The mspaint exe (Paint) Microsoft Corporation File Malware Analysis
Gridinsoft Logo
File Icon

The mspaint.exe (Paint) File Analysis

Updated 1 month ago
Checked by Malware Check
mspaint.exe

Technical Analysis

File Name mspaint.exe
File Type
PE32+ executable (GUI) x86-64, for MS Windows
Scanner Version 1.0.229.174
Database Version 2025-11-25 06:00:26 UTC

Clean File

No threats detected by our scanner

0%
Detection Rate
6,676,480
File Size (bytes)
2025-11-25
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
458f4590f80563eb2a0a72709bfc2bd9
SHA1
3f97dc3bd1467c710c6a8d26b97bb6cf47deb4c6
SHA256
ff923c051ae380bf30d749ebe9cf310ccab6572d84eb81b76fb1012bcbdf557f
SHA512
e34500658dbe105a704fff6988b75d13aa9931adfd585b8ce1f023c61abd573d58067ee1f43e80076729ba99c9a00c17eb8cfcfac9c3d271d76bd251ccab1681
ImpHash
152c8272ef887af33419cc9f60abc28f

PE Analysis

Basic Information

Icon
Hash: 2ec522c8bbb9488b785db2b7d2926e77
Fuzzy: 26ab67e4035721edce76d260a24b29dc
dHash: 8291f8b6b5d9f838
Image Base 0x100000000
Entry Point 0x100022eb8
Compilation Time 2009-07-13 23:58:33
Checksum 0x0066b77b (Actual: 0x0066b77b)
OS Version 6.1
PEiD Signatures PE32+ executable (GUI) x86-64, for MS Windows
PDB Path mspaint.pdb
Digital Signature No valid SignedData structure was found.
Imports 17 libraries
Exports 0 functions
Resources 1087 Resources
Sections 6 Sections

Version Information

CompanyName Microsoft Corporation
FileDescription Paint
FileVersion 6.1.7600.16385 (win7_rtm.090713-1255)
InternalName MSPAINT
LegalCopyright © Microsoft Corporation. All rights reserved.
OriginalFilename MSPAINT.EXE
ProductName Microsoft® Windows® Operating System
ProductVersion 6.1.7600.16385
Translation 0x0409 0x04b0

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 613,204 bytes 613,376 bytes 6.30 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ F43227FF7893D63BF5685071898CD693
.rdata 0x00097000 215,864 bytes 216,064 bytes 4.29 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 1B16C7E99661A7E22A4805D8EB6661ED
.data 0x000cc000 27,688 bytes 27,648 bytes 2.74 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 7006841834BC545BC2A492D022B8D089
.pdata 0x000d3000 47,280 bytes 47,616 bytes 5.81 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ B52F9DC0C974BB8A87556FE3ACCB2202
.rsrc 0x000df000 5,759,128 bytes 5,759,488 bytes 6.04 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ D748BB5B94D036CD62E456434AB35CDA
.reloc 0x0065e000 10,400 bytes 10,752 bytes 5.42 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 381E8764164C463B98B6C58B246FDE31

Resource Analysis

Total Resources: 1087 (5,701,671 bytes)
Resource Type Count Total Size Percentage
IMAGE 16 1,502,641 bytes
26.4%
MUI 1 304 bytes
0%
UIFILE 1 14,648 bytes
0.3%
WEVT_TEMPLATE 1 6,322 bytes
0.1%
RT_CURSOR 36 245,040 bytes
4.3%
RT_BITMAP 802 3,591,528 bytes
63%
RT_ICON 152 336,056 bytes
5.9%
RT_GROUP_CURSOR 36 720 bytes
0%
RT_GROUP_ICON 40 2,368 bytes
0%
RT_VERSION 1 872 bytes
0%
RT_MANIFEST 1 1,172 bytes
0%

Certificate Chain Analysis

Certificate Information
Product Microsoft® Windows® Operating System
Description Paint
File Version 6.1.7600.16385 (win7_rtm.090713-1255)
Original Name MSPAINT.EXE
Internal Name MSPAINT
Copyright © Microsoft Corporation. All rights reserved.

✓ This file has been digitally signed and the certificate chain has been verified

  • The signature ensures file integrity and authenticity from the publisher
  • Timestamping proves when the signature was applied
Certificate Verification Status

No valid SignedData structure was found.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

  1. Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
  2. Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
  3. Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
  4. Email Security: Be cautious with email attachments and links, even from known contacts.
Proactive Protection
This file passed all security checks, but stay vigilant. New malware variants appear daily that can evade detection. Always verify files come from official sources and check digital signatures when available.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Stay Malware-Free: Keep Your PC Protected with Gridinsoft Anti-Malware

Gridinsoft Anti-Malware offers just that—peace of mind with a robust, user-friendly solution that’s constantly updated to combat the latest threats. Designed by cybersecurity experts, it provides real-time protection and effortless malware removal. It’s not just about detecting threats; it's about enhancing your digital life with uninterrupted security. Give it a try and experience what it feels like to browse worry-free!

Gridinsoft Anti-Malware Download Now
Gridinsoft Anti-Malware