File name:

Paint-Tool-SAI 2.0.zip

Full analysis: https://app.any.run/tasks/95add06c-73a9-4d65-a058-f0a27919a6c8
Verdict: No threats detected
Analysis date: December 08, 2019, 15:52:17
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

D01AE8CC50038F82CBD4DE7F313C5396

SHA1:

D1B225A73879AB660BE147719D2EC1A6E5A0D149

SHA256:

FD8F8D2DFFE33E9D31F059016BB18F5FC54DF4BBBFAB09B04227E149C99376AA

SSDEEP:

393216:gxDNrRRwjqlLtEqhQzQdpwYMhizgNq/2ukdxEkrre:gxJrRRwj4LqGbwBhdS+re

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 3008)

    • Executed via COM

      • DllHost.exe (PID: 3952)

  • INFO

    • Manual execution by user

      • NOTEPAD.EXE (PID: 2584)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: 0x0002
ZipCompression: None
ZipModifyDate: 2018:04:01 14:42:11
ZipCRC: 0x00000000
ZipCompressedSize: -
ZipUncompressedSize: -
ZipFileName: Paint Tool SAI 2.0 (64bit)/
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
40
Monitored processes
3
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe PhotoViewer.dll no specs notepad.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2584"C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\Desktop\Paint Tool SAI 2.0 (64bit)\history.txtC:\Windows\system32\NOTEPAD.EXEexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Notepad
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\notepad.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
3008"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Paint-Tool-SAI 2.0.zip"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
3952C:\Windows\system32\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}C:\Windows\system32\DllHost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
COM Surrogate
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\dllhost.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
Total events
496
Read events
486
Write events
10
Delete events
0

Modification events

(PID) Process:(3008) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(3008) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(3008) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3008) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\Paint-Tool-SAI 2.0.zip
(PID) Process:(3008) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3008) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3008) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(3008) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(3952) DllHost.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Operation:writeName:Name
Value:
DllHost.exe
(PID) Process:(3952) DllHost.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows Photo Viewer\Viewer
Operation:writeName:MainWndPos
Value:
6000000034000000A00400008002000000000000
Executable files
1
Suspicious files
0
Text files
158
Unknown types
0

Dropped files

PID
Process
Filename
Type
3008WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3008.37970\Paint Tool SAI 2.0 (64bit)\blotmap\Circuits.bmpimage
MD5:AE42257C0692B5888833508A27D72056
SHA256:548D14CAB985054AE3EDE050A2EDDC2F73862F0CEEA495A3862FD96D2F0256A7
3008WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3008.37970\Paint Tool SAI 2.0 (64bit)\blotmap\Action Lines Medium.bmpimage
MD5:B6920533C047305F17D39F5D56D6F996
SHA256:F5F32DF1FFC006F42CA6C5613E4E636984D4611F8BFAD62AAC39FAED7BB717B8
3008WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3008.37970\Paint Tool SAI 2.0 (64bit)\blotmap\Action Lines Large.bmpimage
MD5:7943485B9D656F794E6462448C805CAF
SHA256:564C8EF4616034E251B8BD9F5ACB10C83014B81A3E89B899C3B54BFFFA985DFE
3008WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3008.37970\Paint Tool SAI 2.0 (64bit)\blotmap\Crust.bmpimage
MD5:93B6558865EA40E4A2E77C3F094DA456
SHA256:1F9BDCDCDF3EA598729C3E220603F122AA6E78968C6384AF256C2828A6CB6AED
3008WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3008.37970\Paint Tool SAI 2.0 (64bit)\blotmap\Acuarela.bmpimage
MD5:202C1C1F3CBEA3E77B5DE3E4206B7510
SHA256:F63DB5A153389DB98BA24B193C82E933A82410C6F605E438816F98F728700369
3008WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3008.37970\Paint Tool SAI 2.0 (64bit)\blotmap\Bumpy.bmpimage
MD5:3197F8EC3E4B8E3039560086C9DD9D54
SHA256:B15F4194190D91251CF4DF7C552505ED003326580384CCBB48164BCC28048DAD
3008WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3008.37970\Paint Tool SAI 2.0 (64bit)\blotmap\Butterflies.bmpimage
MD5:9CA0CF6DFBC6784163BE7653C5295FB3
SHA256:71E043E0229FC4338C64CCEF97F40741813771A61E3082C2C9D574230D68F685
3008WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3008.37970\Paint Tool SAI 2.0 (64bit)\blotmap\Blots.bmpimage
MD5:B953210F80206D395F79BDFC480B08BA
SHA256:3A50C1123D38839112E6EFDBA622098138F895EECA65A13923EAA00EF5903FB1
3008WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3008.37970\Paint Tool SAI 2.0 (64bit)\blotmap\Branches.bmpimage
MD5:BBA616FAEA4F2C6911E7BF9AA309F482
SHA256:66015E15B03D771E88A45F5B20A97865C289BA189507604AEA04BC4A79A57049
3008WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3008.37970\Paint Tool SAI 2.0 (64bit)\blotmap\Cuadros.bmpimage
MD5:71A6AAAB419E0BAF9C1DD89CB1B0A9D0
SHA256:BC4FEAF755F0DD4CA47F00750AD42EA3782817A4618A524DCDA150466EE5D852
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Paint-Tool-SAI 2.0.zip