File name:

Paint-Tool-SAI 2.0.zip

Full analysis: https://app.any.run/tasks/95add06c-73a9-4d65-a058-f0a27919a6c8
Verdict: No threats detected
Analysis date: December 08, 2019, 15:52:17
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

D01AE8CC50038F82CBD4DE7F313C5396

SHA1:

D1B225A73879AB660BE147719D2EC1A6E5A0D149

SHA256:

FD8F8D2DFFE33E9D31F059016BB18F5FC54DF4BBBFAB09B04227E149C99376AA

SSDEEP:

393216:gxDNrRRwjqlLtEqhQzQdpwYMhizgNq/2ukdxEkrre:gxJrRRwj4LqGbwBhdS+re

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Executed via COM

      • DllHost.exe (PID: 3952)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 3008)

  • INFO

    • Manual execution by user

      • NOTEPAD.EXE (PID: 2584)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: 0x0002
ZipCompression: None
ZipModifyDate: 2018:04:01 14:42:11
ZipCRC: 0x00000000
ZipCompressedSize: -
ZipUncompressedSize: -
ZipFileName: Paint Tool SAI 2.0 (64bit)/
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
40
Monitored processes
3
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe PhotoViewer.dll no specs notepad.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2584"C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\Desktop\Paint Tool SAI 2.0 (64bit)\history.txtC:\Windows\system32\NOTEPAD.EXEexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Notepad
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\notepad.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
3008"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Paint-Tool-SAI 2.0.zip"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
3952C:\Windows\system32\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}C:\Windows\system32\DllHost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
COM Surrogate
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\dllhost.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
Total events
496
Read events
486
Write events
10
Delete events
0

Modification events

(PID) Process:(3008) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(3008) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(3008) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3008) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\Paint-Tool-SAI 2.0.zip
(PID) Process:(3008) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3008) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3008) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(3008) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(3952) DllHost.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Operation:writeName:Name
Value:
DllHost.exe
(PID) Process:(3952) DllHost.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows Photo Viewer\Viewer
Operation:writeName:MainWndPos
Value:
6000000034000000A00400008002000000000000
Executable files
1
Suspicious files
0
Text files
158
Unknown types
0

Dropped files

PID
Process
Filename
Type
3008WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3008.37970\Paint Tool SAI 2.0 (64bit)\blotmap\Bumpy.bmpimage
MD5:3197F8EC3E4B8E3039560086C9DD9D54
SHA256:B15F4194190D91251CF4DF7C552505ED003326580384CCBB48164BCC28048DAD
3008WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3008.37970\Paint Tool SAI 2.0 (64bit)\blotmap\Action Lines Medium.bmpimage
MD5:B6920533C047305F17D39F5D56D6F996
SHA256:F5F32DF1FFC006F42CA6C5613E4E636984D4611F8BFAD62AAC39FAED7BB717B8
3008WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3008.37970\Paint Tool SAI 2.0 (64bit)\blotmap\Action Lines Large.bmpimage
MD5:7943485B9D656F794E6462448C805CAF
SHA256:564C8EF4616034E251B8BD9F5ACB10C83014B81A3E89B899C3B54BFFFA985DFE
3008WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3008.37970\Paint Tool SAI 2.0 (64bit)\blotmap\Blots.bmpimage
MD5:B953210F80206D395F79BDFC480B08BA
SHA256:3A50C1123D38839112E6EFDBA622098138F895EECA65A13923EAA00EF5903FB1
3008WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3008.37970\Paint Tool SAI 2.0 (64bit)\blotmap\Dark.bmpimage
MD5:0211AD20C58C88EC7DE960B297E6D80F
SHA256:0A5C45467C889B27288E04A0EC02543BDEB1CF6BC7D4EC0BD6CBBECFA6F8879F
3008WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3008.37970\Paint Tool SAI 2.0 (64bit)\blotmap\Dry Brush.bmpimage
MD5:359567A2A605BC12B244DF7E2596D8CF
SHA256:EFF44AE73C88220CD2E5B1132EA47969392038A5B561D105F37DA481CCED9987
3008WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3008.37970\Paint Tool SAI 2.0 (64bit)\blotmap\Bubbles.bmpimage
MD5:0E3704E3FA4BEF2AE17D7084E908D727
SHA256:8E21A25178BEEA531EE068CEA932D0DF579FEA3B9C97942B29A4F6C705FEF5C7
3008WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3008.37970\Paint Tool SAI 2.0 (64bit)\blotmap\Butterflies.bmpimage
MD5:9CA0CF6DFBC6784163BE7653C5295FB3
SHA256:71E043E0229FC4338C64CCEF97F40741813771A61E3082C2C9D574230D68F685
3008WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3008.37970\Paint Tool SAI 2.0 (64bit)\blotmap\Branches.bmpimage
MD5:BBA616FAEA4F2C6911E7BF9AA309F482
SHA256:66015E15B03D771E88A45F5B20A97865C289BA189507604AEA04BC4A79A57049
3008WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3008.37970\Paint Tool SAI 2.0 (64bit)\blotmap\Blots&Noise.bmpimage
MD5:7E313E2D7A64656EF7101D180EFC2DA8
SHA256:75B412BC911F85B71AB0F74648FCA9D8A7B0F88BD2EB65CD9F941CC1CA87FA42
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Paint-Tool-SAI 2.0.zip