Should I block it?

No, this file is 100% safe to run.

Additional versions

6.2.9200.16384 (win8_rtm.120725-1247)	7.14%
6.1.7600.16385 (win7_rtm.090713-1255)	35.71%
6.1.7600.16385 (win7_rtm.090713-1255)	7.14%
6.0.6000.16386 (vista_rtm.061101-2205)	14.29%
6.0.6000.16386 (vista_rtm.061101-2205)	7.14%
6.0.6000.16386 (vista_rtm.061101-2205)	14.29%
6.0.6000.16386 (vista_rtm.061101-2205)	7.14%
5.1.2600.5512 (xpsp.080413-2105)	7.14%

Relationships

Parent process

dllhost.exe (COM Surrogate by Microsoft Corporation)

Related files

PE file structure

Show functions

Import table

advapi32.dll

DecryptFileW, EncryptFileW, EventWrite, EventRegister, EventUnregister, RegCloseKey, RegCreateKeyExW, RegOpenKeyExW, RegQueryValueExW, RegSetValueExW, SetNamedSecurityInfoW, GetNamedSecurityInfoW, CloseServiceHandle, QueryServiceConfigW, OpenServiceW, OpenSCManagerW, RegQueryInfoKeyW, RegGetValueW, RegEnumValueW, RegDeleteKeyW, RegEnumKeyExW, RegOpenKeyExA, RegOpenKeyW, RegEnumKeyW, RegQueryValueExA

comctl32.dll

ImageList_Draw, ImageList_ReplaceIcon, ImageList_Remove, PropertySheetW, CreatePropertySheetPageW, ImageList_GetImageCount

comdlg32.dll

GetOpenFileNameW, GetFileTitleW, GetSaveFileNameW, CommDlgExtendedError

gdi32.dll

Polygon, GetTextFaceW, GdiGradientFill, GetTextExtentPoint32W, CreateFontW, Polyline, CreatePolygonRgn, SetROP2, GetTextMetricsW, TranslateCharsetInfo, StretchDIBits, CreateDCW, CreateFontIndirectW, SetStretchBltMode, ExtSelectClipRgn, GetBrushOrgEx, GetRgnBox, CombineRgn, CreateRectRgn, ExtFloodFill, SetBrushOrgEx, UnrealizeObject, GetPixel, MoveToEx, LineTo, SetPixel, CreateDIBSection, CreatePen, SetDIBitsToDevice, CreateDIBitmap, GetDIBits, CreateHalftonePalette, StretchBlt, EnumFontFamiliesExW, OffsetRgn, GetNearestColor, CreatePalette, SetViewportExtEx, PlayMetaFile, SaveDC, SetMapMode, LPtoDP, GetDeviceCaps, CreateCompatibleBitmap, CreateCompatibleDC, RealizePalette, BitBlt, DeleteDC, SelectPalette, SelectObject, DeleteObject, SetDIBits, CreateBitmap, GetPaletteEntries, SetPaletteEntries, GetNearestPaletteIndex, ResizePalette, CreateSolidBrush, CreatePatternBrush, GetObjectW, GetCurrentObject, GetDIBColorTable, SetTextColor, SetBkColor, CreateRectRgnIndirect, FillRgn, PatBlt, GetStockObject, SetDIBColorTable, GdiAlphaBlend, Rectangle, RestoreDC, SetBkMode, SetTextAlign, ExtTextOutW, CreateICW, RoundRect, PtVisible, RectVisible, TextOutW, Escape, GetBkMode, GetTextColor, EnumFontFamiliesW, PolyBezier, Ellipse

imm32.dll

ImmGetCompositionStringW, ImmGetCompositionWindow, ImmGetContext, ImmSetCompositionWindow, ImmReleaseContext, ImmAssociateContext, ImmNotifyIME

kernel32.dll

GetModuleFileNameW, CreateThread, GetCurrentProcess, IsWow64Process, Wow64DisableWow64FsRedirection, Wow64RevertWow64FsRedirection, FreeLibraryAndExitThread, InterlockedExchange, GetVersionExW, HeapFree, GetProcessHeap, HeapAlloc, GetExitCodeThread, GlobalReAlloc, GetTempPathW, MoveFileExW, CopyFileW, DeleteFileW, GetACP, GetModuleHandleA, HeapSetInformation, LoadLibraryW, FreeLibrary, GetTickCount, lstrcmpiW, GetProcAddress, InterlockedDecrement, GetThreadLocale, InterlockedIncrement, DeleteCriticalSection, SetEndOfFile, FindFirstFileW, GlobalAddAtomW, GlobalDeleteAtom, LocalAlloc, LocalFree, SetErrorMode, GetFileSize, FileTimeToLocalFileTime, FileTimeToSystemTime, GetDateFormatW, GetTimeFormatW, GetLocaleInfoW, lstrlenW, MulDiv, CloseHandle, GetFileSizeEx, CreateFileW, FormatMessageW, GetModuleHandleW, GlobalAlloc, GlobalFree, GlobalUnlock, GlobalLock, GetFileTime, GetFileAttributesW, DeviceIoControl, SetFileTime, GetLastError, SetFileAttributesW, FindClose, WriteFile, ReadFile, WideCharToMultiByte, MultiByteToWideChar, Sleep, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, InterlockedCompareExchange, GetStartupInfoW, OutputDebugStringA, SetUnhandledExceptionFilter, QueryPerformanceCounter, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, UnhandledExceptionFilter, WaitForSingleObject, ReleaseMutex, CreateMutexW, lstrcmpW, ApplicationRecoveryInProgress, ApplicationRecoveryFinished, RegisterApplicationRecoveryCallback, RegisterApplicationRestart, CompareFileTime, FindFirstStreamW, FindNextStreamW, RaiseException, LoadLibraryA, GetTempFileNameW, GetSystemTime, SystemTimeToFileTime, TerminateThread, IsDBCSLeadByte, lstrcpyW, lstrcpynW, GetCommandLineW, lstrlenA, CreateDirectoryW, GetNumberFormatW, lstrcatW

mfc42u.dll

DllMain

msvcrt.dll

DllMain

ntdll.dll

RtlInitUnicodeString, NtQueryLicenseValue, WinSqmIncrementDWORD, WinSqmStartSession, WinSqmEndSession, WinSqmAddToStream, WinSqmSetIfMaxDWORD

ole32.dll

PropVariantCopy, CreateStreamOnHGlobal, CoInitialize, CoUninitialize, CoMarshalInterThreadInterfaceInStream, PropVariantClear, CoTaskMemFree, CLSIDFromString, CoCreateInstance, WriteClassStg, WriteFmtUserTypeStg, OleGetClipboard, ReleaseStgMedium, FreePropVariantArray, CoGetInterfaceAndReleaseStream

propsys.dll

PropVariantToUInt32, PropVariantToString, PropVariantToUInt32WithDefault

rpcrt4.dll

UuidCreate, RpcStringFreeW, UuidToStringW

shell32.dll

SHChangeNotify, SHAddToRecentDocs, DragFinish, DragQueryFileW, ShellAboutW, SHGetFolderPathEx, SHParseDisplayName, SHCreateShellItem, ShellExecuteExW, SHGetFolderPathW, SHGetSpecialFolderPathW, SHBindToParent, CommandLineToArgvW

shlwapi.dll

SHStrDupW, PathStripPathW

user32.dll

IsWindowVisible, LoadIconW, GetClassInfoW, GetMonitorInfoW, MonitorFromRect, DestroyMenu, PostQuitMessage, LoadImageW, SystemParametersInfoW, RegisterTouchWindow, UnregisterTouchWindow, GetMenu, IsMenu, SetWindowLongW, LoadBitmapW, CheckMenuItem, GetSubMenu, RemoveMenu, GetUpdateRect, ValidateRect, RedrawWindow, GetCaretPos, GetTouchInputInfo, ShowCursor, CloseTouchInputHandle, GetMessageExtraInfo, GetWindowLongW, GetKeyboardLayout, SetPropW, GetParent, GetFocus, SetGestureConfig, FindWindowW, GetSystemMenu, PostMessageW, GetWindowDC, SetClassLongW, LoadStringW, EnableScrollBar, MsgWaitForMultipleObjectsEx, DestroyIcon, GetSysColor, GetWindowRect, GetClientRect, ScreenToClient, UpdateWindow, InvalidateRect, EnableWindow, SendMessageW, SetCapture, SetActiveWindow, ClientToScreen, BringWindowToTop, TrackMouseEvent, ReleaseCapture, LoadCursorW, SetCursor, InflateRect, CopyRect, KillTimer, SetTimer, EqualRect, SetRectEmpty, IsRectEmpty, GetKeyState, GetCursorPos, GetCapture, WindowFromPoint, UnionRect, GetDC, IntersectRect, PtInRect, RegisterClipboardFormatW, OffsetRect, FillRect, IsClipboardFormatAvailable, LoadMenuW, GetSystemMetrics, IsWindow, SetRect, MessageBeep, PeekMessageW, MessageBoxW, SetWindowTextW, ReleaseDC, SetForegroundWindow, GetAncestor, SetWindowPos, DestroyCursor, SendDlgItemMessageW, CheckDlgButton, SetDlgItemInt, GetDlgItemInt, GetDlgItem, DestroyCaret, CreateCaret, ShowCaret, MsgWaitForMultipleObjects, TranslateMessage, DispatchMessageW, DestroyWindow, wsprintfW, wvsprintfW, DrawFocusRect, WinHelpW, FrameRect, CharNextW, GetDesktopWindow, HideCaret, EnableMenuItem, TabbedTextOutW, DrawTextW, GrayStringW, BeginPaint, EndPaint, GetWindow, SetCaretPos

version.dll

GetFileVersionInfoExW, VerQueryValueW, GetFileVersionInfoSizeExW

winmm.dll

timeGetTime

mspaint.exe

Paint by Microsoft

Remove mspaint.exe

Version:	6.2.9200.16384 (win8_rtm.120725-1247)
MD5:	4a6e008f312b6dd9c7f9149bbb6d7ef8
SHA1:	7ff26048a2469933a69af6200b114f24e18e8917
SHA256:	ea9c25f8226e393c188475bb0c748e753bacdec611b3deed1ff8ce6cd9a5bcf5

This is a Windows system installed file with Windows File Protection (WFP) enabled.

Overview

mspaint.exe executes as a process with the local user's privileges typically within the context of its parent dllhost.exe (COM Surrogate by Microsoft Corporation). This version is installed on Windows 8 and is compiled as a 64 bit program.

Details

File name:	mspaint.exe
Publisher:	Microsoft Corporation
Product name:	Paint
Description:	Microsoft® Windows® Operating System
Typical file path:	C:\Windows\System32\mspaint.exe
Original name:	MSPAINT.EXE.MUI
File version:	6.2.9200.16384 (win8_rtm.120725-1247)
Product version:	6.2.9200.16384
Size:	6.38 MB (6,684,672 bytes)
Build date:	7/26/2012 2:56 AM
Digital DNA
PE subsystem:	Windows GUI
Entropy:	5.846429
File packed:	No
Code language:	Microsoft Visual C++
.NET CLR:	No

More details

Behaviors

Approved shell extension

Located in the registry at 'SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved'

CLSID: {d3e34b21-9d75-101a-8c3d-00aa001a1652}

Resource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)

Averages

CPU
Total CPU:	0.01922430%	0.028634%
Kernel CPU:	0.01112645%	0.013761%
User CPU:	0.00809785%	0.014873%
Kernel CPU time:	66,875 ms/min	100,923,805ms/min
Memory
Private memory:	62.58 MB	21.59 MB
Private (maximum):	93.44 MB
Private (minimum):	23.56 MB
Non-paged memory:	62.58 MB	21.59 MB
Virtual memory:	880.02 MB	140.96 MB
Virtual memory (peak):	995.8 MB	169.69 MB
Working set:	90.2 MB	18.61 MB
Working set (peak):	95.4 MB	37.95 MB
Resource allocations
Threads:	15	12
Handles:	765	600
GUI GDI count:	556	103
GUI GDI peak:	723	142
GUI USER count:	97	49
GUI USER peak:	240	71

Process properties

Integrety level:	Medium
Platform:	64-bit
Command line:	"C:\Windows\System32\mspaint.exe" "C:\users\elkjøp stav. sentrum\pictures\92c5691a-3b60-46fd-985a-269a91225c11_4.jpg"
Owner:	User
Parent process:	dllhost.exe (COM Surrogate by Microsoft Corporation)

Distribution by Windows OS

OS version	distribution
Windows 7 Ultimate	28.57%
Windows Vista Ultimate	21.43%
Windows 7 Home Premium	7.14%
Windows 8	7.14%
Microsoft Windows XP	7.14%
Windows Vista Home Premium	7.14%
Windows Server 2008 Standard	7.14%
Windows Vista™ Home Premium	7.14%
Windows 7 Professional	7.14%

Distribution by country

United States installs about 37.50% of Paint.

Distribution by PC manufacturer

PC Manufacturer	distribution
Acer	40.00%
Dell	40.00%
Hewlett-Packard	20.00%

Remove Adware and Spyware Programs, FREE Download!