» paint.exe
Overview
Analysis
File Details
Behaviors (1)

paint.exe

It runs as a scheduled task under the Windows Task Scheduler named ActivateWindowsSearch.

File name:

paint.exe

MD5:

a52558e09724507709bf6d7bfe0ce7cc

SHA-1:

923ac420249e08e7effdffa48c916ea0683647db

SHA-256:

e694cda3aceb050822cbbbcaf7000a6560d26d125d155667d25a009cd17aed49

Scanner detections:

1 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

4/29/2024 3:59:34 AM UTC (today)

Scan engine

Detection

Engine version

F-Prot

W32/Autorun.ZF

4.6.5.141

File size:

851.5 KB (871,936 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\roaming\paint.exe

File PE Metadata

Compilation timestamp:

9/26/2008 10:14:06 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

Entry address:

0xE0DA9

Entry point:

83, 3C, 24, FE, 77, FE, 8D, 64, 24, CC, F5, 60, 83, EC, DC, E8, A4, FF, FF, FF, F7, D0, 4B, 31, E2, 66, 4B, 75, FC, F5, 46, F7, D6, FF, 73, 3C, 59, 81, E9, FD, FF, FF, 7F, F6, D6, 73, E7, F7, D2, F6, D4, 8A, E3, 81, D9, E6, 13, 00, 00, F7, D6, F7, D0, 71, D5, 90, F5, F7, D2, FF, B4, 19, E4, 13, 00, 80, 83, C4, 04, 66, 81, 44, 24, FC, B0, BA, 75, BE, 48, 48, 90, 42, 68, 65, FF, C6, 08, E8, 6C, FF, FF, FF, 89, 74, 24, 44, E8, 1F, FC, FF, FF, 89, 44, 24, 34, 83, E8, 04, 86, CD, 0F, 82, 1E, FD, FF, FF, 64, A1... 
[+]

Entropy:

6.6024

Code size:

682.5 KB (698,880 bytes)

Scheduled Task

Task name:

ActivateWindowsSearch

Path:

\Microsoft\Windows\Media Center\ActivateWindowsSearch

Description:

$(@%systemRoot%\ehome\ehPrivJob.exe,-26)

Scan paint.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.