SmoothScroll[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

SmoothScroll.exe
Size

2.0MB
MD5

f90d43839dbfb6a7a2c32ea006a50606
SHA1

ca787e1518ded41403bfd166c1e415e484d8241e
SHA256

9edd2be901b1c0bb502910da54ad8e6d9b417605b3895c8247cb2e041681ce29
SHA512

235a4a3038727384be88cb0d96c0a20d7b86b62dac640404b0bcb7ea46c6b02fa4e813831380239cdf9480b51f376b85bdbea9fb61091750203c95bc61e61599
SSDEEP

24576:+EEbZzegGOi1oOogLXrUNHz0cihZxITdAqjd6bZZ:qbZMuigli2TdAv

Score

N/A

Malware Config

Signatures

Files

SmoothScroll.exe
.exe windows x64

c3980accd77d03ca92fa949fbd4d88ef

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

27/04/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

Issuer

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

30/05/2020, 10:48

Subject

CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

ba:22:76:3a:0d:11:c9:34:af:47:14:b7:3c:73:df:a1
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

24/04/2019, 00:00

Not After

23/04/2020, 23:59

Subject

CN=Balázs Galambosi,O=Balázs Galambosi,POSTALCODE=2683,STREET=Szolo u 4,L=Acsa,ST=Hungary,C=HU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ba:22:76:3a:0d:11:c9:34:af:47:14:b7:3c:73:df:a1
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

24/04/2019, 00:00

Not After

23/04/2020, 23:59

Subject

CN=Balázs Galambosi,O=Balázs Galambosi,POSTALCODE=2683,STREET=Szolo u 4,L=Acsa,ST=Hungary,C=HU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

01/08/2030, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:30:86:14:eb:49:37:54:c4:3e:4a:62:ea:76:37:62:4d:ce:c3:69:54:e9:1b:36:65:ce:37:9a:72:27:d5:07
Signer

Actual PE Digest

8c:30:86:14:eb:49:37:54:c4:3e:4a:62:ea:76:37:62:4d:ce:c3:69:54:e9:1b:36:65:ce:37:9a:72:27:d5:07

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Balázs Galambosi,O=Balázs Galambosi,POSTALCODE=2683,STREET=Szolo u 4,L=Acsa,ST=Hungary,C=HU

08/01/2020, 16:38
Valid: true

Chain 1

CN=Balázs Galambosi,O=Balázs Galambosi,POSTALCODE=2683,STREET=Szolo u 4,L=Acsa,ST=Hungary,C=HU

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

13:54:90:41:b9:6f:e0:cd:df:73:0f:c2:34:ad:ee:ab:e9:69:6d:4b
Signer

Actual PE Digest

13:54:90:41:b9:6f:e0:cd:df:73:0f:c2:34:ad:ee:ab:e9:69:6d:4b

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Balázs Galambosi,O=Balázs Galambosi,POSTALCODE=2683,STREET=Szolo u 4,L=Acsa,ST=Hungary,C=HU

08/01/2020, 16:38
Valid: true

Chain 1

CN=Balázs Galambosi,O=Balázs Galambosi,POSTALCODE=2683,STREET=Szolo u 4,L=Acsa,ST=Hungary,C=HU

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

libexpat

ord2
ord19
ord52
ord31
ord25
ord21
ord12
ord63
ord16

wininet

InternetSetStatusCallbackW
HttpQueryInfoA
InternetCloseHandle
InternetOpenW
InternetSetOptionW
InternetOpenUrlA
InternetQueryOptionA
InternetReadFileExW
InternetConnectW
HttpOpenRequestW
InternetCrackUrlA
HttpSendRequestW
InternetReadFile

rpcrt4

RpcStringFreeW
UuidCreate
UuidToStringW

kernel32

GetLastError
lstrlenW
LocalSize
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
EnterCriticalSection
LeaveCriticalSection
FindFirstFileW
FindNextFileW
FindClose
GetModuleFileNameW
CreateDirectoryW
DeleteFileW
GetTempPathW
CloseHandle
CreateEventW
SetEvent
WaitForSingleObject
VerSetConditionMask
VerifyVersionInfoW
FormatMessageA
OutputDebugStringA
InitializeCriticalSection
DeleteCriticalSection
FindResourceA
Sleep
RaiseException
ResumeThread
CreateSemaphoreW
CreateJobObjectW
SetInformationJobObject
OpenProcess
UnregisterWaitEx
GetExitCodeProcess
TerminateProcess
InitializeCriticalSectionEx
DecodePointer
GetVersionExW
GetVersion
AssignProcessToJobObject
RegisterWaitForSingleObject
CreateProcessW
LoadLibraryA
GetProcAddress
FreeLibrary
FlushFileBuffers
DisconnectNamedPipe
ConnectNamedPipe
CreateNamedPipeW
GetNamedPipeClientProcessId
ReadFile
WriteFile
GetFileAttributesW
IsThreadpoolTimerSet
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolTimer
GetCurrentThreadId
ReleaseSemaphore
CreateThread
SetPriorityClass
GetCurrentProcess
SetThreadPriority
GetCurrentThread
GetExitCodeThread
TerminateThread
QueryPerformanceFrequency
QueryPerformanceCounter
GetModuleHandleW
LoadLibraryW
GetThreadPriority
GetPriorityClass
SuspendThread
CreateToolhelp32Snapshot
Process32NextW
GetCurrentProcessId
LocalAlloc
QueryFullProcessImageNameW
MultiByteToWideChar
CreateFileW
SetFileTime
LocalFileTimeToFileTime
CreateFileA
DosDateTimeToFileTime
GetFileTime
SetFilePointer
VirtualAlloc
LoadLibraryExW
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
SignalObjectAndWait
CreateTimerQueue
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
ResetEvent
GetLocaleInfoW
LCMapStringW
CompareStringW
InterlockedPushEntrySList
GetCPInfo
GetTickCount
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
SwitchToThread
WaitForSingleObjectEx
DuplicateHandle
EncodePointer
RtlPcToFileHeader
TryEnterCriticalSection
GetStringTypeW
WideCharToMultiByte
OutputDebugStringW
IsDebuggerPresent
FormatMessageW
LocalFree
VirtualProtect
VirtualFree
InterlockedFlushSList
QueryDepthSList
RtlUnwindEx
ExitProcess
GetModuleHandleExW
ExitThread
SetConsoleCtrlHandler
GetDriveTypeW
GetFullPathNameW
FindFirstFileExW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFileInformationByHandle
GetFileType
PeekNamedPipe
GetStdHandle
GetCurrentDirectoryW
GetFileAttributesExW
SetStdHandle
IsValidCodePage
GetDateFormatW
InterlockedPopEntrySList
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
GetTimeZoneInformation
GetCommandLineW
ReadConsoleW
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetEndOfFile
WriteConsoleW
Process32FirstW
RtlUnwind

user32

EndPaint
UpdateWindow
ShowWindow
LoadCursorW
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
LoadAcceleratorsW
PostQuitMessage
GetDesktopWindow
BeginPaint
SetMenuItemInfoW
DrawMenuBar
RemoveMenu
GetGUIThreadInfo
IsHungAppWindow
GetRawInputData
GetMessageW
SendInput
WindowFromPoint
GetKeyState
CallNextHookEx
MonitorFromWindow
UnhookWindowsHookEx
MessageBoxA
BringWindowToTop
IsWindowVisible
GetWindow
SystemParametersInfoW
GetWindowRect
DefWindowProcW
GetMenuItemID
TrackPopupMenu
SetForegroundWindow
GetCursorPos
SetMenuDefaultItem
DestroyMenu
GetSubMenu
LoadMenuW
LoadStringW
KillTimer
SetTimer
LoadIconW
DestroyWindow
CreateWindowExW
RegisterClassExW
RegisterWindowMessageW
EnumWindows
GetWindowThreadProcessId
PostMessageW
GetMonitorInfoW
GetShellWindow
PostThreadMessageW
SetWindowsHookExW
GetForegroundWindow

gdi32

DeleteDC
CreateDCW

advapi32

CryptHashData
CryptAcquireContextW
RegDeleteValueA
RegOpenKeyExA
RegSetValueExW
RegCreateKeyExA
RegDeleteValueW
RegQueryValueExW
RegCreateKeyExW
RegCloseKey
CryptDestroyHash
CryptDestroyKey
CryptReleaseContext
RegCreateKeyW
RegGetValueW
CryptCreateHash

shell32

CommandLineToArgvW
ShellExecuteW
SHGetSpecialFolderPathW
SHFileOperationW
ShellExecuteExW
Shell_NotifyIconW

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance

winmm

timeBeginPeriod
timeGetTime
timeEndPeriod

wtsapi32

WTSRegisterSessionNotification
WTSUnRegisterSessionNotification

shlwapi

SHDeleteKeyW
PathFileExistsW
PathFindFileNameW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoExW
GetFileVersionInfoSizeExW
GetFileVersionInfoW

crypt32

CryptStringToBinaryA
CryptDecodeObjectEx
CryptImportPublicKeyInfo

Sections

.text
Size: 942KB - Virtual size: 941KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 335KB - Virtual size: 334KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 95KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 632KB - Virtual size: 631KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c3980accd77d03ca92fa949fbd4d88ef

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19Certificate

Extended Key Usages

Key Usages

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49Certificate

Extended Key Usages

Key Usages

ba:22:76:3a:0d:11:c9:34:af:47:14:b7:3c:73:df:a1Certificate

Extended Key Usages

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

ba:22:76:3a:0d:11:c9:34:af:47:14:b7:3c:73:df:a1Certificate

Extended Key Usages

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

8c:30:86:14:eb:49:37:54:c4:3e:4a:62:ea:76:37:62:4d:ce:c3:69:54:e9:1b:36:65:ce:37:9a:72:27:d5:07Signer

Signature Validations

Verification

08/01/2020, 16:38 Valid: true

Chain 1

13:54:90:41:b9:6f:e0:cd:df:73:0f:c2:34:ad:ee:ab:e9:69:6d:4bSigner

Signature Validations

Verification

08/01/2020, 16:38 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

libexpat

wininet

rpcrt4

kernel32

user32

gdi32

advapi32

shell32

ole32

winmm

wtsapi32

shlwapi

version

crypt32

Sections

.text Size: 942KB - Virtual size: 941KB

.rdata Size: 335KB - Virtual size: 334KB

.data Size: 95KB - Virtual size: 168KB

.pdata Size: 47KB - Virtual size: 46KB

.rsrc Size: 632KB - Virtual size: 631KB

.reloc Size: 9KB - Virtual size: 8KB

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

ba:22:76:3a:0d:11:c9:34:af:47:14:b7:3c:73:df:a1
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

ba:22:76:3a:0d:11:c9:34:af:47:14:b7:3c:73:df:a1
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

8c:30:86:14:eb:49:37:54:c4:3e:4a:62:ea:76:37:62:4d:ce:c3:69:54:e9:1b:36:65:ce:37:9a:72:27:d5:07
Signer

08/01/2020, 16:38
Valid: true

13:54:90:41:b9:6f:e0:cd:df:73:0f:c2:34:ad:ee:ab:e9:69:6d:4b
Signer

08/01/2020, 16:38
Valid: true

.text
Size: 942KB - Virtual size: 941KB

.rdata
Size: 335KB - Virtual size: 334KB

.data
Size: 95KB - Virtual size: 168KB

.pdata
Size: 47KB - Virtual size: 46KB

.rsrc
Size: 632KB - Virtual size: 631KB

.reloc
Size: 9KB - Virtual size: 8KB