handles:

Path Type
(R-D) C:\Program Files\WindowsApps\Microsoft.Paint_11.2110.0.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\theme-light\ColorPicker.scale-100.png File
(R-D) C:\Program Files\WindowsApps\Microsoft.Paint_11.2110.0.0_x64__8wekyb3d8bbwe\Assets\theme-light\CanvasSize.png File
(R-D) C:\Program Files\WindowsApps\Microsoft.Paint_11.2110.0.0_x64__8wekyb3d8bbwe\Assets\theme-light\Cursor.png File
(R-D) C:\Program Files\WindowsApps\Microsoft.Paint_11.2110.0.0_x64__8wekyb3d8bbwe\Assets\theme-light\ObjectSize.png File
(R-D) C:\Program Files\WindowsApps\Microsoft.Paint_11.2110.0.0_x64__8wekyb3d8bbwe\PaintApp\PaintUI\App.xbf File
(R-D) C:\Program Files\WindowsApps\Microsoft.Paint_11.2110.0.0_x64__8wekyb3d8bbwe\PaintApp\PaintUI\ClipboardToolbar.xbf File
(R-D) C:\Program Files\WindowsApps\Microsoft.Paint_11.2110.0.0_x64__8wekyb3d8bbwe\PaintApp\PaintUI\CollapsedToolbar.xbf File
(R-D) C:\Program Files\WindowsApps\Microsoft.Paint_11.2110.0.0_x64__8wekyb3d8bbwe\PaintApp\PaintUI\ColorsToolbar.xbf File
(R-D) C:\Program Files\WindowsApps\Microsoft.Paint_11.2110.0.0_x64__8wekyb3d8bbwe\PaintApp\PaintUI\ImageToolbar.xbf File
(R-D) C:\Program Files\WindowsApps\Microsoft.Paint_11.2110.0.0_x64__8wekyb3d8bbwe\PaintApp\PaintUI\MenuBar.xbf File
(R-D) C:\Program Files\WindowsApps\Microsoft.Paint_11.2110.0.0_x64__8wekyb3d8bbwe\PaintApp\PaintUI\Ribbon.xbf File
(R-D) C:\Program Files\WindowsApps\Microsoft.Paint_11.2110.0.0_x64__8wekyb3d8bbwe\PaintApp\PaintUI\ShapesToolbar.xbf File
(R-D) C:\Program Files\WindowsApps\Microsoft.Paint_11.2110.0.0_x64__8wekyb3d8bbwe\PaintApp\PaintUI\StatusBar.xbf File
(R-D) C:\Program Files\WindowsApps\Microsoft.Paint_11.2110.0.0_x64__8wekyb3d8bbwe\PaintApp\PaintUI\ToolsToolbar.xbf File
(R-D) C:\Program Files\WindowsApps\Microsoft.Paint_11.2110.0.0_x64__8wekyb3d8bbwe\PaintApp\PaintUI\TopBar.xbf File
(R-D) C:\Program Files\WindowsApps\Microsoft.Paint_11.2110.0.0_x64__8wekyb3d8bbwe\PaintApp\PaintUI\ZoomSlider.xbf File
(R-D) C:\Windows\System32\en-US\KernelBase.dll.mui File
(R-D) C:\Windows\System32\en-US\windows.ui.xaml.dll.mui File
(RW-) C:\Windows\debug\WIA\wiatrace.log File
(RW-) C:\Windows\System32 File
(RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_9d947278b86cc467 File
(RW-) C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.22000.282_none_ce81670012fd6ff0 File
(RWD) C:\Program Files\WindowsApps\Microsoft.Paint_11.2110.0.0_x64__8wekyb3d8bbwe\Assets\PaintIcons.ttf File
(RWD) C:\Windows\Fonts\segoeui.ttf File
(RWD) C:\Windows\Fonts\SegUIVar.ttf File
\BaseNamedObjects__ComCatalogCache__ Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000001.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro Section
\BaseNamedObjects\RotHintTable Section
\BaseNamedObjects\windows_shell_global_counters Section
\Sessions\2\BaseNamedObjects\fa0HWNDInterface:1101a0 Section
\Sessions\2\BaseNamedObjects\fa0HWNDInterface:1e056a Section
\Sessions\2\BaseNamedObjects\fa0HWNDInterface:300a04 Section
\Sessions\2\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 Section
\Sessions\2\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 Section
\Sessions\2\BaseNamedObjects\SessionImmersiveColorPreference Section
\Sessions\2\BaseNamedObjects\windows_shell_global_counters Section
\Sessions\2\Windows\Theme1077709572 Section
\Windows\Theme3461253685 Section

Loaded Modules:

Path
C:\Program Files\WindowsApps\Microsoft.Paint_11.2110.0.0_x64__8wekyb3d8bbwe\PaintApp\mspaint.exe
C:\WINDOWS\System32\combase.dll
C:\WINDOWS\System32\KERNEL32.DLL
C:\WINDOWS\System32\KERNELBASE.dll
C:\WINDOWS\SYSTEM32\ntdll.dll
C:\WINDOWS\System32\ucrtbase.dll

Signature

  • Status: Signature verified.
  • Serial: 33000003F16206E3E7EFDA8ABE0000000003F1
  • Thumbprint: 5362FAEB842C236D05A729B7FAC85BAA1B68BDCA
  • Issuer: CN=Microsoft Code Signing PCA 2010, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename:
  • Product Name:
  • Company Name:
  • File Version:
  • Product Version:
  • Language:
  • Legal Copyright:

File Scan

  • VirusTotal Detections: Unknown

Possible Misuse

The following table contains possible examples of mspaint.exe being misused. While mspaint.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma sysmon_suspicious_remote_thread.yml - '\mspaint.exe' DRL 1.0
malware-ioc nukesped_lazarus .mspaint.exe (a 2009 file)``{:.highlight .language-cmhg} © ESET 2014-2018
malware-ioc nukesped_lazarus .mspaint.exe``{:.highlight .language-cmhg} © ESET 2014-2018
signature-base apt_codoso.yar $s4 = “mspaint.exe” fullword ascii CC BY-NC 4.0

MIT License. Copyright (c) 2020-2021 Strontic.