Manalyze report for 88372e4fdbc7838560b7742f23726aa2

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2020-Jan-08 16:38:13
Detected languages	English - United States
Debug artifacts	G:\Shared\Dropbox\Projects\WIN\SmoothScroll\x64\Release\SmoothScroll.pdb
CompanyName	Balázs Galambosi
FileDescription	SmoothScroll
FileVersion	`1.2.4.0`
InternalName	SmoothScroll.exe
LegalCopyright	Copyright (C) 2019 Balázs Galambosi
OriginalFilename	SmoothScroll.exe
ProductName	SmoothScroll
ProductVersion	`1.2.4.0`

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Looks for VMWare presence: vmware` `May have dropper capabilities: CurrentVersion\Run` Contains domain names: analytics.com andymatuschak.org client.smoothscroll.net fastspring.com google-analytics.com http://www.andymatuschak.org http://www.andymatuschak.org/xml-namespaces/sparkle#dsaSignature http://www.andymatuschak.org/xml-namespaces/sparkle#installerArguments http://www.andymatuschak.org/xml-namespaces/sparkle#minimumSystemVersion http://www.andymatuschak.org/xml-namespaces/sparkle#os http://www.andymatuschak.org/xml-namespaces/sparkle#releaseNotesLink http://www.andymatuschak.org/xml-namespaces/sparkle#shortVersionString http://www.andymatuschak.org/xml-namespaces/sparkle#version http://www.winimage.com http://www.winimage.com/zLibDll https://client.smoothscroll.net https://client.smoothscroll.net/license/validate.php https://sites.fastspring.com https://sites.fastspring.com/smoothscroll/product/smoothscroll-windows?app https://updater.smoothscroll.net https://updater.smoothscroll.net/win/updater.xml https://winsparkle.org https://www.smoothscroll.net https://www.smoothscroll.net/win/getting-started/pdf/ https://www.smoothscroll.net/win/getting-started/sublime/ sites.fastspring.com smoothscroll.net updater.smoothscroll.net winimage.com winsparkle.org www.andymatuschak.org www.google-analytics.com www.smoothscroll.net www.winimage.com
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses known Mersenne Twister constants` `Microsoft's Cryptography API`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress LoadLibraryW LoadLibraryExW` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot SwitchToThread` `Can access the registry: RegDeleteValueA RegOpenKeyExA RegSetValueExW RegCreateKeyExA RegDeleteValueW RegQueryValueExW RegCreateKeyExW RegCloseKey RegCreateKeyW RegGetValueW SHDeleteKeyW` `Possibly launches other programs: CreateProcessW ShellExecuteW` `Uses Microsoft's cryptographic API: CryptHashData CryptAcquireContextW CryptDestroyHash CryptDestroyKey CryptReleaseContext CryptCreateHash CryptStringToBinaryA CryptDecodeObjectEx CryptImportPublicKeyInfo` `Can create temporary files: GetTempPathW CreateFileW CreateFileA` `Uses functions commonly found in keyloggers: CallNextHookEx GetForegroundWindow` `Memory manipulation functions often used by packers: VirtualAlloc VirtualProtect` `Has Internet access capabilities: InternetSetStatusCallbackW InternetCloseHandle InternetOpenW InternetSetOptionW InternetOpenUrlA InternetQueryOptionA InternetReadFileExW InternetConnectW InternetCrackUrlA InternetReadFile` `Enumerates local disk drives: GetDriveTypeW` `Manipulates other processes: OpenProcess Process32NextW Process32FirstW`
Info	The PE is digitally signed.	`Signer: Bal\xC3\xA1zs Galambosi` `Issuer: Sectigo RSA Code Signing CA`
Safe	VirusTotal score: 0/71 (Scanned on 2024-03-27 23:49:46)	`All the AVs think this file is safe.`

Hashes

MD5	`88372e4fdbc7838560b7742f23726aa2`
SHA1	`ed54a94ebd80080963ef07245a9d3796bb1b57e0`
SHA256	`634dace41ea8fb775082ab16e5d0ec77760f7bcdf7e27e70a59140bf2ad31e8a`
SHA3	`5b637a9557c78c064fd6d60581141bc9a983b538d41eb3a79be372fda2c9a86c`
SSDeep	`24576:+EEbZzegGOihoOogLXrUNHz0cihZxITdAqjd6bZZ:qbZouigli2TdAv`
Imports Hash	`c3980accd77d03ca92fa949fbd4d88ef`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x118`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2020-Jan-08 16:38:13
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0xeb800`
SizeOfInitializedData	`0x129e00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000000934EC (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x219000`
SizeOfHeaders	`0x400`
Checksum	`0x20c74e`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`9132ac9d76bef4b52b4a5180d5382f41`
SHA1	`425b36aef3e137bc6705c94e92c1925e8883963c`
SHA256	`78d24b1ba77e88adb158059841819f527ef372c2f2e1cf5c7378a5014b359864`
SHA3	`f34264dcf1d8d62d0f33ed28c513df4817468879ce37809da86f4e3e5e345939`
VirtualSize	`0xeb768`
VirtualAddress	`0x1000`
SizeOfRawData	`0xeb800`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.45`

.rdata

MD5	`0c0dbcd58e53b7119e6584e9dcc69945`
SHA1	`c26d320b03cd8c3003c6861ac9e6dd87966e414c`
SHA256	`501a15accf5636ecddbe5a6863db6d7bc6ce803c8ba1a3c44046505415a1390a`
SHA3	`bf8f46ea3a98a1903088e815be42bd4d59c202876992781e75a1ec3da31faf43`
VirtualSize	`0x53a54`
VirtualAddress	`0xed000`
SizeOfRawData	`0x53c00`
PointerToRawData	`0xebc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.79599`

.data

MD5	`a50774b34b040d7544ac4fd1aaf0e74c`
SHA1	`ac81cc14196417ad42509abcbfeb221a68ed99d8`
SHA256	`6fc832b816c7179c045a5d45c25610c744d5a7a5fd615214bb18048b4239ab89`
SHA3	`856712559765dc17e7a065b87cf0c2bc9c648601e559d20dabbe35208efa4c10`
VirtualSize	`0x2a1d4`
VirtualAddress	`0x141000`
SizeOfRawData	`0x17c00`
PointerToRawData	`0x13f800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.13092`

.pdata

MD5	`3cb8b2c0037ebca6e4e49ce808c9e2c5`
SHA1	`65acc501f15d4caef3eef7a8dc498e62b7189418`
SHA256	`b2c365cfa13f3812986157913630e69f0249bd69523610c965daecd056570571`
SHA3	`532d70d6fbb7c37a0e4a08d7b9aa2eb2d56b9ebaf949b004ebe9587e2d08a2c2`
VirtualSize	`0xbac0`
VirtualAddress	`0x16c000`
SizeOfRawData	`0xbc00`
PointerToRawData	`0x157400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.98229`

.rsrc

MD5	`39a710da38c6ac03af26a5f3a849fcc3`
SHA1	`e4edda95d98e93de669aa2b74e3e0cf5d0b55918`
SHA256	`417f220fd365097a555e54ddd90303d18ecce7b125f8c3a570294c7577ce0675`
SHA3	`0166b17ee5a24f49032690d56bcaa7eb90bf712781ed149604ef339731599e4f`
VirtualSize	`0x9de90`
VirtualAddress	`0x178000`
SizeOfRawData	`0x9e000`
PointerToRawData	`0x163000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.62918`

.reloc

MD5	`687653c3659969f2af8cc68b84b6b3e7`
SHA1	`a24376755b46e1e6dbb2d0dbccd7831c86a8633f`
SHA256	`34c9c0facb41c5eeb97feb450585e6fa52a9626965b2739126f6c4059b2a3899`
SHA3	`a06ee405c45f6fd006f30fb91507278a13f7f346ef2b19f923b3ecafbf2ba8ce`
VirtualSize	`0x23f8`
VirtualAddress	`0x216000`
SizeOfRawData	`0x2400`
PointerToRawData	`0x201000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.44398`

Imports

libexpat.dll	`#2` `#19` `#52` `#31` `#25` `#21` `#12` `#63` `#16`
WININET.dll	`InternetSetStatusCallbackW` `HttpQueryInfoA` `InternetCloseHandle` `InternetOpenW` `InternetSetOptionW` `InternetOpenUrlA` `InternetQueryOptionA` `InternetReadFileExW` `InternetConnectW` `HttpOpenRequestW` `InternetCrackUrlA` `HttpSendRequestW` `InternetReadFile`
RPCRT4.dll	`RpcStringFreeW` `UuidCreate` `UuidToStringW`
KERNEL32.dll	`GetLastError` `lstrlenW` `LocalSize` `HeapDestroy` `HeapSize` `HeapReAlloc` `HeapFree` `HeapAlloc` `GetProcessHeap` `SizeofResource` `LockResource` `LoadResource` `FindResourceW` `FindResourceExW` `EnterCriticalSection` `LeaveCriticalSection` `FindFirstFileW` `FindNextFileW` `FindClose` `GetModuleFileNameW` `CreateDirectoryW` `DeleteFileW` `GetTempPathW` `CloseHandle` `CreateEventW` `SetEvent` `WaitForSingleObject` `VerSetConditionMask` `VerifyVersionInfoW` `FormatMessageA` `OutputDebugStringA` `InitializeCriticalSection` `DeleteCriticalSection` `FindResourceA` `Sleep` `RaiseException` `ResumeThread` `CreateSemaphoreW` `CreateJobObjectW` `SetInformationJobObject` `OpenProcess` `UnregisterWaitEx` `GetExitCodeProcess` `TerminateProcess` `InitializeCriticalSectionEx` `DecodePointer` `GetVersionExW` `GetVersion` `AssignProcessToJobObject` `RegisterWaitForSingleObject` `CreateProcessW` `LoadLibraryA` `GetProcAddress` `FreeLibrary` `FlushFileBuffers` `DisconnectNamedPipe` `ConnectNamedPipe` `CreateNamedPipeW` `GetNamedPipeClientProcessId` `ReadFile` `WriteFile` `GetFileAttributesW` `IsThreadpoolTimerSet` `SetThreadpoolTimer` `WaitForThreadpoolTimerCallbacks` `CloseThreadpoolTimer` `CreateThreadpoolTimer` `GetCurrentThreadId` `ReleaseSemaphore` `CreateThread` `SetPriorityClass` `GetCurrentProcess` `SetThreadPriority` `GetCurrentThread` `GetExitCodeThread` `TerminateThread` `QueryPerformanceFrequency` `QueryPerformanceCounter` `GetModuleHandleW` `LoadLibraryW` `GetThreadPriority` `GetPriorityClass` `SuspendThread` `CreateToolhelp32Snapshot` `Process32NextW` `GetCurrentProcessId` `LocalAlloc` `QueryFullProcessImageNameW` `MultiByteToWideChar` `CreateFileW` `SetFileTime` `LocalFileTimeToFileTime` `CreateFileA` `DosDateTimeToFileTime` `GetFileTime` `SetFilePointer` `VirtualAlloc` `LoadLibraryExW` `GetModuleHandleA` `FreeLibraryAndExitThread` `GetThreadTimes` `UnregisterWait` `SetThreadAffinityMask` `GetProcessAffinityMask` `GetNumaHighestNodeNumber` `DeleteTimerQueueTimer` `ChangeTimerQueueTimer` `CreateTimerQueueTimer` `GetLogicalProcessorInformation` `SignalObjectAndWait` `CreateTimerQueue` `InitializeSListHead` `GetStartupInfoW` `IsProcessorFeaturePresent` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `RtlVirtualUnwind` `RtlLookupFunctionEntry` `RtlCaptureContext` `ResetEvent` `GetLocaleInfoW` `LCMapStringW` `CompareStringW` `InterlockedPushEntrySList` `GetCPInfo` `GetTickCount` `GetSystemTimeAsFileTime` `TlsFree` `TlsSetValue` `TlsGetValue` `TlsAlloc` `InitializeCriticalSectionAndSpinCount` `SetLastError` `SwitchToThread` `WaitForSingleObjectEx` `DuplicateHandle` `EncodePointer` `RtlPcToFileHeader` `TryEnterCriticalSection` `GetStringTypeW` `WideCharToMultiByte` `OutputDebugStringW` `IsDebuggerPresent` `FormatMessageW` `LocalFree` `VirtualProtect` `VirtualFree` `InterlockedFlushSList` `QueryDepthSList` `RtlUnwindEx` `ExitProcess` `GetModuleHandleExW` `ExitThread` `SetConsoleCtrlHandler` `GetDriveTypeW` `GetFullPathNameW` `FindFirstFileExW` `SystemTimeToTzSpecificLocalTime` `FileTimeToSystemTime` `GetFileInformationByHandle` `GetFileType` `PeekNamedPipe` `GetStdHandle` `GetCurrentDirectoryW` `GetFileAttributesExW` `SetStdHandle` `IsValidCodePage` `GetDateFormatW` `InterlockedPopEntrySList` `GetTimeFormatW` `IsValidLocale` `GetUserDefaultLCID` `EnumSystemLocalesW` `GetConsoleCP` `GetConsoleMode` `GetFileSizeEx` `SetFilePointerEx` `GetTimeZoneInformation` `GetCommandLineW` `ReadConsoleW` `GetACP` `GetOEMCP` `GetCommandLineA` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `SetEnvironmentVariableW` `SetEndOfFile` `WriteConsoleW` `Process32FirstW` `RtlUnwind`
USER32.dll	`EndPaint` `UpdateWindow` `ShowWindow` `LoadCursorW` `DispatchMessageW` `TranslateMessage` `TranslateAcceleratorW` `LoadAcceleratorsW` `PostQuitMessage` `GetDesktopWindow` `BeginPaint` `SetMenuItemInfoW` `DrawMenuBar` `RemoveMenu` `GetGUIThreadInfo` `IsHungAppWindow` `GetRawInputData` `GetMessageW` `SendInput` `WindowFromPoint` `GetKeyState` `CallNextHookEx` `MonitorFromWindow` `UnhookWindowsHookEx` `MessageBoxA` `BringWindowToTop` `IsWindowVisible` `GetWindow` `SystemParametersInfoW` `GetWindowRect` `DefWindowProcW` `GetMenuItemID` `TrackPopupMenu` `SetForegroundWindow` `GetCursorPos` `SetMenuDefaultItem` `DestroyMenu` `GetSubMenu` `LoadMenuW` `LoadStringW` `KillTimer` `SetTimer` `LoadIconW` `DestroyWindow` `CreateWindowExW` `RegisterClassExW` `RegisterWindowMessageW` `EnumWindows` `GetWindowThreadProcessId` `PostMessageW` `GetMonitorInfoW` `GetShellWindow` `PostThreadMessageW` `SetWindowsHookExW` `GetForegroundWindow`
GDI32.dll	`DeleteDC` `CreateDCW`
ADVAPI32.dll	`CryptHashData` `CryptAcquireContextW` `RegDeleteValueA` `RegOpenKeyExA` `RegSetValueExW` `RegCreateKeyExA` `RegDeleteValueW` `RegQueryValueExW` `RegCreateKeyExW` `RegCloseKey` `CryptDestroyHash` `CryptDestroyKey` `CryptReleaseContext` `RegCreateKeyW` `RegGetValueW` `CryptCreateHash`
SHELL32.dll	`CommandLineToArgvW` `ShellExecuteW` `SHGetSpecialFolderPathW` `SHFileOperationW` `ShellExecuteExW` `Shell_NotifyIconW`
ole32.dll	`CoInitializeEx` `CoUninitialize` `CoCreateInstance`
WINMM.dll	`timeBeginPeriod` `timeGetTime` `timeEndPeriod`
WTSAPI32.dll	`WTSRegisterSessionNotification` `WTSUnRegisterSessionNotification`
SHLWAPI.dll	`SHDeleteKeyW` `PathFileExistsW` `PathFindFileNameW`
VERSION.dll	`GetFileVersionInfoSizeW` `VerQueryValueW` `GetFileVersionInfoExW` `GetFileVersionInfoSizeExW` `GetFileVersionInfoW`
CRYPT32.dll	`CryptStringToBinaryA` `CryptDecodeObjectEx` `CryptImportPublicKeyInfo`

Delayed Imports

FEEDURL

Type	`APPCAST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.09162`
MD5	`96cd538c8420cd16611a39edb4b11793`
SHA1	`5f3bf63775987594326f0af7fd9c9350ced6c184`
SHA256	`62a3a93cd1cdf553cd9700c7866d79d33a4313046db9aca30f89dd486780c40f`
SHA3	`73a58cbf5b6d3141673898677af56572ae5fa6cbe1db5aa02e16f1d59fe29331`

DSAPUB

Type	`DSAPEM`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8dc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.05681`
MD5	`09aa1b082e6ad57f7264ce5e632f030f`
SHA1	`0f079b2660a93936098466aeaa33838497ee8df2`
SHA256	`3bae603f5feb729bf16e6bc2a1be780edd0991dccc7e140e838c1f025cd55741`
SHA3	`5c28f8aea8572ed1d373c755934fdb1e23f609ece0bb5d211e6648f6ce5690a2`

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.28161`
MD5	`9cb56898da48813d0a2098bbfc44a5cb`
SHA1	`b144ad0d38129db5096efc34f1d204f172e8792f`
SHA256	`00ec1f008cff7682faf1d17d7b1aa1e02a1c9381e81eb1a3a25ae285169838c2`
SHA3	`2025ad6ef9fa127372c9e3f854b91a912e88fbf31158f377ea450a4ea1b4ce01`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.10745`
MD5	`ab73c5036c63974d77ee4e465eadba08`
SHA1	`8af9e2b3f1b60b2d87874ea99e59045d358d7da3`
SHA256	`25002a3cc68f57fac31e009b84ca458a53935bc34a52f9217124b18ef3fd070d`
SHA3	`8456b7bacefa744579cbfdf4f8fe89cc563ce5f7ec2895c4cbbf331f3d1f6307`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.56758`
MD5	`d8e1f80ff535b619e1d18fd8058a47ca`
SHA1	`aac96aa9d288b554dd709e4ff7ea21ba974961ec`
SHA256	`65e4dff96a1166221375a6d07d823e33e89e32b64c718474e9fc788cc3935af2`
SHA3	`3474b39f40fef2eaaa76e14ec72de67c311541576c1ea3da4970899d1b65d15d`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.30361`
MD5	`6379d9b19c755fd82a003f5cf7b1b4e1`
SHA1	`fc2635a97fd597a3852870690c51f45594ed9eae`
SHA256	`8489a85e31dc5567b95e85b76f77c6dba95285651e761d5c1a9e3abcaf20bdd0`
SHA3	`5d7125e6f34b826a8455a01ff874fa0f8aa96a7629225034ae37c4d335de5ecc`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.10902`
MD5	`e2800e83783e4f8233662f9d1cf0467a`
SHA1	`c0c5119ae6056481bfbdd4bd8537741616b0752e`
SHA256	`ad620d5bc8913c01475a2d30419b86d3f00398d24d5e738c5317aa03ac335655`
SHA3	`b96150fe68b3af3cc9e54690afd20bdb34407c57c7f07909ec97694bfdd0f546`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.0884`
MD5	`40f07449845859e8bcaf3ba292a75eb8`
SHA1	`41a692c6fd9cfa8f185b6d3ea12df35ea9ded63e`
SHA256	`57e7a273fd7117a17b467ae8d1023c609ac1ceca4664e4c8b5beb8ae172a3ad4`
SHA3	`ae9368eb05f4b112c1e8f34ad627e43d71cebd095d8d45408a164fe3d28ba161`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.01749`
MD5	`56614a703d7b511b8d9e74e06919a616`
SHA1	`b72f1562d4501f8333c34d3d9d517275f899144d`
SHA256	`3be18e74dfb2afc2c0b6c19c28478af42cb32eefc54e4b0b74d038f995d914bc`
SHA3	`39f555e533005baeb0f32485ee9cc3054ef799e423a0a7608bbfe59df74445a1`

8

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.94752`
MD5	`51cacf50c95eb0da53fd1cf910d043e0`
SHA1	`d401273724a06cd5f6d609cade0fe4241cf5c750`
SHA256	`95b0e08548661983f01093f7c37f9d9b876223fa9fbf36daf9b024bf03c89c6a`
SHA3	`07575b00d2c86954cc6b105846157fd05ea620fd37a2beb645f51149847f35d9`

9

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x6d9b`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.9403`
Detected Filetype	PNG graphic file
MD5	`917811f982b2b9d86561419a41197c71`
SHA1	`63ae88c504ab71e6a2636b817da7a61bcf23300c`
SHA256	`9610e1eb217209e553ace6668ec020561d26995b392c34d573b241aa12a958d2`
SHA3	`ed91ee6274a2575a912f4f1dd28a804bca521d6264e87aa8e8a2ae9e617ddead`

10

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.28161`
MD5	`9cb56898da48813d0a2098bbfc44a5cb`
SHA1	`b144ad0d38129db5096efc34f1d204f172e8792f`
SHA256	`00ec1f008cff7682faf1d17d7b1aa1e02a1c9381e81eb1a3a25ae285169838c2`
SHA3	`2025ad6ef9fa127372c9e3f854b91a912e88fbf31158f377ea450a4ea1b4ce01`

11

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.10745`
MD5	`ab73c5036c63974d77ee4e465eadba08`
SHA1	`8af9e2b3f1b60b2d87874ea99e59045d358d7da3`
SHA256	`25002a3cc68f57fac31e009b84ca458a53935bc34a52f9217124b18ef3fd070d`
SHA3	`8456b7bacefa744579cbfdf4f8fe89cc563ce5f7ec2895c4cbbf331f3d1f6307`

12

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.56758`
MD5	`d8e1f80ff535b619e1d18fd8058a47ca`
SHA1	`aac96aa9d288b554dd709e4ff7ea21ba974961ec`
SHA256	`65e4dff96a1166221375a6d07d823e33e89e32b64c718474e9fc788cc3935af2`
SHA3	`3474b39f40fef2eaaa76e14ec72de67c311541576c1ea3da4970899d1b65d15d`

13

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.30361`
MD5	`6379d9b19c755fd82a003f5cf7b1b4e1`
SHA1	`fc2635a97fd597a3852870690c51f45594ed9eae`
SHA256	`8489a85e31dc5567b95e85b76f77c6dba95285651e761d5c1a9e3abcaf20bdd0`
SHA3	`5d7125e6f34b826a8455a01ff874fa0f8aa96a7629225034ae37c4d335de5ecc`

14

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.10902`
MD5	`e2800e83783e4f8233662f9d1cf0467a`
SHA1	`c0c5119ae6056481bfbdd4bd8537741616b0752e`
SHA256	`ad620d5bc8913c01475a2d30419b86d3f00398d24d5e738c5317aa03ac335655`
SHA3	`b96150fe68b3af3cc9e54690afd20bdb34407c57c7f07909ec97694bfdd0f546`

15

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.0884`
MD5	`40f07449845859e8bcaf3ba292a75eb8`
SHA1	`41a692c6fd9cfa8f185b6d3ea12df35ea9ded63e`
SHA256	`57e7a273fd7117a17b467ae8d1023c609ac1ceca4664e4c8b5beb8ae172a3ad4`
SHA3	`ae9368eb05f4b112c1e8f34ad627e43d71cebd095d8d45408a164fe3d28ba161`

16

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.01749`
MD5	`56614a703d7b511b8d9e74e06919a616`
SHA1	`b72f1562d4501f8333c34d3d9d517275f899144d`
SHA256	`3be18e74dfb2afc2c0b6c19c28478af42cb32eefc54e4b0b74d038f995d914bc`
SHA3	`39f555e533005baeb0f32485ee9cc3054ef799e423a0a7608bbfe59df74445a1`

17

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.94752`
MD5	`51cacf50c95eb0da53fd1cf910d043e0`
SHA1	`d401273724a06cd5f6d609cade0fe4241cf5c750`
SHA256	`95b0e08548661983f01093f7c37f9d9b876223fa9fbf36daf9b024bf03c89c6a`
SHA3	`07575b00d2c86954cc6b105846157fd05ea620fd37a2beb645f51149847f35d9`

18

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x6d9b`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.9403`
Detected Filetype	PNG graphic file
MD5	`917811f982b2b9d86561419a41197c71`
SHA1	`63ae88c504ab71e6a2636b817da7a61bcf23300c`
SHA256	`9610e1eb217209e553ace6668ec020561d26995b392c34d573b241aa12a958d2`
SHA3	`ed91ee6274a2575a912f4f1dd28a804bca521d6264e87aa8e8a2ae9e617ddead`

4 (#2)

Type	`RT_MENU`
Language	English - United States
Codepage	UNKNOWN
Size	`0x144`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.11388`
MD5	`36c191af2ee347ed1cb0d438013d25ba`
SHA1	`1b1333d1f4881d4a56157c0d13c9c3143fcc07b9`
SHA256	`e83f917755f932c46584babd092454075ef1e92e2c976ea164b9c0ac0b1cfecc`
SHA3	`a763b067155adae09f264b3a3a77c7da4a3c96d32d0db85c0b7f2b8fa05fb85d`

109

Type	`RT_MENU`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.71163`
MD5	`2886ccd7dc1bd6dec8413a00b53046a0`
SHA1	`a09dea8ae745541a9d191d42d68510db8f648b5d`
SHA256	`a29831e4a3fac395e2aa86df5a0906ed2beebda018745be869477d636148f7af`
SHA3	`fc89873b946c12a8b176b7eff05b2c4445b56a96c045e40e9d49ecc09a4d0fcb`

103

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x144`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.15857`
MD5	`320e211b75d9bf686a99f2f7f6a6a7b6`
SHA1	`b409f7caaf9e9a1d2859d3c7d3add846602ee6fd`
SHA256	`f8434cd68cd691b8e8dc55467e42204dbf03676220bf9725cad60e569718246f`
SHA3	`2682b16001a1fa54cb9a713b1b67ce2f33e5ad342b2d6388cb5689fe80b8ffea`

7 (#2)

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x50`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.14351`
MD5	`a76aa743ae880b9011491d47a9f3d331`
SHA1	`3b010a19a88cba5237beb3f1e1bba1f568ecce1d`
SHA256	`dae71abacf2a305e7e8849fe26b9bf6a6a2318209c70689c03c2fe09f3ee89b4`
SHA3	`8b7f631c67cc8d4f63dfd70aeb9459f84ca539ebd3591e8576b0f1e02c00a57e`

109 (#2)

Type	`RT_ACCELERATOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.79879`
MD5	`3d2b1af3424dbcd504f73918619c7d99`
SHA1	`10d6ed54ea742211a14a05414883f6c00c03080a`
SHA256	`c2f0c188d6c493d7827bf83fb89c704815796445a0178bb2ae79658d96703a3c`
SHA3	`b8c5f28d2c132e5bc304e4dc1b314a3f32a2e48675c06828a2a8a014ea05e7fb`

107

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.07075`
Detected Filetype	Icon file
MD5	`ead123a47671e7db465208276be64c0d`
SHA1	`9af1de5039f6b0ca33a8bcb669e7ca76ea636fe2`
SHA256	`b5edf55dd95fd6704af83a2619d45a253968a75acb4acb242f28de9743d851ef`
SHA3	`1d4c67e7cd2885b2fc0867f1f4793a3d32301a5747136ac038d0d64ecae6af4a`

108

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.15011`
Detected Filetype	Icon file
MD5	`1410c815778ee002852e57e2646e8a17`
SHA1	`b92ec65dea82f06585d7a965de0f1dc6e962eb78`
SHA256	`6e6955d332fe048801a9584aaa7ac25402f42c03aa25c65a489c725510c0ce48`
SHA3	`a71f2eb51dd40b08471f5b639b9cde63be0fffc47d9c5b56ac72af6f9916f8d1`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x300`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.35843`
MD5	`4c9d78b32d3aa0c31f47e11410425742`
SHA1	`595033b05cfa219b4abbe9a3978218021c0450ef`
SHA256	`c22156de9104550473a2c0996f9f9aed79a9617912c75e78969150dd5b6db412`
SHA3	`5ff085e3e31b3a2c4cbc6a09e2b4d1cea354fd0144587ddac8b54dafa6f19b74`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

String Table contents

SmoothScroll
SMOOTHSCROLL

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.2.4.0
ProductVersion	1.2.4.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	Balázs Galambosi
FileDescription	SmoothScroll
FileVersion (#2)	1.2.4.0
InternalName	SmoothScroll.exe
LegalCopyright	Copyright (C) 2019 Balázs Galambosi
OriginalFilename	SmoothScroll.exe
ProductName	SmoothScroll
ProductVersion (#2)	1.2.4.0

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2020-Jan-08 16:38:13
Version	`0.0`
SizeofData	`97`
AddressOfRawData	`0x1201a4`
PointerToRawData	`0x11eda4`
Referenced File	G:\Shared\Dropbox\Projects\WIN\SmoothScroll\x64\Release\SmoothScroll.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2020-Jan-08 16:38:13
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x120208`
PointerToRawData	`0x11ee08`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2020-Jan-08 16:38:13
Version	`0.0`
SizeofData	`968`
AddressOfRawData	`0x12021c`
PointerToRawData	`0x11ee1c`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2020-Jan-08 16:38:13
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

StartAddressOfRawData	`0x140120608`
EndAddressOfRawData	`0x140120610`
AddressOfIndex	`0x140159c28`
AddressOfCallbacks	`0x1400ee108`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x100`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140141080`

RICH Header

XOR Key	`0xbc04e94f`
Unmarked objects	`0`
ASM objects (26213)	`13`
C++ objects (26213)	`206`
ASM objects (VS 2015/2017 runtime 26706)	`9`
C objects (VS 2015/2017 runtime 26706)	`38`
C++ objects (VS 2015/2017 runtime 26706)	`130`
C objects (26213)	`23`
C objects (CVTCIL) (26213)	`1`
Imports (26213)	`26`
Imports (VS2017 v15.8.5-8 compiler 26730)	`3`
Total imports	`360`
C objects (VS2015 UPD3.1 build 24215)	`6`
C++ objects (LTCG) (VS2017 v15.9.12-13 compiler 27031)	`40`
Resource objects (VS2017 v15.9.12-13 compiler 27031)	`1`
151	`1`
Linker (VS2017 v15.9.12-13 compiler 27031)	`1`

88372e4fdbc7838560b7742f23726aa2

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

.rsrc

.reloc

Imports

Delayed Imports

FEEDURL

DSAPUB

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

4 (#2)

109

103

7 (#2)

109 (#2)

107

108

1 (#2)

1 (#3)

String Table contents

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

IMAGE_DEBUG_TYPE_POGO

IMAGE_DEBUG_TYPE_ILTCG

TLS Callbacks

Load Configuration

RICH Header

Errors