home

hscrollfun.exe

USB Mouse WheelUtility

Chicony Electronics Co., Ltd.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘RG1453HS’.
Publisher:
Chicony  (signed by Chicony Electronics Co., Ltd.)

Product:
USB Mouse WheelUtility

Description:
RG1453 WheelUtility

Version:
1.0.0.0

MD5:
dd15f152faa1c1236b352075864ae10a

SHA-1:
cfefad2b6120768e0be0426cd933bff211c5341d

SHA-256:
8f192b6f7d70131c4fc51db5f134f7ed46632459f8f65941f724fd0a0fd8793b

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/18/2024 1:53:07 PM UTC  (today)

File size:
62.3 KB (63,824 bytes)

Product version:
1.0.0.0.141217

Copyright:
Copyright (C) 2014

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\rg1453wheelutility\hscrollfun.exe

Digital Signature
Signed by:
Chicony Electronics Co., Ltd.

Authority:
VeriSign, Inc.

Valid from:
10/3/2012 8:00:00 AM

Valid to:
10/3/2015 7:59:59 AM

Subject:
CN="Chicony Electronics Co., Ltd.", OU=Keyboard, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Chicony Electronics Co., Ltd.", L=Taipei, S=Taiwan, C=TW

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
7A329B53E3FBF61A1B815EFF620FDC85

File PE Metadata
Compilation timestamp:
12/17/2014 5:13:26 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
768:Rbm7HV2tfMRIlkvDKl8CPpX5fOkhIUDKqufAiAtKuwD:RU1TOVdPrGkyQKqmctKLD

Entry address:
0x2BDF

Entry point:
E8, F3, 26, 00, 00, E9, 16, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 04, 8B, 4C, 24, 08, F7, C2, 03, 00, 00, 00, 75, 3C, 8B, 02, 3A, 01, 75, 2E, 0A, C0, 74, 26, 3A, 61, 01, 75, 25, 0A, E4, 74, 1D, C1, E8, 10, 3A, 41, 02, 75, 19, 0A, C0, 74, 11, 3A, 61, 03, 75, 10, 83, C1, 04, 83, C2, 04, 0A, E4, 75, D2, 8B, FF, 33, C0, C3, 90, 1B, C0, D1, E0, 83, C0, 01, C3, F7, C2, 01, 00, 00, 00, 74, 18, 8A, 02, 83, C2, 01, 3A, 01, 75, E7, 83, C1, 01, 0A, C0, 74, DC, F7, C2, 02, 00, 00, 00, 74, A4, 66, 8B, 02...
 
[+]

Entropy:
6.0237

Code size:
32 KB (32,768 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
RG1453HS

Command:
C:\Program Files\rg1453wheelutility\hscrollfun.exe


herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.