Should I block it?

No, this file is 100% safe to run.

Additional versions

6.2.9200.16384 (win8_rtm.120725-1247)	7.14%
6.1.7600.16385 (win7_rtm.090713-1255)	35.71%
6.1.7600.16385 (win7_rtm.090713-1255)	7.14%
6.0.6000.16386 (vista_rtm.061101-2205)	14.29%
6.0.6000.16386 (vista_rtm.061101-2205)	7.14%
6.0.6000.16386 (vista_rtm.061101-2205)	14.29%
6.0.6000.16386 (vista_rtm.061101-2205)	7.14%
5.1.2600.5512 (xpsp.080413-2105)	7.14%

Relationships

Parent process

explorer.exe (Windows Explorer by Microsoft Corporation)

Related files

PE file structure

Show functions

Import table

advapi32.dll

DecryptFileW, EncryptFileW, EventWrite, EventRegister, EventUnregister, RegCloseKey, RegCreateKeyExW, RegOpenKeyExW, RegQueryValueExW, RegSetValueExW, SetNamedSecurityInfoW, GetNamedSecurityInfoW, CloseServiceHandle, QueryServiceConfigW, OpenServiceW, OpenSCManagerW, RegQueryInfoKeyW, RegGetValueW, RegEnumValueW, RegDeleteKeyW, RegEnumKeyExW, RegOpenKeyExA, RegOpenKeyW, RegEnumKeyW, RegQueryValueExA

comctl32.dll

ImageList_Draw, ImageList_ReplaceIcon, ImageList_Remove, PropertySheetW, CreatePropertySheetPageW, ImageList_GetImageCount

comdlg32.dll

GetOpenFileNameW, GetFileTitleW, GetSaveFileNameW, CommDlgExtendedError

gdi32.dll

Polygon, GetTextFaceW, GdiGradientFill, GetTextExtentPoint32W, CreateFontW, Polyline, CreatePolygonRgn, SetROP2, GetTextMetricsW, TranslateCharsetInfo, StretchDIBits, CreateDCW, CreateFontIndirectW, SetStretchBltMode, ExtSelectClipRgn, GetBrushOrgEx, GetRgnBox, CombineRgn, CreateRectRgn, ExtFloodFill, SetBrushOrgEx, UnrealizeObject, GetPixel, MoveToEx, LineTo, SetPixel, CreateDIBSection, CreatePen, SetDIBitsToDevice, CreateDIBitmap, GetDIBits, CreateHalftonePalette, StretchBlt, EnumFontFamiliesExW, OffsetRgn, GetNearestColor, CreatePalette, SetViewportExtEx, PlayMetaFile, SaveDC, SetMapMode, LPtoDP, GetDeviceCaps, CreateCompatibleBitmap, CreateCompatibleDC, RealizePalette, BitBlt, DeleteDC, SelectPalette, SelectObject, DeleteObject, SetDIBits, CreateBitmap, GetPaletteEntries, SetPaletteEntries, GetNearestPaletteIndex, ResizePalette, CreateSolidBrush, CreatePatternBrush, GetObjectW, GetCurrentObject, GetDIBColorTable, SetTextColor, SetBkColor, CreateRectRgnIndirect, FillRgn, PatBlt, GetStockObject, SetDIBColorTable, GdiAlphaBlend, Rectangle, RestoreDC, SetBkMode, SetTextAlign, ExtTextOutW, CreateICW, RoundRect, PtVisible, RectVisible, TextOutW, Escape, GetBkMode, GetTextColor, EnumFontFamiliesW, PolyBezier, Ellipse

imm32.dll

ImmGetCompositionStringW, ImmGetCompositionWindow, ImmGetContext, ImmSetCompositionWindow, ImmReleaseContext, ImmAssociateContext, ImmNotifyIME

kernel32.dll

GetModuleFileNameW, CreateThread, GetCurrentProcess, IsWow64Process, Wow64DisableWow64FsRedirection, Wow64RevertWow64FsRedirection, FreeLibraryAndExitThread, InterlockedExchange, GetVersionExW, HeapFree, GetProcessHeap, HeapAlloc, GetExitCodeThread, GlobalReAlloc, GetTempPathW, MoveFileExW, CopyFileW, DeleteFileW, GetACP, GetModuleHandleA, HeapSetInformation, LoadLibraryW, FreeLibrary, GetTickCount, lstrcmpiW, GetProcAddress, InterlockedDecrement, GetThreadLocale, InterlockedIncrement, DeleteCriticalSection, SetEndOfFile, FindFirstFileW, GlobalAddAtomW, GlobalDeleteAtom, LocalAlloc, LocalFree, SetErrorMode, GetFileSize, FileTimeToLocalFileTime, FileTimeToSystemTime, GetDateFormatW, GetTimeFormatW, GetLocaleInfoW, lstrlenW, MulDiv, CloseHandle, GetFileSizeEx, CreateFileW, FormatMessageW, GetModuleHandleW, GlobalAlloc, GlobalFree, GlobalUnlock, GlobalLock, GetFileTime, GetFileAttributesW, DeviceIoControl, SetFileTime, GetLastError, SetFileAttributesW, FindClose, WriteFile, ReadFile, WideCharToMultiByte, MultiByteToWideChar, Sleep, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, InterlockedCompareExchange, GetStartupInfoW, OutputDebugStringA, SetUnhandledExceptionFilter, QueryPerformanceCounter, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, UnhandledExceptionFilter, WaitForSingleObject, ReleaseMutex, CreateMutexW, lstrcmpW, ApplicationRecoveryInProgress, ApplicationRecoveryFinished, RegisterApplicationRecoveryCallback, RegisterApplicationRestart, CompareFileTime, FindFirstStreamW, FindNextStreamW, RaiseException, LoadLibraryA, GetTempFileNameW, GetSystemTime, SystemTimeToFileTime, TerminateThread, IsDBCSLeadByte, lstrcpyW, lstrcpynW, GetCommandLineW, lstrlenA, CreateDirectoryW, GetNumberFormatW, lstrcatW

mfc42u.dll

DllMain

msvcrt.dll

DllMain

ntdll.dll

RtlInitUnicodeString, NtQueryLicenseValue, WinSqmIncrementDWORD, WinSqmStartSession, WinSqmEndSession, WinSqmAddToStream, WinSqmSetIfMaxDWORD

ole32.dll

PropVariantCopy, CreateStreamOnHGlobal, CoInitialize, CoUninitialize, CoMarshalInterThreadInterfaceInStream, PropVariantClear, CoTaskMemFree, CLSIDFromString, CoCreateInstance, WriteClassStg, WriteFmtUserTypeStg, OleGetClipboard, ReleaseStgMedium, FreePropVariantArray, CoGetInterfaceAndReleaseStream

propsys.dll

PropVariantToUInt32, PropVariantToString, PropVariantToUInt32WithDefault

rpcrt4.dll

UuidCreate, RpcStringFreeW, UuidToStringW

shell32.dll

SHChangeNotify, SHAddToRecentDocs, DragFinish, DragQueryFileW, ShellAboutW, SHGetFolderPathEx, SHParseDisplayName, SHCreateShellItem, ShellExecuteExW, SHGetFolderPathW, SHGetSpecialFolderPathW, SHBindToParent, CommandLineToArgvW

shlwapi.dll

SHStrDupW, PathStripPathW

user32.dll

IsWindowVisible, LoadIconW, GetClassInfoW, GetMonitorInfoW, MonitorFromRect, DestroyMenu, PostQuitMessage, LoadImageW, SystemParametersInfoW, RegisterTouchWindow, UnregisterTouchWindow, GetMenu, IsMenu, SetWindowLongW, LoadBitmapW, CheckMenuItem, GetSubMenu, RemoveMenu, GetUpdateRect, ValidateRect, RedrawWindow, GetCaretPos, GetTouchInputInfo, ShowCursor, CloseTouchInputHandle, GetMessageExtraInfo, GetWindowLongW, GetKeyboardLayout, SetPropW, GetParent, GetFocus, SetGestureConfig, FindWindowW, GetSystemMenu, PostMessageW, GetWindowDC, SetClassLongW, LoadStringW, EnableScrollBar, MsgWaitForMultipleObjectsEx, DestroyIcon, GetSysColor, GetWindowRect, GetClientRect, ScreenToClient, UpdateWindow, InvalidateRect, EnableWindow, SendMessageW, SetCapture, SetActiveWindow, ClientToScreen, BringWindowToTop, TrackMouseEvent, ReleaseCapture, LoadCursorW, SetCursor, InflateRect, CopyRect, KillTimer, SetTimer, EqualRect, SetRectEmpty, IsRectEmpty, GetKeyState, GetCursorPos, GetCapture, WindowFromPoint, UnionRect, GetDC, IntersectRect, PtInRect, RegisterClipboardFormatW, OffsetRect, FillRect, IsClipboardFormatAvailable, LoadMenuW, GetSystemMetrics, IsWindow, SetRect, MessageBeep, PeekMessageW, MessageBoxW, SetWindowTextW, ReleaseDC, SetForegroundWindow, GetAncestor, SetWindowPos, DestroyCursor, SendDlgItemMessageW, CheckDlgButton, SetDlgItemInt, GetDlgItemInt, GetDlgItem, DestroyCaret, CreateCaret, ShowCaret, MsgWaitForMultipleObjects, TranslateMessage, DispatchMessageW, DestroyWindow, wsprintfW, wvsprintfW, DrawFocusRect, WinHelpW, FrameRect, CharNextW, GetDesktopWindow, HideCaret, EnableMenuItem, TabbedTextOutW, DrawTextW, GrayStringW, BeginPaint, EndPaint, GetWindow, SetCaretPos

version.dll

GetFileVersionInfoExW, VerQueryValueW, GetFileVersionInfoSizeExW

winmm.dll

timeGetTime

mspaint.exe

Paint by Microsoft

Remove mspaint.exe

Version:	6.1.7600.16385 (win7_rtm.090713-1255)
MD5:	458f4590f80563eb2a0a72709bfc2bd9
SHA1:	3f97dc3bd1467c710c6a8d26b97bb6cf47deb4c6
SHA256:	ff923c051ae380bf30d749ebe9cf310ccab6572d84eb81b76fb1012bcbdf557f

This is a Windows system installed file with Windows File Protection (WFP) enabled.

Overview

mspaint.exe executes as a process with the local user's privileges usually within the context of Windows Explorer. This version is designed to run on Windows 7 and is compiled as a 64 bit program.

Details

File name:	mspaint.exe
Publisher:	Microsoft Corporation
Product name:	Paint
Description:	Microsoft® Windows® Operating System
Typical file path:	C:\Windows\System32\mspaint.exe
Original name:	MSPAINT.EXE.MUI
File version:	6.1.7600.16385 (win7_rtm.090713-1255)
Product version:	6.1.7600.16385
Size:	6.37 MB (6,676,480 bytes)
Build date:	7/13/2009 4:58 PM
Digital DNA
PE subsystem:	Windows GUI
Entropy:	5.846429
File packed:	No
Code language:	Microsoft Visual C++
.NET CLR:	No

More details

Behaviors

Approved shell extension

Located in the registry at 'SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved'

CLSID: {d3e34b21-9d75-101a-8c3d-00aa001a1652}

Resource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)

Averages

CPU
Total CPU:	0.00016830%	0.028634%
Kernel CPU:	0.00011235%	0.013761%
User CPU:	0.00005595%	0.014873%
Kernel CPU time:	1,997 ms/min	100,923,805ms/min
CPU cycles:	223,065/sec	17,470,203/sec
Context switches:	2/sec	284/sec
Memory
Private memory:	16.75 MB	21.59 MB
Private (maximum):	29.43 MB
Private (minimum):	26.87 MB
Non-paged memory:	16.75 MB	21.59 MB
Virtual memory:	116.93 MB	140.96 MB
Virtual memory (peak):	137.91 MB	169.69 MB
Working set:	28.68 MB	18.61 MB
Working set (peak):	29.89 MB	37.95 MB
Page faults:	37,967/min	2,039/min
I/O
I/O read transfer:	0 Bytes/sec	1.02 MB/min
I/O read operations:	1/sec	343/min
I/O other transfer:	0 Bytes/sec	448.09 KB/min
I/O other operations:	1/sec	1,671/min
Resource allocations
Threads:	6	12
Handles:	122	600
GUI GDI count:	479	103
GUI GDI peak:	486	142
GUI USER count:	93	49
GUI USER peak:	108	71

Process properties

Integrety level:	Medium
Platform:	64-bit
Command line:	"C:\Windows\System32\mspaint.exe"
Owner:	User
Parent process:	explorer.exe (Windows Explorer by Microsoft Corporation)

Distribution by Windows OS

OS version	distribution
Windows 7 Ultimate	28.57%
Windows Vista Ultimate	21.43%
Windows 7 Home Premium	7.14%
Windows 8	7.14%
Microsoft Windows XP	7.14%
Windows Vista Home Premium	7.14%
Windows Server 2008 Standard	7.14%
Windows Vista™ Home Premium	7.14%
Windows 7 Professional	7.14%

Distribution by country

United States installs about 37.50% of Paint.

Distribution by PC manufacturer

PC Manufacturer	distribution
Acer	40.00%
Dell	40.00%
Hewlett-Packard	20.00%

Remove Adware and Spyware Programs, FREE Download!