mspaint.exe
- File Path:
C:\Windows\SysWOW64\mspaint.exe - Description: Paint
Screenshot
Hashes
| Type | Hash |
|---|---|
| MD5 | 8A6A020DABFB0024BE80D988C59F8F2A |
| SHA1 | E4038F6FBEB0C1BD199DA2AB9662DCE7311FF994 |
| SHA256 | A0F9DA1F12975C7DDB6366110A92C69E5A95C4B8362EE28777D4A52E71D2454E |
| SHA384 | A0EFBBB79B94DAB22DC08A6685BF43CD0D5B2E530573E2C07EB2CB314F3F8741280B3617EDF3D624F6365495854D895A |
| SHA512 | EE72E33338183A13A77D8865112F8BCE577318E32B587BA173A7A5474292732B8E56AEBCEA64195CC315FE417E4C5A18E1CA7C3B01D682F174C599DBCF3E5EF6 |
| SSDEEP | 98304:WsPOzq2u7InCEE+wysPM4mlaw0LI60GBGrGrGWAuU7jPLQ:hPOzq6nTE+wBMHlaw0/U7jPL |
Signature
- Status: Signature verified.
- Serial:
3300000266BD1580EFA75CD6D3000000000266 - Thumbprint:
A4341B9FD50FB9964283220A36A1EF6F6FAA7840 - Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
File Metadata
- Original Filename: MSPAINT.EXE.MUI
- Product Name: Microsoft Windows Operating System
- Company Name: Microsoft Corporation
- File Version: 10.0.14393.0 (rs1_release.160715-1616)
- Product Version: 10.0.14393.0
- Language: English (United States)
- Legal Copyright: Microsoft Corporation. All rights reserved.
File Similarity (ssdeep match)
| File | Score |
|---|---|
| C:\windows\system32\mspaint.exe | 88 |
| C:\Windows\system32\mspaint.exe | 69 |
| C:\Windows\system32\mspaint.exe | 91 |
| C:\windows\SysWOW64\mspaint.exe | 88 |
| C:\Windows\SysWOW64\mspaint.exe | 68 |
Possible Misuse
The following table contains possible examples of mspaint.exe being misused. While mspaint.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.
| Source | Source File | Example | License |
|---|---|---|---|
| sigma | sysmon_suspicious_remote_thread.yml | - '\mspaint.exe' |
DRL 1.0 |
| malware-ioc | nukesped_lazarus | .mspaint.exe (a 2009 file)``{:.highlight .language-cmhg} |
© ESET 2014-2018 |
| malware-ioc | nukesped_lazarus | .mspaint.exe``{:.highlight .language-cmhg} |
© ESET 2014-2018 |
| signature-base | apt_codoso.yar | $s4 = “mspaint.exe” fullword ascii | CC BY-NC 4.0 |
MIT License. Copyright (c) 2020-2021 Strontic.