1ec771017bd1aec7f7fec4ad2547c043

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2018-Jan-11 18:59:07
Detected languages English - United States
Debug artifacts Y:\work\80d8bf0ac6046a03\shell\build\desktop\Installer\_win32\installer2\Release\installer_stub.pdb
CompanyName Spotify Ltd
FileDescription SpotifyInstaller
FileVersion 0,0,0,0
InternalName SpotifyInstaller
LegalCopyright Copyright (c) 2018, Spotify Ltd
OriginalFilename SpotifyInstaller.exe
ProductName Spotify
ProductVersion 1.0.72.117.g6bd7cc73

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 6.0 - 8.0
Info Interesting strings found in the binary: Contains domain names:
  • https://download.scdn.co
  • https://download.scdn.co/SpotifyFullSetup.exe
  • https://www.spotify.com
  • https://www.spotify.com/download
  • spotify.com
  • www.spotify.com
Info Cryptographic algorithms detected in the binary: Uses constants related to SHA1
Malicious The PE contains functions mostly used by malware. [!] The program may be hiding some of its imports:
  • LoadLibraryExA
  • GetProcAddress
  • LoadLibraryW
  • LoadLibraryExW
 Functions which can be used for anti-debugging purposes:
  • FindWindowA
 Code injection capabilities (PowerLoader):
  • GetWindowLongW
  • FindWindowA
 Can access the registry:
  • RegSetValueExW
  • RegOpenKeyExW
  • RegCreateKeyExW
 Possibly launches other programs:
  • ShellExecuteW
  • CreateProcessW
 Can create temporary files:
  • GetTempPathW
  • CreateFileW
 Functions related to the privilege level:
  • OpenProcessToken
 Manipulates other processes:
  • OpenProcess
Info The PE is digitally signed. Signer: Spotify AB
Issuer: DigiCert SHA2 Assured ID Code Signing CA
Safe VirusTotal score: 0/68 (Scanned on 2019-11-27 16:28:06) All the AVs think this file is safe.

Hashes

MD5 1ec771017bd1aec7f7fec4ad2547c043
SHA1 e6b116193d5cd3ddbde9e711cb36b290b65da762
SHA256 db6fe273fc08f0568538b1f4a6426147f9b151b559dbca11c56e70cf151fdff0
SHA3 68d4ad065e15a466433b6a2766693886ca697d2f4b2c59fffae24728f91caa34
SSDeep 12288:PyZLvfIItPXLI+KFrDFCyDcvWzp7QCEbP7MpyHdiHxBbsK0l4D/pLX6eqdVK:PyZ0uPXLKDFCyDcvWzp7QCEbP7MCi/QC
Imports Hash b8387ac5129bd65c9f55f3ea38c5c06c

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x118

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 5
TimeDateStamp 2018-Jan-11 18:59:07
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 14.0
SizeOfCode 0x67400
SizeOfInitializedData 0x48800
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0003FF71 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x69000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0xb3000
SizeOfHeaders 0x400
Checksum 0xbb97d
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 e05af5bcb695d56b8a5253851eeeef28
SHA1 3357f31ec878bdbea61e7f653a405c54f7987f2c
SHA256 ade6e5f429d05ede00830c1b5558ee8e4121c7471707bc006c505b07097656fa
SHA3 a06693a88c428de0a2457d1e5d24a63f0584b93e42c825ab90f297ebd666496d
VirtualSize 0x67316
VirtualAddress 0x1000
SizeOfRawData 0x67400
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.62091

.rdata

MD5 53f48911c1fe78e8f4234ce08c2ef88e
SHA1 c15f5ffb5df68900145acb394413282383c939d7
SHA256 ec97a7e19c34ad3739715dac4aee320dab2593cc8a1f72176a7c3962b04cae41
SHA3 e6dab12f0bc9f81ad04284caf517e53fefdb0fec56ae670ee30b24693d2791d2
VirtualSize 0x32bd0
VirtualAddress 0x69000
SizeOfRawData 0x32c00
PointerToRawData 0x67800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.72012

.data

MD5 8717905ab4bd82fe0740c11b5710220f
SHA1 ae9a7266d8f6907d599e58a0ed43719b35ed925f
SHA256 6eb9745f30e2888315cb6d861eb17cd97a44f7869f84979b362ac6f134cac2a0
SHA3 a7ba550b6bfa13a19e8a3598504a4c4f2cdc337bfa65908f2c6dc753c6bb47d0
VirtualSize 0x8c28
VirtualAddress 0x9c000
SizeOfRawData 0x7a00
PointerToRawData 0x9a400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.7953

.tls

MD5 1f354d76203061bfdd5a53dae48d5435
SHA1 aa0d33a0c854e073439067876e932688b65cb6a9
SHA256 4c6474903705cb450bb6434c29e8854f17d8324efca1fdb9ee9008599060883a
SHA3 991fbbd46bbd69198269fe6c247d440e0f8a7d38259b7a1e04b74790301d1d2b
VirtualSize 0x9
VirtualAddress 0xa5000
SizeOfRawData 0x200
PointerToRawData 0xa1e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.0203931

.rsrc

MD5 d4613198480648100c395c446d5284d0
SHA1 a0b87db316fa38106b2a5e16f5e0b990f2031187
SHA256 86bb29871648ecda34ac567968678173088596478baac786b1573448ec637a69
SHA3 3c84193e2f0ae9b0b04f291df98a757514ffb9bd42bfcbc5859163ac0d235f2b
VirtualSize 0xcaa8
VirtualAddress 0xa6000
SizeOfRawData 0xcc00
PointerToRawData 0xa2000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 6.88197

Imports

COMCTL32.dll InitCommonControlsEx
SHELL32.dll ShellExecuteExW
SHGetFolderPathW
SHChangeNotify
ShellExecuteW
KERNEL32.dll WriteFile
CloseHandle
GetLastError
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
CreateMutexW
OpenMutexW
Sleep
GetCurrentProcess
TerminateProcess
GetExitCodeProcess
CreateProcessW
OpenProcess
GetLocalTime
GetTickCount
GetModuleFileNameW
LoadLibraryExA
VerifyVersionInfoW
CompareStringW
MultiByteToWideChar
WideCharToMultiByte
SetEvent
CreateEventW
CreateThread
GetModuleHandleW
CreateDirectoryW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesW
RemoveDirectoryW
GetCurrentProcessId
MoveFileExW
GetFileSize
SetEndOfFile
SetFilePointer
GetTempPathW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetLocaleInfoA
GetUserDefaultUILanguage
GetProcAddress
CreateFileW
VerSetConditionMask
SetFilePointerEx
DeviceIoControl
LCMapStringW
AreFileApisANSI
LocalFree
FormatMessageA
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
GetTimeZoneInformation
GetProcessHeap
ReadFile
VirtualQuery
GetConsoleMode
GetConsoleCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
LoadLibraryW
GetCommandLineW
GetFileType
GetACP
GetStdHandle
GetModuleHandleExW
ExitProcess
ReadConsoleW
HeapSize
WriteConsoleW
GetSystemInfo
VirtualProtect
DeleteCriticalSection
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetLocaleInfoW
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
ResetEvent
WaitForSingleObjectEx
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
InitializeSListHead
RaiseException
RtlUnwind
FreeLibrary
LoadLibraryExW
HeapAlloc
HeapReAlloc
HeapFree
USER32.dll wsprintfW
LoadIconW
LoadCursorW
SetWindowLongW
GetWindowLongW
MessageBoxW
AdjustWindowRect
SetTimer
SetDlgItemTextW
GetDlgItem
ShowWindow
CreateWindowExW
RegisterClassExW
DefWindowProcW
PostMessageW
SendMessageW
DispatchMessageW
TranslateMessage
GetMessageW
GetWindowThreadProcessId
FindWindowA
SendMessageTimeoutA
wsprintfA
GetActiveWindow
GetSystemMetrics
GDI32.dll GetStockObject
ole32.dll CoCreateGuid
CoCreateInstance
CoInitializeEx
OLEAUT32.dll #6
#2
ADVAPI32.dll OpenProcessToken
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
GetTokenInformation
VERSION.dll (delay-loaded) GetFileVersionInfoW
VerQueryValueA
GetFileVersionInfoSizeW

Delayed Imports

Attributes 0x1
Name VERSION.dll
ModuleHandle 0xa3c5c
DelayImportAddressTable 0xa37f4
DelayImportNameTable 0x9ac44
BoundDelayImportTable 0x9ad10
UnloadDelayImportTable 0
TimeStamp 1970-Jan-01 00:00:00

1

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x6711
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.95054
Detected Filetype PNG graphic file
MD5 52826c5b4a72adb26f67c30ba780f396
SHA1 522c3567e038979973ef7f63665c291a4f5e37aa
SHA256 06493a6e382ee46e117bb15c3dc267263c1c949530654bd2d368038dbf3e6035
SHA3 242eb9ec574a12437758b5c5561e567a227ba27c49d637a239ebb9e7222d6b92

2

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0xea8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.27516
MD5 abad7923c0a4623db0a8232385769110
SHA1 cafbe507c314dd74bbc2837e32e32074b196a9c8
SHA256 4803e8afa42689916d7870633187d26e82aa00b38fe29fba59709ddd0ddbbbb1
SHA3 a38dab8e5dd49d5d8a7553715d678c3697391928cb4b397c97864d518b65155b

3

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x25a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.34987
MD5 b1e7e5bfdbca7b1c79e47303fbd3966c
SHA1 5f68f28327f0cca7bad8711bbab0345dceedd9b3
SHA256 e455ddbd064df603f8e5d1d0c91f32eb70935a56f40be5d9200e78b910952b0b
SHA3 d853889fe625188389a64451185d24b9e15ee7ac7c764bba1d4c573ed261376b

4

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x8a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.78692
MD5 7067ff264ec2c3d252dc7d2d4e14ecee
SHA1 76174807782c89015ba82ce67527c9d8d395451a
SHA256 14df388478d483c4315fb04596973c4b86dc3526f0655846b94f750622cc2978
SHA3 d081afb3eb4d6efe81a12c93a00666e2d5a5ffb4e87a8acb33cfa325ad7608b3

5

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x10a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.64444
MD5 d2942847603a0284e5b199748fe7d6bc
SHA1 510e2be55d0581fcea7b179f63a1c0de86a8b275
SHA256 3710fa206198bbaa08853d2eead288afa8b97c9d7c5079cd5b39348056b686fd
SHA3 e0f65538f2ec5d95f9817ea76cf2062f668b2c861f9d887b452afc77dcd3ad47

6

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x568
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.17299
MD5 bb4474c76bd774926b1ff0b86b1b5949
SHA1 564d80dafcda87f92c3cb54421c841cffffb21f3
SHA256 7281b82fb28802462e74099d565ba1998a54da36eed7137ac35203873c555064
SHA3 e00b861832d4ebc3376efe7ebb3163bbe11ef2f86a7e7d3181881aae7d963c8f

7

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x468
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.12732
MD5 0d5fa4f26b3e9d9234cedf9f0da6b3e5
SHA1 15abcc16bc4708a8e9d8c6e562bbfefbb46ad269
SHA256 d76270e5dbeae9e9bc958929821d06b33a171a6a9a5efdb9df08621248f2029f
SHA3 d7dc7ffe0299757afffb2c3edbb80f1d24cccd100f6b22f7718c4e48438d4157

1 (#2)

Type RT_GROUP_ICON
Language English - United States
Codepage UNKNOWN
Size 0x68
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.71858
Detected Filetype Icon file
MD5 f52ec013da9c6c444621141809dce2aa
SHA1 60ac40112939a0802da8d420e39b5fb7c87f6f35
SHA256 6563ee4b0fc3f7f741fc757de6e325e4429fe150419ceb24c0e50f62b53a63f3
SHA3 af638f74320b9b36f06467bbc742aee16416f175750cbdd2ad0efb52486b23ef

1 (#3)

Type RT_VERSION
Language English - United States
Codepage UNKNOWN
Size 0x384
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.01042
MD5 779db716caad644c24d3bb6dd74f4f54
SHA1 e8f3e5aeac0a0cb64e8cd964e149616a2f9fe0b0
SHA256 9b688db0d46beaa893478a1d4d0484719d266cecb484198f2629f1bd1126a63f
SHA3 4295a13be8f795bf3e472267c63bd7ef92c7e9af3b223ddab19d061ed80b212f

1 (#4)

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x5df
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.14868
MD5 a02f53bf7b0ddc1cc4f310d7410199a4
SHA1 5359e08d3b8657bc65e3e94b44197ed52cdae1b7
SHA256 c1f7ac133506121fb0efaaedb28ba2a26248f23947bb040ee50f295cd2c127b4
SHA3 03eecc3f6def85c95f0c4929ad976459847ad86dee534492727c54336923cef8

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 1.0.72.117
ProductVersion 0.0.0.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language UNKNOWN
CompanyName Spotify Ltd
FileDescription SpotifyInstaller
FileVersion (#2) 0,0,0,0
InternalName SpotifyInstaller
LegalCopyright Copyright (c) 2018, Spotify Ltd
OriginalFilename SpotifyInstaller.exe
ProductName Spotify
ProductVersion (#2) 1.0.72.117.g6bd7cc73
Resource LangID English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2018-Jan-11 18:59:07
Version 0.0
SizeofData 124
AddressOfRawData 0x95430
PointerToRawData 0x93c30
Referenced File Y:\work\80d8bf0ac6046a03\shell\build\desktop\Installer\_win32\installer2\Release\installer_stub.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics 0
TimeDateStamp 2018-Jan-11 18:59:07
Version 0.0
SizeofData 20
AddressOfRawData 0x954ac
PointerToRawData 0x93cac

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2018-Jan-11 18:59:07
Version 0.0
SizeofData 1040
AddressOfRawData 0x954c0
PointerToRawData 0x93cc0

TLS Callbacks

StartAddressOfRawData 0x4a5000
EndAddressOfRawData 0x4a5008
AddressOfIndex 0x4a434c
AddressOfCallbacks 0x46949c
SizeOfZeroFill 0
Characteristics IMAGE_SCN_ALIGN_4BYTES
Callbacks (EMPTY)

Load Configuration

Size 0x68
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x49c0e4
SEHandlerTable 0x494fa0
SEHandlerCount 292

RICH Header

XOR Key 0x979165bb
Unmarked objects 0
ASM objects (24610) 13
C++ objects (24610) 161
C objects (24610) 22
199 (41118) 1
ASM objects (24723) 22
C objects (24723) 34
262 (24610) 3
Imports (24610) 17
Total imports 194
C++ objects (24723) 62
C objects (VS2017 v15.2 compiler 25019) 2
C++ objects (VS2017 v15.2 compiler 25019) 23
Resource objects (VS2017 v15.2 compiler 25019) 1
Linker (VS2017 v15.2 compiler 25019) 1

Errors

<-- -->