File name:

Paint-Tool-SAI 2.0.zip

Full analysis: https://app.any.run/tasks/95add06c-73a9-4d65-a058-f0a27919a6c8
Verdict: No threats detected
Analysis date: December 08, 2019, 15:52:17
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

D01AE8CC50038F82CBD4DE7F313C5396

SHA1:

D1B225A73879AB660BE147719D2EC1A6E5A0D149

SHA256:

FD8F8D2DFFE33E9D31F059016BB18F5FC54DF4BBBFAB09B04227E149C99376AA

SSDEEP:

393216:gxDNrRRwjqlLtEqhQzQdpwYMhizgNq/2ukdxEkrre:gxJrRRwj4LqGbwBhdS+re

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 3008)
    • Executed via COM

      • DllHost.exe (PID: 3952)
  • INFO

    • Manual execution by user

      • NOTEPAD.EXE (PID: 2584)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: 0x0002
ZipCompression: None
ZipModifyDate: 2018:04:01 14:42:11
ZipCRC: 0x00000000
ZipCompressedSize: -
ZipUncompressedSize: -
ZipFileName: Paint Tool SAI 2.0 (64bit)/
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
40
Monitored processes
3
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe PhotoViewer.dll no specs notepad.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2584"C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\Desktop\Paint Tool SAI 2.0 (64bit)\history.txtC:\Windows\system32\NOTEPAD.EXEexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Notepad
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\notepad.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
3008"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Paint-Tool-SAI 2.0.zip"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
3952C:\Windows\system32\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}C:\Windows\system32\DllHost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
COM Surrogate
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\dllhost.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
Total events
496
Read events
486
Write events
10
Delete events
0

Modification events

(PID) Process:(3008) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(3008) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(3008) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3008) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\Paint-Tool-SAI 2.0.zip
(PID) Process:(3008) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3008) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3008) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(3008) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(3952) DllHost.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Operation:writeName:Name
Value:
DllHost.exe
(PID) Process:(3952) DllHost.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows Photo Viewer\Viewer
Operation:writeName:MainWndPos
Value:
6000000034000000A00400008002000000000000
Executable files
1
Suspicious files
0
Text files
158
Unknown types
0

Dropped files

PID
Process
Filename
Type
3008WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3008.37970\Paint Tool SAI 2.0 (64bit)\blotmap\Bumpy.bmpimage
MD5:3197F8EC3E4B8E3039560086C9DD9D54
SHA256:B15F4194190D91251CF4DF7C552505ED003326580384CCBB48164BCC28048DAD
3008WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3008.37970\Paint Tool SAI 2.0 (64bit)\blotmap\Diagonal Scanlines.bmpimage
MD5:32CA75B40917E48A46EC47FC2CFB4CDA
SHA256:396AF03E96456DBA7827F4A08A98F923E51004BDC848E6BC5CF402E919706FE4
3008WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3008.37970\Paint Tool SAI 2.0 (64bit)\blotmap\Blots.bmpimage
MD5:B953210F80206D395F79BDFC480B08BA
SHA256:3A50C1123D38839112E6EFDBA622098138F895EECA65A13923EAA00EF5903FB1
3008WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3008.37970\Paint Tool SAI 2.0 (64bit)\blotmap\Blots&Noise.bmpimage
MD5:7E313E2D7A64656EF7101D180EFC2DA8
SHA256:75B412BC911F85B71AB0F74648FCA9D8A7B0F88BD2EB65CD9F941CC1CA87FA42
3008WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3008.37970\Paint Tool SAI 2.0 (64bit)\blotmap\Action Lines Medium.bmpimage
MD5:B6920533C047305F17D39F5D56D6F996
SHA256:F5F32DF1FFC006F42CA6C5613E4E636984D4611F8BFAD62AAC39FAED7BB717B8
3008WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3008.37970\Paint Tool SAI 2.0 (64bit)\blotmap\Acuarela.bmpimage
MD5:202C1C1F3CBEA3E77B5DE3E4206B7510
SHA256:F63DB5A153389DB98BA24B193C82E933A82410C6F605E438816F98F728700369
3008WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3008.37970\Paint Tool SAI 2.0 (64bit)\blotmap\Bubbles.bmpimage
MD5:0E3704E3FA4BEF2AE17D7084E908D727
SHA256:8E21A25178BEEA531EE068CEA932D0DF579FEA3B9C97942B29A4F6C705FEF5C7
3008WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3008.37970\Paint Tool SAI 2.0 (64bit)\blotmap\Fun Squares.bmpimage
MD5:750F4AEBF14298D73C3D5373371A2EE7
SHA256:114F85F949DC03B6D2142D67CC9B5CFC34FC1AF9898A5436E6E8FD536920AE91
3008WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3008.37970\Paint Tool SAI 2.0 (64bit)\blotmap\Branches.bmpimage
MD5:BBA616FAEA4F2C6911E7BF9AA309F482
SHA256:66015E15B03D771E88A45F5B20A97865C289BA189507604AEA04BC4A79A57049
3008WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3008.37970\Paint Tool SAI 2.0 (64bit)\blotmap\Electro.bmpimage
MD5:B0A0D1D4AF23E78FDDBB932259339330
SHA256:1594B974E87AFD7D175E4B6466173FA6C461D6AE32CF8C82B7EBB9F1274336A3
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info