Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
Compilation Date | 2023-May-26 17:04:44 |
Detected languages |
English - United States
|
Comments | 9JErntmjT1qvCOlVor7dVkt9i9QjP3 |
CompanyName | Spotify Technology S.A. |
FileDescription | Spotify Technology S.A. Product |
FileVersion | 6,850,13,224 |
InternalName | b9OSBI0lJo |
LegalCopyright | Copyright © Spotify Technology S.A. All rights reserved. |
LegalTrademarks | Trademark © Spotify Technology S.A. |
OriginalFilename | 6aqP1A0g |
ProductName | FojM0t5U5bWp |
ProductVersion | 6,850,13,224 |
Info | Matching compiler(s): | Microsoft Visual C++ 6.0 - 8.0 |
Suspicious | The PE is possibly packed. | Unusual section name found: .VMdVV |
Info | The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
|
Suspicious | The file contains overlay data. | 2 bytes of data starting at offset 0x2d078. |
Malicious | The PE's digital signature is invalid. |
Signer: ESET
Issuer: Entrust Extended Validation Code Signing CA - EVCS1 The file was modified after it was signed. |
Malicious | VirusTotal score: 46/72 (Scanned on 2023-05-29 06:00:16) |
Bkav:
W32.AIDetectMalware
Lionic: Trojan.Win32.Generic.4!c Elastic: malicious (high confidence) DrWeb: Trojan.Siggen19.32857 Cynet: Malicious (score: 99) McAfee: Artemis!0857E337064C Cylance: unsafe Sangfor: Trojan.Win32.Agent.V74u K7AntiVirus: Trojan ( 005a5f491 ) BitDefender: Trojan.GenericKD.67249557 K7GW: Trojan ( 005a5f491 ) Cyren: W32/Kryptik.JXI.gen!Eldorado Symantec: ML.Attribute.HighConfidence ESET-NOD32: a variant of Win32/Kryptik.HTQF APEX: Malicious Kaspersky: HEUR:Trojan-Spy.Win32.Stealer.gen Alibaba: TrojanSpy:Win32/Stealer.8c69b519 MicroWorld-eScan: Trojan.GenericKD.67249557 Avast: Win32:CrypterX-gen [Trj] Rising: Backdoor.Agent!8.C5D (TFE:5:Npy7Ou96UxJ) Emsisoft: Trojan.GenericKD.67249557 (B) F-Secure: Trojan.TR/AD.Nekark.aexwh VIPRE: Trojan.GenericKD.67249557 McAfee-GW-Edition: BehavesLike.Win32.Expiro.ch Trapmine: malicious.high.ml.score FireEye: Generic.mg.0857e337064c236b Sophos: Mal/Generic-S Ikarus: Trojan.Win32.Crypt Avira: TR/AD.Nekark.aexwh Antiy-AVL: Trojan/Win32.Kryptik Microsoft: Trojan:Win32/CerberCrypt.B!MTB Arcabit: Trojan.Generic.D4022595 GData: Win32.Trojan.PSE.1DR8PBG Google: Detected AhnLab-V3: Trojan/Win.Generic.R582259 ALYac: Trojan.GenericKD.67249557 MAX: malware (ai score=88) VBA32: BScope.TrojanPSW.RedLine Malwarebytes: Spyware.RedLineStealer Panda: Trj/Genetic.gen TrendMicro-HouseCall: TROJ_GEN.R002H0DEQ23 Tencent: Malware.Win32.Gencirc.10bee350 Fortinet: MSIL/Disabler.DR!tr AVG: Win32:CrypterX-gen [Trj] DeepInstinct: MALICIOUS CrowdStrike: win/malicious_confidence_100% (W) |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xe8 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 5 |
TimeDateStamp | 2023-May-26 17:04:44 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 9.0 |
SizeOfCode | 0x1ea00 |
SizeOfInitializedData | 0xb800 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x00006C42 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x21000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 5.0 |
ImageVersion | 0.0 |
SubsystemVersion | 5.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x2e000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
WriteConsoleW
GetLocaleInfoW CreateFileA GetNativeSystemInfo GetModuleHandleA MultiByteToWideChar SetStdHandle GetProcAddress InterlockedIncrement InterlockedDecrement WideCharToMultiByte Sleep InterlockedExchange InitializeCriticalSection DeleteCriticalSection EnterCriticalSection LeaveCriticalSection RtlUnwind TerminateProcess GetCurrentProcess UnhandledExceptionFilter SetUnhandledExceptionFilter IsDebuggerPresent RaiseException GetCommandLineA GetLastError HeapFree GetCPInfo LCMapStringA LCMapStringW GetModuleHandleW TlsGetValue TlsAlloc TlsSetValue TlsFree SetLastError GetCurrentThreadId HeapAlloc ExitProcess WriteFile GetStdHandle GetModuleFileNameA FreeEnvironmentStringsA GetEnvironmentStrings FreeEnvironmentStringsW GetEnvironmentStringsW SetHandleCount GetFileType GetStartupInfoA HeapCreate VirtualFree QueryPerformanceCounter GetTickCount GetCurrentProcessId GetSystemTimeAsFileTime VirtualAlloc HeapReAlloc GetConsoleCP GetConsoleMode FlushFileBuffers ReadFile SetFilePointer CloseHandle HeapSize GetACP GetOEMCP IsValidCodePage GetUserDefaultLCID GetLocaleInfoA EnumSystemLocalesA IsValidLocale GetStringTypeA GetStringTypeW LoadLibraryA InitializeCriticalSectionAndSpinCount WriteConsoleA GetConsoleOutputCP |
---|---|
USER32.dll |
GetActiveWindow
LoadCursorA MessageBoxA wsprintfA GetDlgItemTextA CheckDlgButton |
GDI32.dll |
GetStockObject
DeleteObject SetBkMode SetTextColor CreateFontIndirectA SelectObject GetObjectA |
ADVAPI32.dll |
RegDeleteKeyA
|
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 6.850.13.224 |
ProductVersion | 6.850.13.224 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | English - United States |
Comments | 9JErntmjT1qvCOlVor7dVkt9i9QjP3 |
CompanyName | Spotify Technology S.A. |
FileDescription | Spotify Technology S.A. Product |
FileVersion (#2) | 6,850,13,224 |
InternalName | b9OSBI0lJo |
LegalCopyright | Copyright © Spotify Technology S.A. All rights reserved. |
LegalTrademarks | Trademark © Spotify Technology S.A. |
OriginalFilename | 6aqP1A0g |
ProductName | FojM0t5U5bWp |
ProductVersion (#2) | 6,850,13,224 |
Resource LangID | English - United States |
---|
Size | 0x48 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x4294d0 |
SEHandlerTable | 0x424420 |
SEHandlerCount | 28 |
XOR Key | 0x817315f7 |
---|---|
Unmarked objects | 0 |
ASM objects (VS2008 build 21022) | 21 |
C++ objects (VS2008 build 21022) | 54 |
C objects (VS2008 build 21022) | 132 |
Imports (VS2012 build 50727 / VS2005 build 50727) | 6 |
Imports (VS2003 (.NET) build 4035) | 3 |
Total imports | 103 |
C++ objects (VS2008 SP1 build 30729) | 1 |
Linker (VS2008 build 21022) | 1 |
Resource objects (VS2008 SP1 build 30729) | 1 |