mspaint.exe
- File Path:
C:\windows\SysWOW64\mspaint.exe - Description: Paint
Screenshot
Hashes
| Type | Hash |
|---|---|
| MD5 | 1B84FBA247447BBF80A0883495823263 |
| SHA1 | 4D09036662186692F40C47536D6BABAE93B018B2 |
| SHA256 | 7E1DC886AF729071FC931C631815EC6CE25BEE7E58E775055D60F728F9B62AED |
| SHA384 | 6EA0C461DFA5EEC96442AD8FD7D91F336B7CA14B667BFBD96D583A5CD1DB7597C74A4B65B92753D3A262EAF8038A3098 |
| SHA512 | AFC5C1044422D0F95C71109A66B230A8D9A37877ECE5DA76FBEC5E6545D069D2C3619BCC86EC870BB88C05C82CA324317F7B1CBBB6C1FBB018A2749F1E8A132A |
| SSDEEP | 98304:1MzALu9+2u7InCEE+wysPM4mlaw0LI60GBGrGrGWAuU7jPLQ:1gALu9+6nTE+wBMHlaw0/U7jPL |
Signature
- Status: The file C:\windows\SysWOW64\mspaint.exe is not digitally signed. You cannot run this script on the current system. For more information about running scripts and setting execution policy, see about_Execution_Policies at http://go.microsoft.com/fwlink/?LinkID=135170
- Serial: ``
- Thumbprint: ``
- Issuer:
- Subject:
File Metadata
- Original Filename: MSPAINT.EXE.MUI
- Product Name: Microsoft Windows Operating System
- Company Name: Microsoft Corporation
- File Version: 6.3.9600.16384 (winblue_rtm.130821-1623)
- Product Version: 6.3.9600.16384
- Language: English (United States)
- Legal Copyright: Microsoft Corporation. All rights reserved.
File Similarity (ssdeep match)
| File | Score |
|---|---|
| C:\windows\system32\mspaint.exe | 86 |
| C:\Windows\system32\mspaint.exe | 68 |
| C:\Windows\system32\mspaint.exe | 90 |
| C:\Windows\SysWOW64\mspaint.exe | 66 |
| C:\Windows\SysWOW64\mspaint.exe | 88 |
Possible Misuse
The following table contains possible examples of mspaint.exe being misused. While mspaint.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.
| Source | Source File | Example | License |
|---|---|---|---|
| sigma | sysmon_suspicious_remote_thread.yml | - '\mspaint.exe' |
DRL 1.0 |
| malware-ioc | nukesped_lazarus | .mspaint.exe (a 2009 file)``{:.highlight .language-cmhg} |
© ESET 2014-2018 |
| malware-ioc | nukesped_lazarus | .mspaint.exe``{:.highlight .language-cmhg} |
© ESET 2014-2018 |
| signature-base | apt_codoso.yar | $s4 = “mspaint.exe” fullword ascii | CC BY-NC 4.0 |
MIT License. Copyright (c) 2020-2021 Strontic.