mspaint.exe

  • File Path: C:\WINDOWS\SysWOW64\mspaint.exe
  • Description: Paint

Screenshot

mspaint.exe

Hashes

Type Hash
MD5 0642778D34D34B2E04FF795F5FFA50EF
SHA1 52AAF5B597915A88761CD72FC67F5FCA1F37CDE4
SHA256 56C40B4339F6BC2A5215D87F6090D2200FB998321097499B28EDAAC5299C89C0
SHA384 F1AE180469AADC3CFBEBDF56CCC6BF3EB72950050328ECC59ABDC239DC1879C7158C1A405B484B68FBF2651277BDDCAA
SHA512 EA6E266602311883DA7E1CCFE96A7F0CEC66AB2114C04200D885B0C6E26687A4BA7A4F140DD89087D60D5D84F702A4F1381C6858D43A810B5C9469B5927A5CC9
SSDEEP 12288:qN+NnceYDudON67mYscZaQ02tf5KgbpHjaLxulGMmCb5Etixx9K91V1H3jfc:qN+NnceR/mYsYv02tf5ZNHjmxulGy9E0

Signature

  • Status: Signature verified.
  • Serial: 330000023241FB59996DCC4DFF000000000232
  • Thumbprint: FF82BC38E1DA5E596DF374C53E3617F7EDA36B06
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: MSPAINT.EXE.MUI
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.18362.1 (WinBuild.160101.0800)
  • Product Version: 10.0.18362.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.

Possible Misuse

The following table contains possible examples of mspaint.exe being misused. While mspaint.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma sysmon_suspicious_remote_thread.yml - '\mspaint.exe' DRL 1.0
malware-ioc nukesped_lazarus .mspaint.exe (a 2009 file)``{:.highlight .language-cmhg} © ESET 2014-2018
malware-ioc nukesped_lazarus .mspaint.exe``{:.highlight .language-cmhg} © ESET 2014-2018
signature-base apt_codoso.yar $s4 = “mspaint.exe” fullword ascii CC BY-NC 4.0

MIT License. Copyright (c) 2020-2021 Strontic.