home

start-sai.exe

This is a setup program which is used to install the application.
MD5:
1ade2bb20b5a3d378a250b3d728aa85a

SHA-1:
04dcaf9998f2739b5130e049ec02094c462f1501

SHA-256:
4139fbd01ed7cfc31816dbeeb1c50ac59b753f7f3d0319830af2a3335ea3600d

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
4/19/2024 10:13:34 PM UTC  (today)

Scan engine
Detection
Engine version

Trend Micro House Call
PAK_Generic.001
7.2.39

Trend Micro
PAK_Generic.001
10.465.08

File size:
44.5 KB (45,568 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\zame\painttool sai english pack\start-sai.exe

File PE Metadata
Compilation timestamp:
4/10/2008 4:42:06 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
768:SsVze/vR60sQ7XkABV4xvBWkENfRlRL/zg4pO2FwVKVshBHcAIV4:SA2v/f7Xku49BWkEnLymPV5FS

Entry address:
0x19280

Entry point:
60, BE, 00, 00, 41, 00, 8D, BE, 00, 10, FF, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, EF, 75, 09, 8B, 1E, 83, EE, FC, 11, DB, 73, E4, 31, C9, 83, E8, 03, 72, 0D, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 74, 89, C5, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 75, 20, 41, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB...
 
[+]

Entropy:
7.6947

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
40 KB (40,960 bytes)

The file start-sai.exe has been discovered within the following programs.

PaintTool SAI  by Eddie Sekiguchi Softwares
www.eddiesekiguchi.blogspot.com
About 5% of users remove it
PaintTool SAI Ver.1  by SYSTEMAX Inc.
Publisher's description - “PaintTool SAI is high quality and lightweight painting software, fully digitizer support, amazing anti-aliased paintings, provide easy and stable operation, this software make digital art more enjoyable and comfortable.”
www.systemax.jp/en/sai
About 1% of users remove it
RUS Repack  by Pinkssis
About 1% of users remove it
 
Powered by Should I Remove It?

The file start-sai.exe has been seen being distributed by the following 10 URLs.

temp:start-sai.exe

https://downloader.disk.yandex.ru/disk/6880d7d2512237b166b16aa6246d461c5674cb2dd3442668e2cbf5284e83a1ba/589dfad4/sNq0v7r4jFbYJ85qU66UZikr2G8OtfGa-fXr9zBWKzwEY-Ws8WcG7uCUGee9rj32xehHGHxqi0juAg8rmQfnuA==?uid=0&filename=start-sai.exe&disposition=attachment&hash=hD8ZOF38LRf3cWwEUVlrB/OwbVI/.../x-msdownload&fsize=45568&hid=5454273b059fd4a370b584da7b3cabe5&media_type=executable&tknv=v2

https://dl.dropboxusercontent.com/u/.../start-sai.exe

http://download1651.mediafire.com/4bfxuda7iszg/.../start-sai.exe

https://doc-04-ao-docs.googleusercontent.com/docs/securesc/6k8gcof1voh1itvvvklilm8mb8tsl790/2daoa487f88u20e2bulokol07viq653e/1462975200000/.../16950893242849193594/0B4T0OCI-6hWLZ042MHBJSHhGdmM?e=download

https://docviewer.yandex.ua/source?id=32swss-8lbjz8dqycxa5mle9ve573u0qcauozs19ccprzkygw2fdi48lk6z8n64pow55aarj9uufk7lrivpran3pswx8ujq6xsu578owc&archive-path=//PaintTool SAI Russian Pack/start-sai.exe&ts=156756d3093&token=/.../lsQ==&name=PaintTool SAI Russian Pack (Cheshire).rar

http://download1651.mediafire.com/08os7k3o2dig/.../start-sai.exe

https://docs.google.com/uc?authuser=0&id=0B9Smej6BZlxyWUoxNkNfelgyTG8&export=download

http://sta.sh/download/.../start_sai_by_zummerfish-d75bcrz.exe

https://cloclo27.cldmail.ru/xPcmrHpHizyNKvhr2R5/G/d9db46e0cf39/.../start-sai.exe

Scan start-sai.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.