» hscrollfun.exe
Overview
Analysis
File Details
Behaviors (1)

hscrollfun.exe

USB Mouse WheelUtility

Chicony Electronics Co., Ltd.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘USBHScrollFun’.

File name:

hscrollfun.exe

Publisher:

Chicony (signed by Chicony Electronics Co., Ltd.)

Product:

USB Mouse WheelUtility

Version:

1.0.0.0

MD5:

384ece5a83938ca55b14600884bfcf23

SHA-1:

e7f9f8cbc6195f58f306793e20b29b4ec54f10c2

SHA-256:

eca7b363af426420e45886d76f1f374fbd47f4791302e92b2636c1ac928c5943

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/19/2024 6:54:34 AM UTC (today)

File size:

66.3 KB (67,920 bytes)

Product version:

1.0.0.0.131205

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\wheelutility\hscrollfun.exe

Digital Signature

Signed by:

Chicony Electronics Co., Ltd.

Authority:

VeriSign, Inc.

Valid from:

10/3/2012 9:00:00 AM

Valid to:

10/3/2015 8:59:59 AM

Subject:

CN="Chicony Electronics Co., Ltd.", OU=Keyboard, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Chicony Electronics Co., Ltd.", L=Taipei, S=Taiwan, C=TW

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

7A329B53E3FBF61A1B815EFF620FDC85

File PE Metadata

Compilation timestamp:

12/5/2013 3:29:56 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

768:UZ7tW4IMyDCNOIvM/wRMPIBnIKkhbjhcJWWAiAtEUUUUhwt:C7tWqqjv/tPIPkjchctEUUUUhW

Entry address:

0x34AF

Entry point:

E8, F3, 26, 00, 00, E9, 16, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 04, 8B, 4C, 24, 08, F7, C2, 03, 00, 00, 00, 75, 3C, 8B, 02, 3A, 01, 75, 2E, 0A, C0, 74, 26, 3A, 61, 01, 75, 25, 0A, E4, 74, 1D, C1, E8, 10, 3A, 41, 02, 75, 19, 0A, C0, 74, 11, 3A, 61, 03, 75, 10, 83, C1, 04, 83, C2, 04, 0A, E4, 75, D2, 8B, FF, 33, C0, C3, 90, 1B, C0, D1, E0, 83, C0, 01, C3, F7, C2, 01, 00, 00, 00, 74, 18, 8A, 02, 83, C2, 01, 3A, 01, 75, E7, 83, C1, 01, 0A, C0, 74, DC, F7, C2, 02, 00, 00, 00, 74, A4, 66, 8B, 02... 
[+]

Entropy:

5.9285

Code size:

36 KB (36,864 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

USBHScrollFun

Command:

C:\Program Files\wheelutility\hscrollfun.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.