File name:

Easy Paint Tool SAI 1.2.zip

Full analysis: https://app.any.run/tasks/6982d2f6-16e1-4782-b730-fde341e68e12
Verdict: No threats detected
Analysis date: December 05, 2019, 18:30:01
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

9258790B62086B4658D0292E1412DAEF

SHA1:

7CAF2BAD74BDBF9B0F2B50145DE3ECDC7F82FC56

SHA256:

211E631D9D523BB7D6807494AD5B56F322BABF31F075758B41BED71548883E46

SSDEEP:

393216:6flT9n1ii8luGXh/zk5tgGS7cth5Pldai8:6dT9n1iBlJKjfg7P

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • sai.exe (PID: 2504)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 3132)

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: 0x0002
ZipCompression: None
ZipModifyDate: 2018:04:01 20:58:26
ZipCRC: 0x00000000
ZipCompressedSize: -
ZipUncompressedSize: -
ZipFileName: Paint Tool SAI 1.2.5/
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
35
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
drop and start start winrar.exe sai.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2504"C:\Users\admin\AppData\Local\Temp\Rar$EXa3132.17174\Paint Tool SAI 1.2.5\sai.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa3132.17174\Paint Tool SAI 1.2.5\sai.exeWinRAR.exe
User:
admin
Company:
SYSTEMAX Software Development Inc.
Integrity Level:
MEDIUM
Description:
sai
Exit code:
0
Version:
1, 2, 0, 1
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa3132.17174\paint tool sai 1.2.5\sai.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
3132"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Easy Paint Tool SAI 1.2.zip"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
Total events
472
Read events
445
Write events
27
Delete events
0

Modification events

(PID) Process:(3132) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(3132) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(3132) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3132) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\Easy Paint Tool SAI 1.2.zip
(PID) Process:(3132) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3132) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3132) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(3132) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(3132) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3132) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
Operation:writeName:size
Value:
80
Executable files
2
Suspicious files
1
Text files
210
Unknown types
1

Dropped files

PID
Process
Filename
Type
3132WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3132.17174\Paint Tool SAI 1.2.5\blotmap\Bubbles.bmpimage
MD5:0E3704E3FA4BEF2AE17D7084E908D727
SHA256:8E21A25178BEEA531EE068CEA932D0DF579FEA3B9C97942B29A4F6C705FEF5C7
3132WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3132.17174\Paint Tool SAI 1.2.5\blotmap\Dark.bmpimage
MD5:0211AD20C58C88EC7DE960B297E6D80F
SHA256:0A5C45467C889B27288E04A0EC02543BDEB1CF6BC7D4EC0BD6CBBECFA6F8879F
3132WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3132.17174\Paint Tool SAI 1.2.5\blotmap\Butterflies.bmpimage
MD5:9CA0CF6DFBC6784163BE7653C5295FB3
SHA256:71E043E0229FC4338C64CCEF97F40741813771A61E3082C2C9D574230D68F685
3132WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3132.17174\Paint Tool SAI 1.2.5\blotmap\Bumpy.bmpimage
MD5:3197F8EC3E4B8E3039560086C9DD9D54
SHA256:B15F4194190D91251CF4DF7C552505ED003326580384CCBB48164BCC28048DAD
3132WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3132.17174\Paint Tool SAI 1.2.5\blotmap\Circuits.bmpimage
MD5:AE42257C0692B5888833508A27D72056
SHA256:548D14CAB985054AE3EDE050A2EDDC2F73862F0CEEA495A3862FD96D2F0256A7
3132WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3132.17174\Paint Tool SAI 1.2.5\blotmap\Action Lines Large.bmpimage
MD5:7943485B9D656F794E6462448C805CAF
SHA256:564C8EF4616034E251B8BD9F5ACB10C83014B81A3E89B899C3B54BFFFA985DFE
3132WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3132.17174\Paint Tool SAI 1.2.5\blotmap\Action Lines Medium.bmpimage
MD5:B6920533C047305F17D39F5D56D6F996
SHA256:F5F32DF1FFC006F42CA6C5613E4E636984D4611F8BFAD62AAC39FAED7BB717B8
3132WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3132.17174\Paint Tool SAI 1.2.5\blotmap\Branches.bmpimage
MD5:BBA616FAEA4F2C6911E7BF9AA309F482
SHA256:66015E15B03D771E88A45F5B20A97865C289BA189507604AEA04BC4A79A57049
3132WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3132.17174\Paint Tool SAI 1.2.5\blotmap\Acuarela.bmpimage
MD5:202C1C1F3CBEA3E77B5DE3E4206B7510
SHA256:F63DB5A153389DB98BA24B193C82E933A82410C6F605E438816F98F728700369
3132WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3132.17174\Paint Tool SAI 1.2.5\blotmap\Crust.bmpimage
MD5:93B6558865EA40E4A2E77C3F094DA456
SHA256:1F9BDCDCDF3EA598729C3E220603F122AA6E78968C6384AF256C2828A6CB6AED
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Easy Paint Tool SAI 1.2.zip