File name:

Paint-Tool-SAI 2.0.zip

Full analysis: https://app.any.run/tasks/95add06c-73a9-4d65-a058-f0a27919a6c8
Verdict: No threats detected
Analysis date: December 08, 2019, 15:52:17
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

D01AE8CC50038F82CBD4DE7F313C5396

SHA1:

D1B225A73879AB660BE147719D2EC1A6E5A0D149

SHA256:

FD8F8D2DFFE33E9D31F059016BB18F5FC54DF4BBBFAB09B04227E149C99376AA

SSDEEP:

393216:gxDNrRRwjqlLtEqhQzQdpwYMhizgNq/2ukdxEkrre:gxJrRRwj4LqGbwBhdS+re

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Executed via COM

      • DllHost.exe (PID: 3952)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 3008)

  • INFO

    • Manual execution by user

      • NOTEPAD.EXE (PID: 2584)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: 0x0002
ZipCompression: None
ZipModifyDate: 2018:04:01 14:42:11
ZipCRC: 0x00000000
ZipCompressedSize: -
ZipUncompressedSize: -
ZipFileName: Paint Tool SAI 2.0 (64bit)/
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
40
Monitored processes
3
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe PhotoViewer.dll no specs notepad.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2584"C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\Desktop\Paint Tool SAI 2.0 (64bit)\history.txtC:\Windows\system32\NOTEPAD.EXEexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Notepad
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\notepad.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
3008"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Paint-Tool-SAI 2.0.zip"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
3952C:\Windows\system32\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}C:\Windows\system32\DllHost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
COM Surrogate
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\dllhost.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
Total events
496
Read events
486
Write events
10
Delete events
0

Modification events

(PID) Process:(3008) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(3008) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(3008) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3008) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\Paint-Tool-SAI 2.0.zip
(PID) Process:(3008) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3008) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3008) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(3008) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(3952) DllHost.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Operation:writeName:Name
Value:
DllHost.exe
(PID) Process:(3952) DllHost.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows Photo Viewer\Viewer
Operation:writeName:MainWndPos
Value:
6000000034000000A00400008002000000000000
Executable files
1
Suspicious files
0
Text files
158
Unknown types
0

Dropped files

PID
Process
Filename
Type
3008WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3008.37970\Paint Tool SAI 2.0 (64bit)\blotmap\Blots&Noise.bmpimage
MD5:7E313E2D7A64656EF7101D180EFC2DA8
SHA256:75B412BC911F85B71AB0F74648FCA9D8A7B0F88BD2EB65CD9F941CC1CA87FA42
3008WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3008.37970\Paint Tool SAI 2.0 (64bit)\blotmap\Action Lines Medium.bmpimage
MD5:B6920533C047305F17D39F5D56D6F996
SHA256:F5F32DF1FFC006F42CA6C5613E4E636984D4611F8BFAD62AAC39FAED7BB717B8
3008WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3008.37970\Paint Tool SAI 2.0 (64bit)\blotmap\Blots.bmpimage
MD5:B953210F80206D395F79BDFC480B08BA
SHA256:3A50C1123D38839112E6EFDBA622098138F895EECA65A13923EAA00EF5903FB1
3008WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3008.37970\Paint Tool SAI 2.0 (64bit)\blotmap\Acuarela.bmpimage
MD5:202C1C1F3CBEA3E77B5DE3E4206B7510
SHA256:F63DB5A153389DB98BA24B193C82E933A82410C6F605E438816F98F728700369
3008WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3008.37970\Paint Tool SAI 2.0 (64bit)\blotmap\Butterflies.bmpimage
MD5:9CA0CF6DFBC6784163BE7653C5295FB3
SHA256:71E043E0229FC4338C64CCEF97F40741813771A61E3082C2C9D574230D68F685
3008WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3008.37970\Paint Tool SAI 2.0 (64bit)\blotmap\Diagonal Scanlines.bmpimage
MD5:32CA75B40917E48A46EC47FC2CFB4CDA
SHA256:396AF03E96456DBA7827F4A08A98F923E51004BDC848E6BC5CF402E919706FE4
3008WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3008.37970\Paint Tool SAI 2.0 (64bit)\blotmap\Dark.bmpimage
MD5:0211AD20C58C88EC7DE960B297E6D80F
SHA256:0A5C45467C889B27288E04A0EC02543BDEB1CF6BC7D4EC0BD6CBBECFA6F8879F
3008WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3008.37970\Paint Tool SAI 2.0 (64bit)\blotmap\Cubes.bmpimage
MD5:7AD46E8CA67DE285CF9E997CC7B8FAC3
SHA256:E340C228E171B2A2B7A6903FD135D7597676D4A84EB271FF82E4F7939250EA6E
3008WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3008.37970\Paint Tool SAI 2.0 (64bit)\blotmap\Flower.bmpimage
MD5:7EE7EC276B6FF8BB30E929242BADA217
SHA256:594F2FB9AD80ECF48BCA2C3C05D37B1CDA292815978A4E9C4326988A509F48C1
3008WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3008.37970\Paint Tool SAI 2.0 (64bit)\blotmap\Dry Brush.bmpimage
MD5:359567A2A605BC12B244DF7E2596D8CF
SHA256:EFF44AE73C88220CD2E5B1132EA47969392038A5B561D105F37DA481CCED9987
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
Paint-Tool-SAI 2.0.zip