mspaint.exe
- File Path:
C:\windows\system32\mspaint.exe - Description: Paint
Screenshot
Hashes
| Type | Hash |
|---|---|
| MD5 | 226B4A88EB18B3A86B6D56B0FC05F35C |
| SHA1 | B9AC4ECCA0C4E7962EBBF057E2C354064FB92198 |
| SHA256 | DB3516DBF69D16183421429B8005A01AFFAEF361C6D1FA5A06591EA0EB38854E |
| SHA384 | 2D770F303E3515E6FABD61284688BC2A65017663FB5A30CC63DB01FFE5BD9F57BE6A59A1FCD32FB9349417D27234743F |
| SHA512 | 61FA2C901CCAB1CD295B12D13F73180C7D04B4D4FE0F3E499AD12DA0B4BB9330F118C79A331E7C137A5EB40AF5BBE34885DBEE61FDC787A1A820622C15C65D41 |
| SSDEEP | 98304:HpEfkx2u7InCEE+wysPM4mlaw0LI60GBGrGrGWAuU7jPLQ:JEC6nTE+wBMHlaw0/U7jPL |
Signature
- Status: The file C:\windows\system32\mspaint.exe is not digitally signed. You cannot run this script on the current system. For more information about running scripts and setting execution policy, see about_Execution_Policies at http://go.microsoft.com/fwlink/?LinkID=135170
- Serial: ``
- Thumbprint: ``
- Issuer:
- Subject:
File Metadata
- Original Filename: MSPAINT.EXE.MUI
- Product Name: Microsoft Windows Operating System
- Company Name: Microsoft Corporation
- File Version: 6.3.9600.16384 (winblue_rtm.130821-1623)
- Product Version: 6.3.9600.16384
- Language: English (United States)
- Legal Copyright: Microsoft Corporation. All rights reserved.
File Similarity (ssdeep match)
| File | Score |
|---|---|
| C:\Windows\system32\mspaint.exe | 69 |
| C:\Windows\system32\mspaint.exe | 93 |
| C:\windows\SysWOW64\mspaint.exe | 86 |
| C:\Windows\SysWOW64\mspaint.exe | 69 |
| C:\Windows\SysWOW64\mspaint.exe | 88 |
Possible Misuse
The following table contains possible examples of mspaint.exe being misused. While mspaint.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.
| Source | Source File | Example | License |
|---|---|---|---|
| sigma | sysmon_suspicious_remote_thread.yml | - '\mspaint.exe' |
DRL 1.0 |
| malware-ioc | nukesped_lazarus | .mspaint.exe (a 2009 file)``{:.highlight .language-cmhg} |
© ESET 2014-2018 |
| malware-ioc | nukesped_lazarus | .mspaint.exe``{:.highlight .language-cmhg} |
© ESET 2014-2018 |
| signature-base | apt_codoso.yar | $s4 = “mspaint.exe” fullword ascii | CC BY-NC 4.0 |
MIT License. Copyright (c) 2020-2021 Strontic.