mspaint.exe
- File Path:
C:\Users\user\AppData\Local\Microsoft\WindowsApps\mspaint.exe - Description: –help - Paint (Window Title)
Screenshot
Hashes
Type | Hash
– | –
MD5 |
SHA1 |
SHA256 |
SHA384 |
SHA512 |
SSDEEP |
Runtime Data
Window Title:
–help - Paint
Open Handles:
| Path | Type |
|---|---|
| (R-D) C:\Program Files\WindowsApps\Microsoft.Paint_11.2110.0.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\theme-light\ColorPicker.scale-100.png | File |
| (R-D) C:\Program Files\WindowsApps\Microsoft.Paint_11.2110.0.0_x64__8wekyb3d8bbwe\Assets\theme-light\CanvasSize.png | File |
| (R-D) C:\Program Files\WindowsApps\Microsoft.Paint_11.2110.0.0_x64__8wekyb3d8bbwe\Assets\theme-light\Cursor.png | File |
| (R-D) C:\Program Files\WindowsApps\Microsoft.Paint_11.2110.0.0_x64__8wekyb3d8bbwe\Assets\theme-light\ObjectSize.png | File |
| (R-D) C:\Program Files\WindowsApps\Microsoft.Paint_11.2110.0.0_x64__8wekyb3d8bbwe\PaintApp\PaintUI\App.xbf | File |
| (R-D) C:\Program Files\WindowsApps\Microsoft.Paint_11.2110.0.0_x64__8wekyb3d8bbwe\PaintApp\PaintUI\ClipboardToolbar.xbf | File |
| (R-D) C:\Program Files\WindowsApps\Microsoft.Paint_11.2110.0.0_x64__8wekyb3d8bbwe\PaintApp\PaintUI\CollapsedToolbar.xbf | File |
| (R-D) C:\Program Files\WindowsApps\Microsoft.Paint_11.2110.0.0_x64__8wekyb3d8bbwe\PaintApp\PaintUI\ColorsToolbar.xbf | File |
| (R-D) C:\Program Files\WindowsApps\Microsoft.Paint_11.2110.0.0_x64__8wekyb3d8bbwe\PaintApp\PaintUI\ImageToolbar.xbf | File |
| (R-D) C:\Program Files\WindowsApps\Microsoft.Paint_11.2110.0.0_x64__8wekyb3d8bbwe\PaintApp\PaintUI\MenuBar.xbf | File |
| (R-D) C:\Program Files\WindowsApps\Microsoft.Paint_11.2110.0.0_x64__8wekyb3d8bbwe\PaintApp\PaintUI\Ribbon.xbf | File |
| (R-D) C:\Program Files\WindowsApps\Microsoft.Paint_11.2110.0.0_x64__8wekyb3d8bbwe\PaintApp\PaintUI\ShapesToolbar.xbf | File |
| (R-D) C:\Program Files\WindowsApps\Microsoft.Paint_11.2110.0.0_x64__8wekyb3d8bbwe\PaintApp\PaintUI\StatusBar.xbf | File |
| (R-D) C:\Program Files\WindowsApps\Microsoft.Paint_11.2110.0.0_x64__8wekyb3d8bbwe\PaintApp\PaintUI\ToolsToolbar.xbf | File |
| (R-D) C:\Program Files\WindowsApps\Microsoft.Paint_11.2110.0.0_x64__8wekyb3d8bbwe\PaintApp\PaintUI\TopBar.xbf | File |
| (R-D) C:\Program Files\WindowsApps\Microsoft.Paint_11.2110.0.0_x64__8wekyb3d8bbwe\PaintApp\PaintUI\ZoomSlider.xbf | File |
| (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui | File |
| (R-D) C:\Windows\System32\en-US\windows.ui.xaml.dll.mui | File |
| (RW-) C:\Windows\debug\WIA\wiatrace.log | File |
| (RW-) C:\Windows\System32 | File |
| (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_9d947278b86cc467 | File |
| (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.22000.282_none_ce81670012fd6ff0 | File |
| (RWD) C:\Program Files\WindowsApps\Microsoft.Paint_11.2110.0.0_x64__8wekyb3d8bbwe\Assets\PaintIcons.ttf | File |
| (RWD) C:\Windows\Fonts\segoeui.ttf | File |
| (RWD) C:\Windows\Fonts\SegUIVar.ttf | File |
| \BaseNamedObjects__ComCatalogCache__ | Section |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000001.db | Section |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db | Section |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro | Section |
| \BaseNamedObjects\RotHintTable | Section |
| \BaseNamedObjects\windows_shell_global_counters | Section |
| \Sessions\2\BaseNamedObjects\fa0HWNDInterface:1101a0 | Section |
| \Sessions\2\BaseNamedObjects\fa0HWNDInterface:1e056a | Section |
| \Sessions\2\BaseNamedObjects\fa0HWNDInterface:300a04 | Section |
| \Sessions\2\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 | Section |
| \Sessions\2\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 | Section |
| \Sessions\2\BaseNamedObjects\SessionImmersiveColorPreference | Section |
| \Sessions\2\BaseNamedObjects\windows_shell_global_counters | Section |
| \Sessions\2\Windows\Theme1077709572 | Section |
| \Windows\Theme3461253685 | Section |
Loaded Modules:
| Path |
|---|
| C:\Program Files\WindowsApps\Microsoft.Paint_11.2110.0.0_x64__8wekyb3d8bbwe\PaintApp\mspaint.exe |
| C:\WINDOWS\System32\combase.dll |
| C:\WINDOWS\System32\KERNEL32.DLL |
| C:\WINDOWS\System32\KERNELBASE.dll |
| C:\WINDOWS\SYSTEM32\ntdll.dll |
| C:\WINDOWS\System32\ucrtbase.dll |
Signature
- Status: Signature verified.
- Serial:
33000003F16206E3E7EFDA8ABE0000000003F1 - Thumbprint:
5362FAEB842C236D05A729B7FAC85BAA1B68BDCA - Issuer: CN=Microsoft Code Signing PCA 2010, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Subject: CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
File Metadata
- Original Filename:
- Product Name:
- Company Name:
- File Version:
- Product Version:
- Language:
- Legal Copyright:
File Scan
- VirusTotal Detections: Unknown
Possible Misuse
The following table contains possible examples of mspaint.exe being misused. While mspaint.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.
| Source | Source File | Example | License |
|---|---|---|---|
| sigma | sysmon_suspicious_remote_thread.yml | - '\mspaint.exe' |
DRL 1.0 |
| malware-ioc | nukesped_lazarus | .mspaint.exe (a 2009 file)``{:.highlight .language-cmhg} |
© ESET 2014-2018 |
| malware-ioc | nukesped_lazarus | .mspaint.exe``{:.highlight .language-cmhg} |
© ESET 2014-2018 |
| signature-base | apt_codoso.yar | $s4 = “mspaint.exe” fullword ascii | CC BY-NC 4.0 |
MIT License. Copyright (c) 2020-2021 Strontic.